Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug
Bug#: 146375
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Sune Kloppenborg Jeppesen <jaervosz@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 146375 depends on: Show dependency tree
Bug 146375 blocks: 146438

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2006-09-05 05:17 0000 
OpenSSL Security Advisory [5th September 2006]

RSA Signature Forgery (CVE-2006-4339)
=====================================

Vulnerability
-------------

Daniel Bleichenbacher recently described an attack on PKCS #1 v1.5
signatures. If an RSA key with exponent 3 is used it may be possible
to forge a PKCS #1 v1.5 signature signed by that key. Implementations
may incorrectly verify the certificate if they are not checking for
excess data in the RSA exponentiation result of the signature.

Since there are CAs using exponent 3 in wide use, and PKCS #1 v1.5 is
used in X.509 certificates, all software that uses OpenSSL to verify
X.509 certificates is potentially vulnerable, as well as any other use
of PKCS #1 v1.5. This includes software that uses OpenSSL for SSL or
TLS.

OpenSSL versions up to 0.9.7j and 0.9.8b are affected.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2006-4339 to this issue.

Recommendations
---------------

There are multiple ways to avoid this vulnerability.  Any one of the
following measures is sufficient.

1.  Upgrade the OpenSSL server software.

    The vulnerability is resolved in the following versions of OpenSSL:

     - in the 0.9.7 branch, version 0.9.7k (or later);
     - in the 0.9.8 branch, version 0.9.8c (or later).

    OpenSSL 0.9.8c and OpenSSL 0.9.7k are available for download via
    HTTP and FTP from the following master locations (you can find the
    various FTP mirrors under http://www.openssl.org/source/mirror.html):

        o http://www.openssl.org/source/
        o ftp://ftp.openssl.org/source/

    The distribution file names are:

        o openssl-0.9.8c.tar.gz
          MD5 checksum: 78454bec556bcb4c45129428a766c886
          SHA1 checksum: d0798e5c7c4509d96224136198fa44f7f90e001d

        o openssl-0.9.7k.tar.gz
          MD5 checksum: be6bba1d67b26eabb48cf1774925416f
          SHA1 checksum: 90056b8f5e518edc9f74f66784fbdcfd9b784dd2

    The checksums were calculated using the following commands:

        openssl md5 openssl-0.9*.tar.gz
        openssl sha1 openssl-0.9*.tar.gz

2.  If this version upgrade is not an option at the present time,
    alternatively the following patch may be applied to the OpenSSL
    source code to resolve the problem.  The patch is compatible with
    the 0.9.7, 0.9.8, and 0.9.9 branches of OpenSSL.

        o http://www.openssl.org/news/patch-CVE-2006-4339.txt

Whether you choose to upgrade to a new version or to apply the patch,
make sure to recompile any applications statically linked to OpenSSL
libraries.


Acknowledgements
----------------

The OpenSSL team thank Philip Mackenzie, Marius Schilder, Jason Waddle
and Ben Laurie, of Google Security, who successfully forged various
certificates, showing OpenSSL was vulnerable, and provided the patch
to fix the problems.


References
----------

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339

URL for this Security Advisory:
http://www.openssl.org/news/secadv_20060905.txt

------- Comment #1 From Sune Kloppenborg Jeppesen 2006-09-05 05:18:36 0000 ------- 
base-system please advise.

------- Comment #2 From SpanKY 2006-09-05 08:10:44 0000 ------- 
both versions now in portage

------- Comment #3 From Sune Kloppenborg Jeppesen 2006-09-05 09:07:10 0000 ------- 
Arches please test and mark stable.

------- Comment #4 From Joe Jezak 2006-09-05 09:32:47 0000 ------- 
Marked ppc stable.

------- Comment #5 From Mike Doty 2006-09-05 09:55:44 0000 ------- 
amd64 stable, w00t w00t

------- Comment #6 From Jason Wever (RETIRED) 2006-09-05 10:41:29 0000 ------- 
openssl-0.9.7k stable on sparc.

------- Comment #7 From Markus Rothe 2006-09-05 11:15:33 0000 ------- 
0.9.8c stable on ppc64

------- Comment #8 From Thomas Cort (RETIRED) 2006-09-05 12:21:22 0000 ------- 
alpha stable.

------- Comment #9 From Joshua Jackson 2006-09-05 20:55:34 0000 ------- 
x86 stable. ^.^

------- Comment #10 From Joshua Jackson 2006-09-05 20:56:14 0000 ------- 
removing x86 as I forgot.

------- Comment #11 From Sune Kloppenborg Jeppesen 2006-09-06 07:49:04 0000 ------- 
*** Bug 146557 has been marked as a duplicate of this bug. ***

------- Comment #12 From Sebastian 2006-09-06 09:46:07 0000 ------- 
Hi all,

since the update I can't use https/sasl anymore. You can read the full story
here: http://forums.gentoo.org/viewtopic-t-495860.html

I reemerged dev-libs/openssl-0.9.7j with above patch applied and now it works
again.

I hope this just happens on my box. :-)

S.

------- Comment #13 From Wolf Giesen (RETIRED) 2006-09-06 13:02:15 0000 ------- 
No, it doesn't. I got hosed, too. Still checking the details :/

------- Comment #14 From Raphael Marichez 2006-09-07 11:35:23 0000 ------- 
> No, it doesn't. I got hosed, too. Still checking the details :/
> 


https works nicefully here (x86)


NB HPPA: we're just waiting for you before issuing the GLSA. Something wrong ?

------- Comment #15 From Wolf Giesen (RETIRED) 2006-09-07 12:12:42 0000 ------- 
Yeah, blooper with qca-tls. I needed 1.0-r3 (~x86, stable wouldn't compile).

------- Comment #16 From Gustavo Zacarias (RETIRED) 2006-09-07 12:36:21 0000 ------- 
0.9.7k hppa stable.

------- Comment #17 From Sune Kloppenborg Jeppesen 2006-09-07 21:50:15 0000 ------- 
GLSA 200609-05

------- Comment #18 From Frido Ferdinand 2006-09-11 10:32:07 0000 ------- 
Hi,

i'm getting some different answers from a lot of folks, so maybe someone here
could advise me. If i update 0.9.7i and update to 0.9.7j, would i need to
revdep-rebuild everything or are they binary compatible ?

------- Comment #19 From SpanKY 2006-09-11 11:16:38 0000 ------- 
all 0.9.6 versions are ABI compat with each other

all 0.9.7 versions are ABI compat with each other

all 0.9.8 versions are ABI compat with each other

etc...

------- Comment #20 From Sune Kloppenborg Jeppesen 2006-09-14 16:17:28 0000 ------- 
*** Bug 146421 has been marked as a duplicate of this bug. ***
Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug