Summary: | <net-misc/stunnel-4.56-r1: OpenSSL and CONNECT Protocol Negotiation NTLM Authentication Vulnerabilities (CVE-2012-2686,CVE-2013-{0166,0169,1762}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | blueness, dschridde+gentoobugs, ramereth |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://secunia.com/advisories/52460/ | ||
Whiteboard: | B2 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 476674 | ||
Bug Blocks: |
Description
Agostino Sarubbo
2013-03-04 14:36:36 UTC
CVE-2013-0169 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0169): The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue. CVE-2013-0166 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0166): OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key. CVE-2012-2686 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2686): crypto/evp/e_aes_cbc_hmac_sha1.c in the AES-NI functionality in the TLS 1.1 and 1.2 implementations in OpenSSL 1.0.1 before 1.0.1d allows remote attackers to cause a denial of service (application crash) via crafted CBC data. CVE-2013-1762 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1762): stunnel 4.21 through 4.54, when CONNECT protocol negotiation and NTLM authentication are enabled, does not correctly perform integer conversion, which allows remote proxy servers to execute arbitrary code via a crafted request that triggers a buffer overflow. I think this is fixed in 4.55. (In reply to comment #3) > I think this is fixed in 4.55. P.S: 4.56 fixes a regression introduced in 4.55 and the website changed to stunnel.org. I just took maintainership and landed stunnel-4.56 with a fix for bug #451014 which was still outstanding. Please test and I'll shoot for rapid stabilization in a few days. We have to get the older versions off the tree. (In reply to Anthony Basile from comment #5) > I just took maintainership and landed stunnel-4.56 with a fix for bug > #451014 which was still outstanding. > > Please test and I'll shoot for rapid stabilization in a few days. We have > to get the older versions off the tree. It has been more than a few days: KEYWORDS="alpha amd64 arm hppa ia64 ppc ppc64 s390 sparc x86" (In reply to Anthony Basile from comment #6) > (In reply to Anthony Basile from comment #5) > > I just took maintainership and landed stunnel-4.56 with a fix for bug > > #451014 which was still outstanding. > > > > Please test and I'll shoot for rapid stabilization in a few days. We have > > to get the older versions off the tree. > > It has been more than a few days: > > KEYWORDS="alpha amd64 arm hppa ia64 ppc ppc64 s390 sparc x86" Please don't make everyone read a couple of comments and combine what they think might be what you're hinting at with elements from the Summary to come up with their own concatenation of what should be the atom you're looking for. Just put it on a single line and in the Summary: Arch teams, please test and mark stable: =net-misc/stunnel-4.56 Stable KEYWORDS : alpha amd64 arm hppa ia64 ppc ppc64 s390 sparc x86 Arch teams, bug #476674 blocking this has been fixed. Please proceed with testing and stabilization of =net-misc/stunnel-4.56-r1 Stable KEYWORDS : alpha amd64 arm hppa ia64 ppc ppc64 s390 sparc x86 Stable for HPPA. amd64 stable x86 stable ppc stable ppc64 stable alpha stable arm stable ia64 stable sparc stable stunnel-3.26 shouldn't be affected by this. The mentioned features don't exist in that version. s390 stable GLSA request filed. This issue was resolved and addressed in GLSA 201402-08 at http://security.gentoo.org/glsa/glsa-201402-08.xml by GLSA coordinator Mikle Kolyada (Zlogene). |