| Summary: | <net-libs/libssh-0.6.3 : Improper initialization of PRNG after fork() (CVE-2014-0017) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | minor | CC: | netmon |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1072191 | ||
| Whiteboard: | B4 [glsa] | ||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | 488696 | ||
| Bug Blocks: | |||
+*libssh-0.6.3 (05 Mar 2014) + + 05 Mar 2014; Lars Wendler <polynomial-c@gentoo.org> -libssh-0.6.0.ebuild, + +libssh-0.6.3.ebuild: + Security bump (bug #503504). Removed old. + I've asked upstream and they said libssh-0.5.x is affected as well. We still haven't all arches catching up with libssh-0.5.x (see bug #488696): KEYWORDS.dropped 2 net-libs/libssh/libssh-0.6.3.ebuild: ppc ppc64 s390 sparc x86-fbsd Arches, please test and stabilise: =net-libs/libssh-0.6.3 Target KEYWORDS="amd64 ppc ppc64 x86". amd64 stable x86 stable ppc stable ppc64 stable. Maintainer(s), please cleanup. Security, please vote. (In reply to Agostino Sarubbo from comment #6) > ppc64 stable. > > Maintainer(s), please cleanup. > Security, please vote. Sparc keywording is missing to cleanup... Maintainers, can ~sparc be keyworded so we can drop vulnerable versions: 0.5.5 & 0.6.1 (In reply to Yury German from comment #8) > Maintainers, can ~sparc be keyworded so we can drop vulnerable versions: > > 0.5.5 & 0.6.1 Ping! We still need to do this, if we are to close this bug (and security hole). Thank you! CVE-2014-0017 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0017): The RAND_bytes function in libssh before 0.6.3, when forking is enabled, does not properly reset the state of the OpenSSL pseudo-random number generator (PRNG), which causes the state to be shared between children processes and allows local users to obtain sensitive information by leveraging a pid collision. 07 Jul 2014; Jeroen Roovers <jer@gentoo.org> -libssh-0.5.5.ebuild, -libssh-0.6.1.ebuild, -files/libssh-0.5.0-no-pdf-doc.patch, -files/libssh-0.6.0-libgcrypt-1.6.0.patch: Old. Maintainer(s), Thank you for cleanup! GLSA Vote: Yes YES too, request filed. This issue was resolved and addressed in GLSA 201408-03 at http://security.gentoo.org/glsa/glsa-201408-03.xml by GLSA coordinator Mikle Kolyada (Zlogene). |
From ${URL} : A flaw was found in libssh server. When accepting a new connection, the server forks and the child process handles the request. The RAND_bytes() function of openssl doesn't reset its state after the fork, but simply adds the current process id (getpid) to the PRNG state, which is not guaranteed to be unique. The most important consequence is that servers using EC (ECDSA) or DSA certificates may under certain conditions leak their private key. Public via: http://git.libssh.org/projects/libssh.git/commit/?id=e99246246b4061f7e71463f8806b9dcad65affa0 This issue is addressed in upstream release of libssh-0.6.3: http://www.libssh.org/2014/03/04/libssh-0-6-3-security-release/ @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.