|Summary:||<dev-libs/nss-3.21-r2: Weak RSA-MD5 signature allows attack on client certificate authentication (part of SLOTH attack), miscalculations in bignum lib (CVE-2015-7575, CVE-2016-1938)|
|Product:||Gentoo Security||Reporter:||Hanno Böck <hanno>|
|Component:||Vulnerabilities||Assignee:||Gentoo Security <security>|
|Whiteboard:||A3 [glsa cve blocked]|
|Package list:||Runtime testing required:||---|
|Bug Depends on:||604916|
Description Hanno Böck 2016-01-06 16:00:20 UTC
A new paper by the PROSECCO/INRIA research team published at Real World Crypto uncovered various issues with weak hash functions. One of them is a client impersonation attack enabled by the fact that nss will accept RSA-MD5 signatures for client authentication. nss 3.21 fixes this. nss 3.21 is already in the tree, but not yet stabilized. The Mozilla upstream bug report is still private: https://bugzilla.mozilla.org/show_bug.cgi?id=1158489 We should stabilize nss 3.21.
Comment 1 Sebastian Pipping 2016-01-06 18:58:40 UTC
According to what  reads right now, these Gentoo packages are also affected: net-libs/mbedtls-2.1.3 net-libs/polarssl (all versions) dev-java/oracle-jdk-bin:1.8 dev-java/oracle-jre-bin:1.8 Should those be dedicated bug reports or should this very ticket handle them all?  http://www.mitls.org/pages/attacks/SLOTH#disclosure
Comment 2 Kristian Fiskerstrand 2016-01-07 09:27:36 UTC
(In reply to Sebastian Pipping from comment #1) > > Should those be dedicated bug reports or should this very ticket handle them > all? The cleanest by far is dedicated bug reports and blocking a tracker bug for the overall issue.
Comment 3 Ian Stakenvicius 2016-01-29 04:58:47 UTC
I got the OK from vapier that the changes he made to nss-3.21-r2 should be good to go for stabilization, let's do it: Arches, please stabilize =dev-libs/nss-3.21-r2
Comment 4 Jeroen Roovers 2016-01-30 07:52:11 UTC
Stable for HPPA.
Comment 5 Hanno Böck 2016-01-30 10:20:28 UTC
3.21 fixes another vuln (found by me actually), I'll just add the CVE to the description here.
Comment 6 Tobias Klausmann 2016-01-30 16:41:51 UTC
Stable on alpha.
Comment 7 Jeroen Roovers 2016-01-31 09:57:49 UTC
Stable for PPC64.
Comment 8 Agostino Sarubbo 2016-01-31 11:10:18 UTC
Comment 9 Agostino Sarubbo 2016-01-31 11:11:26 UTC
Comment 10 Markus Meier 2016-02-03 20:45:00 UTC
Comment 11 Aaron Bauman 2016-02-20 05:32:51 UTC
*** Bug 571518 has been marked as a duplicate of this bug. ***
Comment 12 Agostino Sarubbo 2016-03-16 12:05:15 UTC
Comment 13 Agostino Sarubbo 2016-03-19 11:37:36 UTC
Comment 14 Agostino Sarubbo 2016-03-20 12:01:38 UTC
ia64 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one.
Comment 15 Aaron Bauman 2016-11-27 11:06:29 UTC
3.20 is still in the tree... @maintainer(s), can you please clean this?