| Summary: | <dev-libs/openssl-1.0.2h-r2: Non-constant time codepath followed for certain operations in DSA implementation (CVE-2016-2178) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | base-system |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1343400 | ||
| Whiteboard: | A3 [glsa cve] | ||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | |||
| Bug Blocks: | 585142 | ||
CVE-2016-2178 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2178): The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack. Fixed in openssl-1.0.2h-r2 https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b4bfc10ce01e37a79da48f2f8349200c7eca78ed (In reply to Patrick McLean from comment #2) > Fixed in openssl-1.0.2h-r2 > > https://gitweb.gentoo.org/repo/gentoo.git/commit/ > ?id=b4bfc10ce01e37a79da48f2f8349200c7eca78ed @base-system, shall we wait on stabilization or proceed? (In reply to Aaron Bauman from comment #3) fine to stabilize @arches, please stabilize: =dev-libs/openssl-1.0.2h-r2 amd64 stable x86 stable Stable for HPPA. Stable on alpha. Stable for PPC64. arm stable arm64 stable ppc stable sparc stable ia64 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one. Removing unstable arches. @maintainer(s), please proceed with cleanup. (In reply to Aaron Bauman from comment #16) unstable arches still stabilize core packages needed to build the system (In reply to SpanKY from comment #17) > (In reply to Aaron Bauman from comment #16) > > unstable arches still stabilize core packages needed to build the system We should consider that their stabilization efforts are done in separate bugs then. Security does not support unstable arches. Cleanup happened via https://gitweb.gentoo.org/repo/gentoo.git/commit/dev-libs/openssl?id=33f48e56748dc9d6c40326f7654653b6dc49dab5 This issue was resolved and addressed in GLSA 201612-16 at https://security.gentoo.org/glsa/201612-16 by GLSA coordinator Aaron Bauman (b-man). |
From ${URL} : Operations in the DSA signing algorithm should run in constant time in order to avoid side channel attacks. A flaw in the OpenSSL DSA implementation means that a non-constant time codepath is followed for certain operations. This has been demonstrated through a cache-timing attack to be sufficient for an attacker to recover the private DSA key. Upstream fix: https://git.openssl.org/?p=openssl.git;a=commit;h=399944622df7bd81af62e67ea967c470534090e2 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.