Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 694162 (CVE-2019-1547, CVE-2019-1549, CVE-2019-1563)

Summary: <dev-libs/openssl-{1.0.2t,1.1.0l,1.1.1d}: multiple vulnerabilities (CVE-2019-{1547,1549,1563})
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: base-system
Priority: Normal Flags: stable-bot: sanity-check+
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://www.openssl.org/news/secadv/20190910.txt
Whiteboard: A3 [glsa+ cve]
Package list:
dev-libs/openssl-1.0.2t-r1 dev-libs/openssl-compat-1.0.2t-r1 amd64 x86
 Runtime testing required: ---
Bug Depends on: 694512    
Bug Blocks:    

Description GLSAMaker/CVETool Bot gentoo-dev 2019-09-12 14:05:15 UTC 
CVE-2019-1547 (https://nvd.nist.gov/vuln/detail/CVE-2019-1547):
  Normally in OpenSSL EC groups always have a co-factor present and this is
  used in side channel resistant code paths. However, in some cases, it is
  possible to construct a group using explicit parameters (instead of using a
  named curve). In those cases it is possible that such a group does not have
  the cofactor present. This can occur even where all the parameters match a
  known named curve. If such a curve is used then OpenSSL falls back to
  non-side channel resistant code paths which may result in full key recovery
  during an ECDSA signature operation. In order to be vulnerable an attacker
  would have to have the ability to time the creation of a large number of
  signatures where explicit parameters with no co-factor present are in use by
  an application using libcrypto. For the avoidance of doubt libssl is not
  vulnerable because explicit parameters are never used. Fixed in OpenSSL
  1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected
  1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).

CVE-2019-1549 (https://nvd.nist.gov/vuln/detail/CVE-2019-1549):
  OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was
  intended to include protection in the event of a fork() system call in order
  to ensure that the parent and child processes did not share the same RNG
  state. However this protection was not being used in the default case. A
  partial mitigation for this issue is that the output from a high precision
  timer is mixed into the RNG state so the likelihood of a parent and child
  process sharing state is significantly reduced. If an application already
  calls OPENSSL_init_crypto() explicitly using OPENSSL_INIT_ATFORK then this
  problem does not occur at all. Fixed in OpenSSL 1.1.1d (Affected
  1.1.1-1.1.1c).

CVE-2019-1563 (https://nvd.nist.gov/vuln/detail/CVE-2019-1563):
  In situations where an attacker receives automated notification of the
  success or failure of a decryption attempt an attacker, after sending a very
  large number of messages to be decrypted, can recover a CMS/PKCS7
  transported encryption key or decrypt any RSA encrypted message that was
  encrypted with the public RSA key, using a Bleichenbacher padding oracle
  attack. Applications are not affected if they use a certificate together
  with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to
  select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d
  (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k).
  Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).
Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev 2019-09-12 14:08:31 UTC 
@ arches,

please test and mark stable:

=dev-libs/openssl-1.0.2t
=dev-libs/openssl-compat-1.0.2t
Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev 2019-09-12 14:08:58 UTC 
New GLSA request filed
Comment 3 Thomas Deutschmann (RETIRED) gentoo-dev 2019-09-13 00:01:25 UTC 
x86 stable
Comment 4 Agostino Sarubbo gentoo-dev 2019-09-13 12:02:05 UTC 
ppc stable
Comment 5 Agostino Sarubbo gentoo-dev 2019-09-13 12:03:48 UTC 
ppc64 stable
Comment 6 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2019-09-13 12:09:22 UTC 
amd64 stable
Comment 7 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2019-09-13 12:12:52 UTC 
amd64 stable
Comment 8 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2019-09-13 12:15:44 UTC 
amd64 stable
Comment 9 Rolf Eike Beer archtester 2019-09-13 16:10:21 UTC 
hppa/sparc stable
Comment 10 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2019-09-13 17:37:34 UTC 
arm stable
Comment 11 Aaron Bauman (RETIRED) gentoo-dev 2019-09-13 18:02:31 UTC 
arm64 stable
Comment 12 Sergei Trofimovich (RETIRED) gentoo-dev 2019-09-16 22:09:20 UTC 
ia64 stable
Comment 13 Agostino Sarubbo gentoo-dev 2019-09-20 12:10:11 UTC 
s390 stable.

Maintainer(s), please cleanup.
Comment 14 Matt Turner gentoo-dev 2019-09-21 00:59:57 UTC 
alpha stable
Comment 15 Larry the Git Cow gentoo-dev 2019-10-01 19:38:54 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3d99ea55293be1ceee8e535de7db09265b7c85ec

commit 3d99ea55293be1ceee8e535de7db09265b7c85ec
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2019-10-01 19:38:36 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2019-10-01 19:38:36 +0000

    dev-libs/openssl: security cleanup (#694162)
    
    Bug: https://bugs.gentoo.org/694162
    Package-Manager: Portage-2.3.76, Repoman-2.3.17
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 dev-libs/openssl/Manifest                 |  12 --
 dev-libs/openssl/openssl-1.0.2r.ebuild    | 309 -----------------------------
 dev-libs/openssl/openssl-1.0.2s-r2.ebuild | 318 ------------------------------
 dev-libs/openssl/openssl-1.1.0k-r1.ebuild | 300 ----------------------------
 dev-libs/openssl/openssl-1.1.1c-r1.ebuild | 296 ---------------------------
 5 files changed, 1235 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c73656df4b2d217d438a6fb8a07d2894dd07e900

commit c73656df4b2d217d438a6fb8a07d2894dd07e900
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2019-10-01 19:36:03 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2019-10-01 19:36:03 +0000

    dev-libs/openssl: m68k/sh stable (#694162)
    
    Bug: https://bugs.gentoo.org/694162
    Package-Manager: Portage-2.3.76, Repoman-2.3.17
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 dev-libs/openssl/openssl-1.0.2t-r1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b91192d5d750dadc3673000dc065cf42f750da35

commit b91192d5d750dadc3673000dc065cf42f750da35
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2019-10-01 19:34:22 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2019-10-01 19:34:22 +0000

    dev-libs/openssl-compat: security cleanup (#694162)
    
    Bug: https://bugs.gentoo.org/694162
    Package-Manager: Portage-2.3.76, Repoman-2.3.17
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 dev-libs/openssl-compat/Manifest                   |   8 -
 .../openssl-compat/openssl-compat-1.0.2r.ebuild    | 249 --------------------
 .../openssl-compat/openssl-compat-1.0.2s-r1.ebuild | 256 ---------------------
 3 files changed, 513 deletions(-)
Comment 16 GLSAMaker/CVETool Bot gentoo-dev 2019-11-07 19:10:19 UTC 
This issue was resolved and addressed in
 GLSA 201911-04 at https://security.gentoo.org/glsa/201911-04
by GLSA coordinator Aaron Bauman (b-man).