Bug 697046 (CVE-2019-16905)

Summary:	<net-misc/openssh-8.0_p1-r4: an exploitable integer overflow bug was found in the private key parsing code for the XMSS key type (CVE-2019-16905)
Product:	Gentoo Security	Reporter:	Jeroen Roovers (RETIRED) <jer>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	normal	CC:	base-system, robbat2
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	https://www.openssh.com/txt/release-8.1
See Also:	https://bugs.gentoo.org/show_bug.cgi?id=675522
Whiteboard:	B2 [glsa+ cve]
Package list:		Runtime testing required:	---

Description Jeroen Roovers (RETIRED) gentoo-dev

2019-10-09 07:10:27 UTC

OpenSSH 8.1 has just been released. It will be available from the
mirrors listed at http://www.openssh.com/ shortly.

OpenSSH is a 100% complete SSH protocol 2.0 implementation and
includes sftp client and server support.

Once again, we would like to thank the OpenSSH community for their
continued support of the project, especially those who contributed
code or patches, reported bugs, tested snapshots or donated to the
project. More information on donations may be found at:
http://www.openssh.com/donations.html

Security
========

 * ssh(1), sshd(8), ssh-add(1), ssh-keygen(1): an exploitable integer
   overflow bug was found in the private key parsing code for the XMSS
   key type. This key type is still experimental and support for it is
   not compiled by default. No user-facing autoconf option exists in
   portable OpenSSH to enable it. This bug was found by Adam Zabrocki
   and reported via SecuriTeam's SSD program.

 * ssh(1), sshd(8), ssh-agent(1): add protection for private keys at
   rest in RAM against speculation and memory side-channel attacks like
   Spectre, Meltdown and Rambleed. This release encrypts private keys
   when they are not in use with a symmetric key that is derived from a
   relatively large "prekey" consisting of random data (currently 16KB).

Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev

2019-10-09 13:13:26 UTC

Gentoo allows usage of XMSS key type since commit fe902146e84a9b2beb8c1748d7735e5b38928e75 via USE flag "xmss" which is disabled by default.

Comment 2 Larry the Git Cow gentoo-dev

2019-10-09 16:18:10 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0148cb4b99350b09cc7eaa229ad42d4b6009d0e9

commit 0148cb4b99350b09cc7eaa229ad42d4b6009d0e9
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2019-10-09 16:17:12 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2019-10-09 16:17:29 +0000

    net-misc/openssh: fix integer overflows
    
    - Fix integer overflow in XMSS private key parsing
    - Fix an unreachable integer overflow similar to the XMSS case
    - Fix putty tests
    
    Closes: https://bugs.gentoo.org/493866
    Bug: https://bugs.gentoo.org/697046
    Package-Manager: Portage-2.3.76, Repoman-2.3.17
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 net-misc/openssh/Manifest                          |   1 +
 ...integer-overflow-similar-to-the-XMSS-case.patch |  76 ++++
 ...eger-overflow-in-XMSS-private-key-parsing.patch |  14 +
 .../files/openssh-8.0_p1-fix-putty-tests.patch     |  57 +++
 net-misc/openssh/openssh-8.0_p1-r4.ebuild          | 467 +++++++++++++++++++++
 5 files changed, 615 insertions(+)

Comment 3 Thomas Deutschmann (RETIRED) gentoo-dev

2019-10-09 16:19:03 UTC

We will move stable keywords shortly.

Comment 4 Larry the Git Cow gentoo-dev

2019-10-09 20:39:50 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4c16aa18318891f1224dba19390ae85e22bde6f0

commit 4c16aa18318891f1224dba19390ae85e22bde6f0
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2019-10-09 20:39:25 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2019-10-09 20:39:43 +0000

    net-misc/openssh: security cleanup
    
    Bug: https://bugs.gentoo.org/697046
    Package-Manager: Portage-2.3.76, Repoman-2.3.17
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 net-misc/openssh/Manifest                 |   1 -
 net-misc/openssh/openssh-8.0_p1-r3.ebuild | 463 ------------------------------
 2 files changed, 464 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=16a48f47227819cfb092a2579f6c4ba50a5dedcf

commit 16a48f47227819cfb092a2579f6c4ba50a5dedcf
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2019-10-09 20:38:39 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2019-10-09 20:39:42 +0000

    net-misc/openssh: move stable keywords
    
    Bug: https://bugs.gentoo.org/697046
    Package-Manager: Portage-2.3.76, Repoman-2.3.17
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 net-misc/openssh/openssh-8.0_p1-r4.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comment 5 Thomas Deutschmann (RETIRED) gentoo-dev

2019-10-26 14:41:53 UTC

New GLSA request filed.

Comment 6 GLSAMaker/CVETool Bot gentoo-dev

2019-11-07 19:03:23 UTC

This issue was resolved and addressed in
 GLSA 201911-01 at https://security.gentoo.org/glsa/201911-01
by GLSA coordinator Aaron Bauman (b-man).

Comment 7 Aaron Bauman (RETIRED) gentoo-dev

2019-11-07 19:03:57 UTC

re-opened for cleanup

Comment 8 Larry the Git Cow gentoo-dev

2020-04-21 11:29:56 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=564f650e05897641af79a977599733c16dab7883

commit 564f650e05897641af79a977599733c16dab7883
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2020-04-21 11:29:28 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2020-04-21 11:29:49 +0000

    net-misc/openssh: security cleanup
    
    Bug: https://bugs.gentoo.org/675522
    Bug: https://bugs.gentoo.org/697046
    Package-Manager: Portage-2.3.99, Repoman-2.3.22
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 net-misc/openssh/Manifest                          |  19 -
 .../files/openssh-7.3-mips-seccomp-n32.patch       |  21 -
 .../files/openssh-7.5_p1-CVE-2017-15906.patch      |  31 --
 .../openssh/files/openssh-7.5_p1-GSSAPI-dns.patch  | 351 ----------------
 .../openssh/files/openssh-7.5_p1-cross-cache.patch |  39 --
 .../files/openssh-7.5_p1-hpn-x509-10.2-glue.patch  |  67 ---
 .../files/openssh-7.5_p1-s390-seccomp.patch        |  27 --
 .../openssh/files/openssh-7.5_p1-x32-typo.patch    |  25 --
 .../openssh/files/openssh-7.7_p1-GSSAPI-dns.patch  | 351 ----------------
 .../openssh/files/openssh-7.8_p1-GSSAPI-dns.patch  | 359 ----------------
 .../files/openssh-7.9_p1-CVE-2018-20685.patch      |  16 -
 .../files/openssh-7.9_p1-X509-11.6-tests.patch     |  12 -
 ...openssh-7.9_p1-X509-dont-make-piddir-11.6.patch |  16 -
 .../files/openssh-7.9_p1-X509-glue-11.6.patch      |  28 --
 .../files/openssh-7.9_p1-hpn-X509-glue.patch       |  79 ----
 .../openssh/files/openssh-7.9_p1-hpn-glue.patch    | 112 -----
 .../files/openssh-7.9_p1-hpn-openssl-1.1.patch     |  91 ----
 .../files/openssh-7.9_p1-hpn-sctp-glue.patch       |  17 -
 .../openssh-7.9_p1-openssl-1.0.2-compat.patch      |  13 -
 .../openssh/files/openssh-8.0_p1-GSSAPI-dns.patch  | 359 ----------------
 .../files/openssh-8.0_p1-X509-12.1-tests.patch     |  11 -
 ...integer-overflow-similar-to-the-XMSS-case.patch |  76 ----
 ...eger-overflow-in-XMSS-private-key-parsing.patch |  14 -
 .../files/openssh-8.0_p1-hpn-X509-glue.patch       | 114 -----
 .../openssh/files/openssh-8.0_p1-hpn-glue.patch    | 194 ---------
 net-misc/openssh/files/openssh-8.0_p1-tests.patch  |  43 --
 net-misc/openssh/metadata.xml                      |   2 -
 net-misc/openssh/openssh-7.5_p1-r5.ebuild          | 335 ---------------
 net-misc/openssh/openssh-7.7_p1-r10.ebuild         | 445 --------------------
 net-misc/openssh/openssh-7.9_p1-r5.ebuild          | 468 ---------------------
 net-misc/openssh/openssh-8.0_p1-r5.ebuild          | 465 --------------------
 31 files changed, 4200 deletions(-)

Comment 9 Sam James archtester

2020-05-18 18:07:49 UTC

All done.