Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 716788 (CVE-2020-1730)

Summary: <net-libs/libssh-0.9.4: denial of service when handling AES-CTR (or DES) ciphers (CVE-2020-1730)
Product: Gentoo Security Reporter: Sam James <sam>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor    
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://www.libssh.org/security/advisories/CVE-2020-1730.txt
Whiteboard: B3 [glsa+ cve]
Package list:
net-libs/libssh-0.9.4
Runtime testing required: ---

Description Sam James archtester gentoo-dev Security 2020-04-09 10:23:12 UTC
From URL:
== Versions:    >= 0.8.0
==
== Summary:     A malicious client or server could crash
==              the counterpart implemented with libssh
==              AES-CTR ciphers are used and don't get
==              fully initialized. It will crash when it
==              tries to cleanup the AES-CTR ciphers when
==              closing the connection.

==========
Workaround
==========

Disable AES-CTR ciphers. If you implement a server using libssh we advise to
use a prefork model so each session runs in an own process. If you have
implemented your server this way this is not really an issue. The client will
kill its own connection.

----
https://www.libssh.org/2020/04/09/libssh-0-9-4-and-libssh-0-8-9-security-release/
Comment 1 Sam James archtester gentoo-dev Security 2020-04-09 10:24:31 UTC
@maintainer(s), please create an appropriate ebuild for 0.9.4.
Comment 2 Larry the Git Cow gentoo-dev 2020-04-09 11:22:29 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=55ae3aadc8805c151eca047c662e0b56828299c4

commit 55ae3aadc8805c151eca047c662e0b56828299c4
Author:     Lars Wendler <polynomial-c@gentoo.org>
AuthorDate: 2020-04-09 11:22:06 +0000
Commit:     Lars Wendler <polynomial-c@gentoo.org>
CommitDate: 2020-04-09 11:22:23 +0000

    net-libs/libssh: Security bump to version 0.9.4
    
    Bug: https://bugs.gentoo.org/716788
    Package-Manager: Portage-2.3.97, Repoman-2.3.22
    Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>

 net-libs/libssh/Manifest            |   1 +
 net-libs/libssh/libssh-0.9.4.ebuild | 119 ++++++++++++++++++++++++++++++++++++
 2 files changed, 120 insertions(+)
Comment 3 Sam James archtester gentoo-dev Security 2020-04-09 11:35:49 UTC
@maintainer(s), this is a relatively minor release with some other correctness fixes in there. Please advise if ready for stabilisation or call yourself.

Thanks for quick bump!
Comment 4 Andreas Sturmlechner gentoo-dev 2020-04-09 21:10:30 UTC
I guess it is fine. Arches please stabilise.
Comment 5 Mart Raudsepp gentoo-dev 2020-04-10 17:49:56 UTC
arm64 stable
Comment 6 Rolf Eike Beer 2020-04-10 18:19:56 UTC
hppa/sparc stable
Comment 7 Thomas Deutschmann gentoo-dev Security 2020-04-10 21:33:52 UTC
GLSA Vote: Yes

New GLSA request filed.
Comment 8 GLSAMaker/CVETool Bot gentoo-dev 2020-04-10 21:48:47 UTC
This issue was resolved and addressed in
 GLSA 202004-08 at https://security.gentoo.org/glsa/202004-08
by GLSA coordinator Thomas Deutschmann (whissi).
Comment 9 Thomas Deutschmann gentoo-dev Security 2020-04-10 21:49:22 UTC
Re-opening for remaining architectures.
Comment 10 Agostino Sarubbo gentoo-dev 2020-04-11 15:57:58 UTC
amd64 stable
Comment 11 Agostino Sarubbo gentoo-dev 2020-04-11 15:58:58 UTC
arm stable
Comment 12 Agostino Sarubbo gentoo-dev 2020-04-11 16:00:44 UTC
ppc stable
Comment 13 Agostino Sarubbo gentoo-dev 2020-04-11 16:10:54 UTC
ppc64 stable
Comment 14 Agostino Sarubbo gentoo-dev 2020-04-11 16:13:24 UTC
x86 stable.

Maintainer(s), please cleanup.
Comment 15 Larry the Git Cow gentoo-dev 2020-04-11 16:16:39 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c02c48f3a322d3f3da001b0eccbd11d5cde95d7b

commit c02c48f3a322d3f3da001b0eccbd11d5cde95d7b
Author:     Andreas Sturmlechner <asturm@gentoo.org>
AuthorDate: 2020-04-11 16:16:02 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2020-04-11 16:16:14 +0000

    net-libs/libssh: Drop 0.9.3
    
    Bug: https://bugs.gentoo.org/716788
    Package-Manager: Portage-2.3.98, Repoman-2.3.22
    Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org>

 net-libs/libssh/Manifest            |   1 -
 net-libs/libssh/libssh-0.9.3.ebuild | 119 ------------------------------------
 2 files changed, 120 deletions(-)
Comment 16 Andreas Sturmlechner gentoo-dev 2020-04-11 16:17:08 UTC
Cleanup done.
Comment 17 NATTkA bot gentoo-dev 2020-04-11 16:17:43 UTC
Resetting sanity check; keywords are not fully specified and arches are not CC-ed.
Comment 18 Andreas Sturmlechner gentoo-dev 2020-05-03 16:38:07 UTC
kde proj is done here, anyway.