Summary: | <dev-libs/openssl-1.1.1g: Segmentation fault in SSL_check_chain (CVE-2020-1967) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | base-system, jaco |
Priority: | Normal | Keywords: | CC-ARCHES |
Version: | unspecified | Flags: | nattka:
sanity-check+
|
Hardware: | All | ||
OS: | Linux | ||
URL: | https://www.openssl.org/news/secadv/20200421.txt | ||
Whiteboard: | A3 [glsa+ cve] | ||
Package list: |
dev-libs/openssl-1.1.1g amd64 arm arm64 hppa ppc ppc64 s390 sparc x86
|
Runtime testing required: | --- |
Bug Depends on: | 719688 | ||
Bug Blocks: |
Description
Sam James
2020-04-14 13:41:46 UTC
Description: "Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Reported by Bernd Edlinger." Patch: https://github.com/openssl/openssl/commit/eb563247aef3e83dda7679c43f9649270462e5b1 Affected: 1.1.1d - 1.1.1f @maintainer(s), please create an appropriate ebuild (1.1.1g, just released). The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=43795668935812c25e76cc2bca2758347b6357a6 commit 43795668935812c25e76cc2bca2758347b6357a6 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2020-04-21 14:05:53 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2020-04-21 14:10:34 +0000 dev-libs/openssl: bump to v1.1.1g Bug: https://bugs.gentoo.org/717442 Package-Manager: Portage-2.3.99, Repoman-2.3.22 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> dev-libs/openssl/Manifest | 1 + dev-libs/openssl/openssl-1.1.1g.ebuild | 324 +++++++++++++++++++++++++++++++++ 2 files changed, 325 insertions(+) This affects TLS 1.3 only. amd64 stable sparc stable arm64 stable arm stable s390 stable x86 stable This issue was resolved and addressed in GLSA 202004-10 at https://security.gentoo.org/glsa/202004-10 by GLSA coordinator Thomas Deutschmann (whissi). Re-opening for remaining architectures. hppa stable, forgot to un-CC @ppc, ppc64: ping on both little-endian and big-endian ppc64 same test failure ../test/recipes/30-test_afalg.t .................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests ppc64 stable ppc stable arches done, security please proceed. (In reply to Georgy Yakovlev from comment #15) > ppc64 stable > ppc stable > > arches done, security please proceed. Thanks. @maintainer(s), please cleanup The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9bce053e42181beb3ae28cc8585516202954a248 commit 9bce053e42181beb3ae28cc8585516202954a248 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2020-06-04 17:53:01 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2020-06-04 17:53:01 +0000 dev-libs/openssl: security cleanup Bug: https://bugs.gentoo.org/717442 Package-Manager: Portage-2.3.100, Repoman-2.3.22 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> dev-libs/openssl/Manifest | 3 - ...sl-1.1.1d-config-Drop-linux-alpha-gcc-bwx.patch | 42 --- ...x-potential-memleaks-w-BN_to_ASN1_INTEGER.patch | 107 ------- .../openssl/files/openssl-1.1.1d-fix-zlib.patch | 52 ---- ...stitched-AES-CBC-HMAC-SHA-implementations.patch | 62 ---- dev-libs/openssl/openssl-1.1.1d-r3.ebuild | 328 --------------------- dev-libs/openssl/openssl-1.1.1f.ebuild | 324 -------------------- 7 files changed, 918 deletions(-) All done. |