Bug 778254

Summary:	<net-libs/mbedtls-{2.16.10,2.26.0}: multiple vulnerabilities
Product:	Gentoo Security	Reporter:	John Helmert III <ajak>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	minor	CC:	blueness
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	https://github.com/ARMmbed/mbedtls/releases/tag/v2.26.0
Whiteboard:	B3 [glsa+]
Package list:		Runtime testing required:	---

Description John Helmert III archtester

2021-03-25 21:07:41 UTC

From URL:

    Fix a security reduction in CTR_DRBG when the initial seeding obtained a
    nonce from entropy. Applications were affected if they called
    mbedtls_ctr_drbg_set_nonce_len(), if they called
    mbedtls_ctr_drbg_set_entropy_len() with a size that was 3/2 times the key
    length, or when the entropy module uses SHA-256 and CTR_DRBG uses AES-256.
    In such cases, a random nonce was necessary to achieve the advertised
    security strength, but the code incorrectly used a constant instead of
    entropy from the nonce.
    Found by John Stroebel in #3819 and fixed in #3973.

    Fix a buffer overflow in mbedtls_mpi_sub_abs() when calculating
    |A| - |B| where |B| is larger than |A| and has more limbs (so the
    function should return MBEDTLS_ERR_MPI_NEGATIVE_VALUE). Only
    applications calling mbedtls_mpi_sub_abs() directly are affected:
    all calls inside the library were safe since this function is
    only called with |A| >= |B|. Reported by Guido Vranken in #4042.

    Fix an errorneous estimation for an internal buffer in
    mbedtls_pk_write_key_pem(). If MBEDTLS_MPI_MAX_SIZE is set to an odd
    value the function might fail to write a private RSA keys of the largest
    supported size.
    Found by Daniel Otte, reported in #4093 and fixed in #4094.

    Fix a stack buffer overflow with mbedtls_net_poll() and
    mbedtls_net_recv_timeout() when given a file descriptor that is
    beyond FD_SETSIZE. Reported by FigBug in #4169.

    Guard against strong local side channel attack against base64 tables by
    making access aceess to them use constant flow code.


Please stabilize 2.26.0.

Comment 1 Anthony Basile gentoo-dev

2021-03-27 21:47:58 UTC

Its ready: KEYWORDS="amd64 arm arm64  ppc ppc64 x86"

Comment 2 Sam James archtester

2021-03-28 07:10:01 UTC

arm64 done

Comment 3 Sam James archtester

2021-03-28 07:13:39 UTC

x86 done

Comment 4 Sam James archtester

2021-03-28 11:03:19 UTC

arm done

Comment 5 Sam James archtester

2021-03-28 13:53:17 UTC

ppc64 done

Comment 6 Sam James archtester

2021-03-28 14:14:18 UTC

ppc done

Comment 7 Sam James archtester

2021-03-28 18:24:19 UTC

amd64 done

all arches done

Comment 8 John Helmert III archtester

2021-03-28 18:30:05 UTC

Please cleanup.

Comment 9 Anthony Basile gentoo-dev

2021-04-06 13:27:15 UTC

(In reply to John Helmert III from comment #8)
> Please cleanup.

done

Comment 10 Larry the Git Cow gentoo-dev

2021-04-06 15:11:14 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d6dc616c9f12063cec31a32c56b5068f4542b00c

commit d6dc616c9f12063cec31a32c56b5068f4542b00c
Author:     John Helmert III <ajak@gentoo.org>
AuthorDate: 2021-04-06 14:52:04 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2021-04-06 15:09:44 +0000

    net-libs/mbedtls: drop 2.24.0 (security)
    
    Bug: https://bugs.gentoo.org/778254
    Acked-By: Anthony Basile <blueness@gentoo.org>
    Package-Manager: Portage-3.0.18, Repoman-3.0.3
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 net-libs/mbedtls/Manifest              |  1 -
 net-libs/mbedtls/mbedtls-2.24.0.ebuild | 95 ----------------------------------
 2 files changed, 96 deletions(-)

Comment 11 John Helmert III archtester

2021-06-30 14:23:00 UTC

Added to existing request

Comment 12 NATTkA bot gentoo-dev

2021-07-29 17:23:32 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 13 NATTkA bot gentoo-dev

2021-07-29 17:31:55 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 14 NATTkA bot gentoo-dev

2021-07-29 17:39:49 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 15 NATTkA bot gentoo-dev

2021-07-29 17:48:00 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 16 NATTkA bot gentoo-dev

2021-07-29 18:03:56 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 17 NATTkA bot gentoo-dev

2021-07-29 18:12:14 UTC

Package list is empty or all packages have requested keywords.

Comment 18 John Helmert III archtester

2022-12-22 23:47:31 UTC

GLSA request filed. Still need CVEs, I guess.

Comment 19 Larry the Git Cow gentoo-dev

2023-01-11 05:22:55 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=f524f5fa47d9d739280d4530623a93084918da39

commit f524f5fa47d9d739280d4530623a93084918da39
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2023-01-11 05:19:06 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2023-01-11 05:22:06 +0000

    [ GLSA 202301-08 ] Mbed TLS: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/730752
    Bug: https://bugs.gentoo.org/740108
    Bug: https://bugs.gentoo.org/764317
    Bug: https://bugs.gentoo.org/778254
    Bug: https://bugs.gentoo.org/801376
    Bug: https://bugs.gentoo.org/829660
    Bug: https://bugs.gentoo.org/857813
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 glsa-202301-08.xml | 62 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 62 insertions(+)

Comment 20 John Helmert III archtester

2023-01-11 05:25:00 UTC

GLSA released, all done!