Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 829660 (CVE-2021-43666, CVE-2021-44732, CVE-2021-45450)

Summary: <net-libs/mbedtls-{2.16.12,2.28.0}: multiple vulnerabilities
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: blueness
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B2 [glsa+]
Package list:
Runtime testing required: ---
Bug Depends on: 829713    
Bug Blocks:    

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-12-19 22:15:11 UTC
https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.12
https://github.com/ARMmbed/mbedtls/releases/tag/v2.28.0
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2021-12

"Security
   * Zeroize several intermediate variables used to calculate the expected
     value when verifying a MAC or AEAD tag. This hardens the library in
     case the value leaks through a memory disclosure vulnerability. For
     example, a memory disclosure vulnerability could have allowed a
     man-in-the-middle to inject fake ciphertext into a DTLS connection.
   * In psa_cipher_generate_iv() and psa_cipher_encrypt(), do not read back
     from the output buffer. This fixes a potential policy bypass or decryption
     oracle vulnerability if the output buffer is in memory that is shared with
     an untrusted application.
   * Fix a double-free that happened after mbedtls_ssl_set_session() or
     mbedtls_ssl_get_session() failed with MBEDTLS_ERR_SSL_ALLOC_FAILED
     (out of memory). After that, calling mbedtls_ssl_session_free()
     and mbedtls_ssl_free() would cause an internal session buffer to
     be free()'d twice."

please bump to 2.16.12 and 2.28.0.
Comment 1 Anthony Basile gentoo-dev 2021-12-20 13:58:52 UTC
I just added 2.16.12, 2.28.0 and 3.1.0.  I did preliminary testing and they are ready for rapid stabilization.
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-12-20 20:30:23 UTC
Thank you!
Comment 3 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-12-21 07:21:14 UTC
(In reply to John Helmert III from comment #0)
> https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.12
> https://github.com/ARMmbed/mbedtls/releases/tag/v2.28.0
> https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-
> advisory-2021-12
> 
> "Security
>    * Zeroize several intermediate variables used to calculate the expected
>      value when verifying a MAC or AEAD tag. This hardens the library in
>      case the value leaks through a memory disclosure vulnerability. For
>      example, a memory disclosure vulnerability could have allowed a
>      man-in-the-middle to inject fake ciphertext into a DTLS connection.
>    * In psa_cipher_generate_iv() and psa_cipher_encrypt(), do not read back
>      from the output buffer. This fixes a potential policy bypass or
> decryption
>      oracle vulnerability if the output buffer is in memory that is shared
> with
>      an untrusted application.

CVE-2021-45450

>    * Fix a double-free that happened after mbedtls_ssl_set_session() or
>      mbedtls_ssl_get_session() failed with MBEDTLS_ERR_SSL_ALLOC_FAILED
>      (out of memory). After that, calling mbedtls_ssl_session_free()
>      and mbedtls_ssl_free() would cause an internal session buffer to
>      be free()'d twice."
> 
> please bump to 2.16.12 and 2.28.0.
Comment 4 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-12-22 20:26:46 UTC
Please cleanup, thanks!
Comment 5 Anthony Basile gentoo-dev 2022-01-15 22:01:07 UTC
(In reply to John Helmert III from comment #4)
> Please cleanup, thanks!

clean up done
Comment 6 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-01-15 22:16:37 UTC
Thanks!
Comment 7 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-03-24 21:36:19 UTC
CVE-2021-43666 (https://github.com/ARMmbed/mbedtls/issues/5136):

A Denial of Service vulnerability exists in mbed TLS 3.0.0 and earlier in the mbedtls_pkcs12_derivation function when an input password's length is 0.
Comment 8 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-12-22 23:47:51 UTC
GLSA request filed.
Comment 9 Larry the Git Cow gentoo-dev 2023-01-11 05:22:44 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=f524f5fa47d9d739280d4530623a93084918da39

commit f524f5fa47d9d739280d4530623a93084918da39
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2023-01-11 05:19:06 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2023-01-11 05:22:06 +0000

    [ GLSA 202301-08 ] Mbed TLS: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/730752
    Bug: https://bugs.gentoo.org/740108
    Bug: https://bugs.gentoo.org/764317
    Bug: https://bugs.gentoo.org/778254
    Bug: https://bugs.gentoo.org/801376
    Bug: https://bugs.gentoo.org/829660
    Bug: https://bugs.gentoo.org/857813
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 glsa-202301-08.xml | 62 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 62 insertions(+)
Comment 10 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-01-11 05:25:11 UTC
GLSA released, all done!