Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 108046 - dev-libs/openssl CAN-2005-2969 (Vendor-sec)
Summary: dev-libs/openssl CAN-2005-2969 (Vendor-sec)
Status: RESOLVED DUPLICATE of bug 108852
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
Whiteboard: A3? [preglsa] CLASSIFIED 20051011 12...
Depends on:
Reported: 2005-10-04 02:55 UTC by Sune Kloppenborg Jeppesen (RETIRED)
Modified: 2007-05-31 10:54 UTC (History)
8 users (show)

See Also:
Package list:
Runtime testing required: ---

patch-0.9.7 (patch-0.9.7,3.46 KB, patch)
2005-10-04 09:30 UTC, Sune Kloppenborg Jeppesen (RETIRED)
no flags Details | Diff
patch-0.9.8 (patch-0.9.8,4.07 KB, patch)
2005-10-04 09:31 UTC, Sune Kloppenborg Jeppesen (RETIRED)
no flags Details | Diff
openssl-0.9.8-CAN-2005-2969.patch (openssl-0.9.8-CAN-2005-2969.patch,4.07 KB, patch)
2005-10-06 13:18 UTC, Martin Schlemmer (RETIRED)
no flags Details | Diff
openssl-0.9.8-r1.ebuild (openssl-0.9.8-r1.ebuild,5.27 KB, text/plain)
2005-10-06 13:18 UTC, Martin Schlemmer (RETIRED)
no flags Details
openssl-0.9.7-CAN.tar.bz2 (openssl-0.9.7-CAN.tar.bz2,5.66 KB, application/octet-stream)
2005-10-10 08:51 UTC, SpanKY
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-10-04 02:55:34 UTC
Upcoming OpenSSL issue public on October 11th 1200UTC.  NISCC should be  
contacting you with details today (prod if you don't  
hear from them).  Affects all OS and architectures, all OpenSSL versions.  
Has a simple patch easy to backport to any old OpenSSL version. 
However I'd rate this as a low or moderate severity issue, so no need to  
overly panic. 
Thanks, Mark 
Mark J Cox / Red Hat Security Response Team
Comment 1 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-10-04 09:30:17 UTC
### DRAFT ### 
OpenSSL Security Advisory [11 October 2005] 
CAN-2005-2969: Potential SSL 2.0 Rollback 
  - Vulnerability 
  - Recommendations 
  - Acknowledgement 
  - References 
A vulnerability has been found in all previously released versions of OpenSSL 
(all versions up to 0.9.7g, and version 0.9.8). 
Versions 0.9.7h and 0.9.8a are being released to address the issue. 
The vulnerability potentially affects applications that use the SSL/TLS server 
implementation provided by OpenSSL. 
Such applications are affected if they use the option 
SSL_OP_MSIE_SSLV2_RSA_PADDING.  This option is implied by use of SSL_OP_ALL, 
which is intended to work around various bugs in third-party software that 
might prevent interoperability.  The SSL_OP_MSIE_SSLV2_RSA_PADDING option 
disables a verification step in the SSL 2.0 server supposed to prevent active 
protocol-version rollback attacks.  With this verification step disabled, an 
attacker acting as a "man in the middle" can force a client and a server to 
negotiate the SSL 2.0 protocol even if these parties both support SSL 3.0 or 
TLS 1.0.  The SSL 2.0 protocol is known to have severe cryptographic 
weaknesses and is supported as a fallback only. 
Applications using neither SSL_OP_MSIE_SSLV2_RSA_PADDING nor SSL_OP_ALL are 
not affected.  Also, applications that disable use of SSL 2.0 are not 
There are multiple ways to avoid this vulnerability.  Any one of the following 
measures is sufficient. 
1.  Disable SSL 2.0 in the OpenSSL-based application. 
     The vulnerability occurs only if the old protocol version SSL 2.0 
     is enabled both in an OpenSSL server and in any of the clients 
     (OpenSSL-based or not) connecting to it.  Thus, if you have 
     disabled SSL 2.0, the vulnerability does not apply to you. 
     Generally, it is strongly recommended to disable the SSL 2.0 
     protocol because of its known problems. 
2.  Upgrade the OpenSSL server software. 
     The vulnerability is resolved in the following versions of OpenSSL: 
      - in the 0.9.7 branch, version 0.9.7h (or later); 
      - in the 0.9.8 branch, version 0.9.8a (or later). 
     [note we resolved this by simply by removing the functionality 
     of this deprecated flag] 
We thank Yutaka Oiwa of the Research Center for Information Security, National 
Institute of Advanced Industrial Science and Technology (AIST), Japan, for 
alerting us about this problem. 
The Common Vulnerabilities and Exposures project ( has assigned 
the name CAN-2005-2969 for this issue: 
URL for this Security Advisory: 
Comment 2 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-10-04 09:30:59 UTC
Created attachment 69860 [details, diff]
Comment 3 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-10-04 09:31:35 UTC
Created attachment 69861 [details, diff]
Comment 4 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-10-06 12:16:45 UTC
Martin please advise and attach an updated ebuild for arch testing if 
Do NOT commit anything to Portage.   
Comment 5 Martin Schlemmer (RETIRED) gentoo-dev 2005-10-06 12:25:08 UTC
Hmm, may only be done after a certain date or what ?
Comment 6 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-10-06 12:51:14 UTC
You can attach an updated ebuild to this bug, but do not commit anything to 
Portage before we say go. 
Comment 7 Martin Schlemmer (RETIRED) gentoo-dev 2005-10-06 13:18:01 UTC
Created attachment 70011 [details, diff]

Patch needs to be slightly adjusted.
Comment 8 Martin Schlemmer (RETIRED) gentoo-dev 2005-10-06 13:18:43 UTC
Created attachment 70012 [details]

Ebuild for 0.9.8.
Comment 9 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-10-06 13:31:56 UTC
Thx Martin. 
Arch security liaisons please test and report back on this bug. 
alpha  kloeri 
amd64  blubb 
hppa  hansmi 
ppc  hansmi 
ppc64  corsair 
sparc  gustavoz 
x86  tester 
Comment 10 Martin Schlemmer (RETIRED) gentoo-dev 2005-10-06 14:02:14 UTC
We probably want the 0.9.7 one to go stable .. ill look into it if Mike have not
.. heading to bed now though.
Comment 11 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-10-06 14:08:14 UTC
Back to preebuild unccing arch security liaisons. 
Comment 12 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-10-06 14:10:39 UTC
And now witn unccing:-) Sorry for the spam. 
Comment 13 SpanKY gentoo-dev 2005-10-06 16:38:12 UTC
we'll actually need to fix both 0.9.7e and 0.9.7g
Comment 14 SpanKY gentoo-dev 2005-10-10 08:51:21 UTC
Created attachment 70297 [details]

updated 0.9.7 ebuilds
Comment 15 Thierry Carrez (RETIRED) gentoo-dev 2005-10-10 08:59:59 UTC
Ccing arch sec liaisons, please test and tell us which can be committed as
stable on your arch.

alpha  kloeri 
amd64  blubb MetalGOD
hppa  hansmi 
ppc  hansmi 
ppc64  corsair rangerpb
sparc  gustavoz 
x86  tester 
Comment 16 Gustavo Zacarias (RETIRED) gentoo-dev 2005-10-10 11:21:49 UTC
0.9.7g-r1 looks good for sparc.
Comment 17 Michael Hanselmann (hansmi) (RETIRED) gentoo-dev 2005-10-10 12:47:00 UTC
hppa and ppc is fine
Comment 18 Brent Baude (RETIRED) gentoo-dev 2005-10-10 13:22:39 UTC
0.9.7g-r1 looks good for ppc64
Comment 19 Bryan Østergaard (RETIRED) gentoo-dev 2005-10-10 13:44:19 UTC
Alpha is happy with 0.9.7g-r1.
Comment 20 Luis Medinas (RETIRED) gentoo-dev 2005-10-10 14:06:10 UTC
0.9.7g-r1 is fine for amd64
Comment 21 Olivier Crete (RETIRED) gentoo-dev 2005-10-10 16:07:40 UTC
looks fine on x86
Comment 22 Thierry Carrez (RETIRED) gentoo-dev 2005-10-11 00:49:14 UTC
OK ready for commit later that day...
Comment 23 Thierry Carrez (RETIRED) gentoo-dev 2005-10-11 05:08:50 UTC
Now public @ bug 108852

*** This bug has been marked as a duplicate of 108852 ***