** Please note that this issue is confidential and no information should be disclosed until it is made public, see "Whiteboard" for a date ** CVE-2009-1415: Double free and free of invalid pointer on certain errors Miroslav Kratochvil reported that he was able to crash libgnutls when experimenting with (corrupt) DSA keys. The client crashes when verifying DSA signatures provided by the remote server when using a DSA ciphersuite. The code that crashes is also used for verifying DSA signatures in X.509 Certificates, and for verifying RSA/DSA signatures in OpenPGP keys. CVE-2009-1416: All DSA keys generated using GnuTLS 2.6.x are corrupt and useless When investigating the DSA problems reported by Miroslav Kratochvil, Simon Josefsson discovered that all DSA keys generated by GnuTLS 2.6.x are corrupt. Rather than generating a DSA key, GnuTLS will generate a RSA key and store it in a DSA structure. CVE-2009-1417: Certificate expiration not checked by gnutls-cli Romain Francoise reported that gnutls-cli does not check the activation and expiration dates of X.509 certificates. This is assumed to apply to all versions of gnutls-cli.
Upstream has planned a release for tomorrow, not sure if that will happen, so I'm adding patches as Daniel agreed to have an ebuild ready soonish. As always, no commits to CVS until the issue is public, please.
Created attachment 189700 [details, diff] CVE-2009-1415.patch
Created attachment 189702 [details, diff] CVE-2009-1416.patch
Created attachment 189704 [details, diff] CVE-2009-1417.patch
Created attachment 189707 [details, diff] fixed CVE-2009-1417.patch patch fix different hunks at different patch levels and backport it to 2.6.5
Created attachment 189720 [details] not totally completed gnutls-2.6.5-r1.ebuild was hoping to finish a testsuite. hopefully upstream will release with tests for the bugs they fixed. they aren't too bad. Just starting a revdep-rebuild now. will let you know in +6hrs how they go.
Created attachment 189787 [details] same without the src_test arch test ready.
Arch Security Liaisons, please test the attached ebuild and report it stable on this bug. Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86" CC'ing current Liaisons: alpha : armin76, klausman amd64 : keytoaster, tester hppa : jer ppc : josejx, ranger ppc64 : josejx, ranger sparc : fmccor x86 : armin76, maekke
HPPA is OK.
ppc and ppc64 good to go
net-libs/gnutls-2.6.6 has been released. http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3514
this is now public, please commit with the gathered keywords. arch liaisons, please keep on testing and stabling :-)
net-libs/gnutls-2.6.5-r1 added to try though I plan on adding the official upstream release 2.6.6 within the next hour the remaining arches want to wait a little.
2.6.6 added - going by the upstream Changelog. 2.6.6 is essentially same as 2.5.5 apart from the CVE fixes and a better version of the openpgp patch. Please make it stable for new archs.
Arches, please test and mark stable: =net-libs/gnutls-2.6.6 Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86" Already stabled : "hppa ppc ppc64" [for 2.6.5-r1] Missing keywords: "alpha amd64 arm ia64 m68k s390 sh sparc x86"
CVE-2009-1415 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1415): lib/pk-libgcrypt.c in libgnutls in GnuTLS before 2.6.6 does not properly handle invalid DSA signatures, which allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a malformed DSA key that triggers a (1) free of an uninitialized pointer or (2) double free. CVE-2009-1416 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1416): lib/gnutls_pk.c in libgnutls in GnuTLS 2.5.0 through 2.6.5 generates RSA keys stored in DSA structures, instead of the intended DSA keys, which might allow remote attackers to spoof signatures on certificates or have unspecified other impact by leveraging an invalid DSA key. CVE-2009-1417 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1417): gnutls-cli in GnuTLS before 2.6.6 does not verify the activation and expiration times of X.509 certificates, which allows remote attackers to successfully present a certificate that is (1) not yet valid or (2) no longer valid, related to lack of time checks in the _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls_x509, as used by (a) Exim, (b) OpenLDAP, and (c) libsoup.
I have added hppa@g.o because it would be awkward to stabilise the newer version at a later date. I guess ppc@ and ppc64@ would perhaps feel the same way.
amd64/x86 stable
There is no objection to stabilize 2.6.6, however I tried to keep pressure upon arch teams as low as possible. So ppc and ppc64, feel free to mark stable 2.6.6 as well or un-cc yourselves because 2.6.5-r1 is fine from a security perspective.
Stable for HPPA. :)
Stable on alpha.
ppc64 done
ppc done
arm/ia64/s390/sh/sparc stable
GLSA request filed.
GLSA 200905-04, thanks everyone.