Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 694162 (CVE-2019-1547, CVE-2019-1549, CVE-2019-1563) - <dev-libs/openssl-{1.0.2t,1.1.0l,1.1.1d}: multiple vulnerabilities (CVE-2019-{1547,1549,1563})
Summary: <dev-libs/openssl-{1.0.2t,1.1.0l,1.1.1d}: multiple vulnerabilities (CVE-2019-...
Status: RESOLVED FIXED
Alias: CVE-2019-1547, CVE-2019-1549, CVE-2019-1563
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://www.openssl.org/news/secadv/2...
Whiteboard: A3 [glsa+ cve]
Keywords:
Depends on: 694512
Blocks:
  Show dependency tree
 
Reported: 2019-09-12 14:05 UTC by GLSAMaker/CVETool Bot
Modified: 2019-11-07 19:10 UTC (History)
1 user (show)

See Also:
Package list:
dev-libs/openssl-1.0.2t-r1 dev-libs/openssl-compat-1.0.2t-r1 amd64 x86
Runtime testing required: ---
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2019-09-12 14:05:15 UTC
CVE-2019-1547 (https://nvd.nist.gov/vuln/detail/CVE-2019-1547):
  Normally in OpenSSL EC groups always have a co-factor present and this is
  used in side channel resistant code paths. However, in some cases, it is
  possible to construct a group using explicit parameters (instead of using a
  named curve). In those cases it is possible that such a group does not have
  the cofactor present. This can occur even where all the parameters match a
  known named curve. If such a curve is used then OpenSSL falls back to
  non-side channel resistant code paths which may result in full key recovery
  during an ECDSA signature operation. In order to be vulnerable an attacker
  would have to have the ability to time the creation of a large number of
  signatures where explicit parameters with no co-factor present are in use by
  an application using libcrypto. For the avoidance of doubt libssl is not
  vulnerable because explicit parameters are never used. Fixed in OpenSSL
  1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected
  1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).

CVE-2019-1549 (https://nvd.nist.gov/vuln/detail/CVE-2019-1549):
  OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was
  intended to include protection in the event of a fork() system call in order
  to ensure that the parent and child processes did not share the same RNG
  state. However this protection was not being used in the default case. A
  partial mitigation for this issue is that the output from a high precision
  timer is mixed into the RNG state so the likelihood of a parent and child
  process sharing state is significantly reduced. If an application already
  calls OPENSSL_init_crypto() explicitly using OPENSSL_INIT_ATFORK then this
  problem does not occur at all. Fixed in OpenSSL 1.1.1d (Affected
  1.1.1-1.1.1c).

CVE-2019-1563 (https://nvd.nist.gov/vuln/detail/CVE-2019-1563):
  In situations where an attacker receives automated notification of the
  success or failure of a decryption attempt an attacker, after sending a very
  large number of messages to be decrypted, can recover a CMS/PKCS7
  transported encryption key or decrypt any RSA encrypted message that was
  encrypted with the public RSA key, using a Bleichenbacher padding oracle
  attack. Applications are not affected if they use a certificate together
  with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to
  select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d
  (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k).
  Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).
Comment 1 Thomas Deutschmann gentoo-dev Security 2019-09-12 14:08:31 UTC
@ arches,

please test and mark stable:

=dev-libs/openssl-1.0.2t
=dev-libs/openssl-compat-1.0.2t
Comment 2 Thomas Deutschmann gentoo-dev Security 2019-09-12 14:08:58 UTC
New GLSA request filed
Comment 3 Thomas Deutschmann gentoo-dev Security 2019-09-13 00:01:25 UTC
x86 stable
Comment 4 Agostino Sarubbo gentoo-dev 2019-09-13 12:02:05 UTC
ppc stable
Comment 5 Agostino Sarubbo gentoo-dev 2019-09-13 12:03:48 UTC
ppc64 stable
Comment 6 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2019-09-13 12:09:22 UTC
amd64 stable
Comment 7 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2019-09-13 12:12:52 UTC
amd64 stable
Comment 8 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2019-09-13 12:15:44 UTC
amd64 stable
Comment 9 Rolf Eike Beer 2019-09-13 16:10:21 UTC
hppa/sparc stable
Comment 10 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2019-09-13 17:37:34 UTC
arm stable
Comment 11 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2019-09-13 18:02:31 UTC
arm64 stable
Comment 12 Sergei Trofimovich gentoo-dev 2019-09-16 22:09:20 UTC
ia64 stable
Comment 13 Agostino Sarubbo gentoo-dev 2019-09-20 12:10:11 UTC
s390 stable.

Maintainer(s), please cleanup.
Comment 14 Matt Turner gentoo-dev 2019-09-21 00:59:57 UTC
alpha stable
Comment 15 Larry the Git Cow gentoo-dev 2019-10-01 19:38:54 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3d99ea55293be1ceee8e535de7db09265b7c85ec

commit 3d99ea55293be1ceee8e535de7db09265b7c85ec
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2019-10-01 19:38:36 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2019-10-01 19:38:36 +0000

    dev-libs/openssl: security cleanup (#694162)
    
    Bug: https://bugs.gentoo.org/694162
    Package-Manager: Portage-2.3.76, Repoman-2.3.17
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 dev-libs/openssl/Manifest                 |  12 --
 dev-libs/openssl/openssl-1.0.2r.ebuild    | 309 -----------------------------
 dev-libs/openssl/openssl-1.0.2s-r2.ebuild | 318 ------------------------------
 dev-libs/openssl/openssl-1.1.0k-r1.ebuild | 300 ----------------------------
 dev-libs/openssl/openssl-1.1.1c-r1.ebuild | 296 ---------------------------
 5 files changed, 1235 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c73656df4b2d217d438a6fb8a07d2894dd07e900

commit c73656df4b2d217d438a6fb8a07d2894dd07e900
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2019-10-01 19:36:03 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2019-10-01 19:36:03 +0000

    dev-libs/openssl: m68k/sh stable (#694162)
    
    Bug: https://bugs.gentoo.org/694162
    Package-Manager: Portage-2.3.76, Repoman-2.3.17
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 dev-libs/openssl/openssl-1.0.2t-r1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b91192d5d750dadc3673000dc065cf42f750da35

commit b91192d5d750dadc3673000dc065cf42f750da35
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2019-10-01 19:34:22 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2019-10-01 19:34:22 +0000

    dev-libs/openssl-compat: security cleanup (#694162)
    
    Bug: https://bugs.gentoo.org/694162
    Package-Manager: Portage-2.3.76, Repoman-2.3.17
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 dev-libs/openssl-compat/Manifest                   |   8 -
 .../openssl-compat/openssl-compat-1.0.2r.ebuild    | 249 --------------------
 .../openssl-compat/openssl-compat-1.0.2s-r1.ebuild | 256 ---------------------
 3 files changed, 513 deletions(-)
Comment 16 GLSAMaker/CVETool Bot gentoo-dev 2019-11-07 19:10:19 UTC
This issue was resolved and addressed in
 GLSA 201911-04 at https://security.gentoo.org/glsa/201911-04
by GLSA coordinator Aaron Bauman (b-man).