Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 801376 - <net-libs/mbedtls-{2.16.11,2.27.0}: multiple vulnerabilities
Summary: <net-libs/mbedtls-{2.16.11,2.27.0}: multiple vulnerabilities
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor
Assignee: Gentoo Security
URL:
Whiteboard: B4 [glsa+]
Keywords: PullRequest
Depends on:
Blocks:
 
Reported: 2021-07-09 19:11 UTC by John Helmert III
Modified: 2023-01-11 05:25 UTC (History)
3 users (show)

See Also:
Package list:
net-libs/mbedtls-2.16.11 net-libs/mbedtls-2.27.0-r1
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-07-09 19:11:35 UTC
Two high severity advisories:

https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2021-07-1
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2021-07-2

And these in 2.27.0 changelog:

Fix a bias in the generation of finite-field Diffie-Hellman-Merkle (DHM)
private keys and of blinding values for DHM and elliptic curves (ECP)
computations. Reported by FlorianF89 in #4245.

Fix a potential side channel vulnerability in ECDSA ephemeral key generation.
An adversary who is capable of very precise timing measurements could
learn partial information about the leading bits of the nonce used for the
signature, allowing the recovery of the private key after observing a
large number of signature operations. This completes a partial fix in
Mbed TLS 2.20.0. 

2.16.11 has these:

It was possible to configure MBEDTLS_ECP_MAX_BITS to a value that is
too small, leading to buffer overflows in ECC operations. Fail the build
in such a case.

An adversary with access to precise enough information about memory
accesses (typically, an untrusted operating system attacking a secure
enclave) could recover an RSA private key after observing the victim
performing a single private-key operation. Found and reported by
Zili KOU, Wenjian HE, Sharad Sinha, and Wei ZHANG.

An adversary with access to precise enough timing information (typically, a
co-located process) could recover a Curve25519 or Curve448 static ECDH key
after inputting a chosen public key and observing the victim performing the
corresponding private-key operation. Found and reported by Leila Batina,
Lukas Chmielewski, Björn Haase, Niels Samwel and Peter Schwabe.
Comment 1 NATTkA bot gentoo-dev 2021-07-29 17:21:06 UTC Comment hidden (obsolete)
Comment 2 NATTkA bot gentoo-dev 2021-07-29 17:29:14 UTC Comment hidden (obsolete)
Comment 3 NATTkA bot gentoo-dev 2021-07-29 17:37:11 UTC Comment hidden (obsolete)
Comment 4 NATTkA bot gentoo-dev 2021-07-29 17:45:15 UTC Comment hidden (obsolete)
Comment 5 NATTkA bot gentoo-dev 2021-07-29 17:53:17 UTC Comment hidden (obsolete)
Comment 6 NATTkA bot gentoo-dev 2021-07-29 18:01:13 UTC Comment hidden (obsolete)
Comment 7 NATTkA bot gentoo-dev 2021-07-29 18:09:33 UTC Comment hidden (obsolete)
Comment 8 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-08-07 17:04:32 UTC
Please proceed with stabilization when ready.
Comment 9 NATTkA bot gentoo-dev 2021-08-07 17:08:23 UTC Comment hidden (obsolete)
Comment 10 NATTkA bot gentoo-dev 2021-08-07 17:16:37 UTC Comment hidden (obsolete)
Comment 11 Anthony Basile gentoo-dev 2021-08-08 19:56:33 UTC
2.16.11 and 2.27.0-r1 are ready.
Comment 12 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-08-19 01:07:32 UTC
x86 done
Comment 13 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-08-20 23:50:35 UTC
arm done
Comment 14 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-08-23 00:38:12 UTC
amd64 done
Comment 15 ernsteiswuerfel archtester 2021-08-23 22:31:46 UTC
Looking good on ppc.

mbedtls-2.27.0-r1 fails tests like on amd64 (bug #807154).

 # cat mbedtls-801376.report 
USE tests started on Mo 23. Aug 19:48:17 CEST 2021

FEATURES=' test' USE='' succeeded for =net-libs/mbedtls-2.16.11
USE='doc -havege programs -static-libs -threads -zlib' succeeded for =net-libs/mbedtls-2.16.11
USE='doc -havege programs static-libs -threads -zlib' succeeded for =net-libs/mbedtls-2.16.11
USE='doc havege -programs -static-libs threads -zlib' succeeded for =net-libs/mbedtls-2.16.11
USE='doc -havege programs -static-libs threads -zlib' succeeded for =net-libs/mbedtls-2.16.11
USE='doc havege -programs -static-libs -threads zlib' succeeded for =net-libs/mbedtls-2.16.11
USE='doc -havege -programs static-libs -threads zlib' succeeded for =net-libs/mbedtls-2.16.11
USE='-doc havege programs static-libs -threads zlib' succeeded for =net-libs/mbedtls-2.16.11
USE='-doc -havege -programs -static-libs threads zlib' succeeded for =net-libs/mbedtls-2.16.11
USE='-doc -havege programs -static-libs threads zlib' succeeded for =net-libs/mbedtls-2.16.11
USE='doc -havege programs -static-libs threads zlib' succeeded for =net-libs/mbedtls-2.16.11
USE='doc -havege -programs static-libs threads zlib' succeeded for =net-libs/mbedtls-2.16.11
USE='doc havege -programs static-libs threads zlib' succeeded for =net-libs/mbedtls-2.16.11

 FEATURES=' test' failed for =net-libs/mbedtls-2.27.0-r1
USE='-doc havege -programs -static-libs -threads -zlib' succeeded for =net-libs/mbedtls-2.27.0-r1
USE='-doc havege -programs static-libs -threads -zlib' succeeded for =net-libs/mbedtls-2.27.0-r1
USE='doc havege -programs static-libs -threads -zlib' succeeded for =net-libs/mbedtls-2.27.0-r1
USE='doc -havege programs -static-libs threads -zlib' succeeded for =net-libs/mbedtls-2.27.0-r1
USE='-doc havege programs -static-libs threads -zlib' succeeded for =net-libs/mbedtls-2.27.0-r1
USE='-doc -havege -programs static-libs threads -zlib' succeeded for =net-libs/mbedtls-2.27.0-r1
USE='-doc havege -programs static-libs threads -zlib' succeeded for =net-libs/mbedtls-2.27.0-r1
USE='doc havege programs static-libs threads -zlib' succeeded for =net-libs/mbedtls-2.27.0-r1
USE='doc havege programs -static-libs -threads zlib' succeeded for =net-libs/mbedtls-2.27.0-r1
USE='doc -havege -programs static-libs -threads zlib' succeeded for =net-libs/mbedtls-2.27.0-r1
USE='doc havege -programs static-libs -threads zlib' succeeded for =net-libs/mbedtls-2.27.0-r1
USE='-doc havege programs -static-libs threads zlib' succeeded for =net-libs/mbedtls-2.27.0-r1

revdep tests started on Mo 23. Aug 21:29:07 CEST 2021

FEATURES=' test' USE='mbedtls ssl' succeeded for net-proxy/privoxy
FEATURES=' test' USE='-openssl mbedtls' succeeded for net-vpn/openvpn
FEATURES=' test' USE='mbedtls ssl' succeeded for net-libs/libwebsockets
FEATURES=' test' USE='-gcrypt mbedtls' succeeded for net-libs/libssh2
FEATURES=' test' USE='mbedtls ssl' succeeded for net-misc/curl
FEATURES=' test' USE='-gnutls mbedtls ssl tools' succeeded for dev-libs/libzip
FEATURES=' test' USE='mbedtls' succeeded for www-servers/lighttpd
FEATURES=' test' USE='mbedtls' succeeded for dev-libs/libevent
FEATURES=' test' USE='ssl' succeeded for www-client/dillo
FEATURES=' test' USE='mbedtls' succeeded for net-libs/libssh
FEATURES=' test' USE='mbedtls ssl' succeeded for net-misc/curl
FEATURES=' test' USE='mbedtls' succeeded for dev-libs/libevent
FEATURES=' test' USE='mbedtls ssl' succeeded for net-proxy/privoxy
FEATURES=' test' USE='mbedtls ssl' succeeded for net-libs/libwebsockets
FEATURES=' test' USE='mbedtls' succeeded for net-p2p/transmission
FEATURES=' test' USE='mbedtls' succeeded for www-servers/lighttpd
FEATURES=' test' USE='ssl' succeeded for www-client/dillo
FEATURES=' test' USE='-gcrypt mbedtls' succeeded for net-libs/libssh2
FEATURES=' test' USE='-openssl mbedtls' succeeded for net-vpn/openvpn
FEATURES=' test' USE='-gnutls mbedtls ssl tools' succeeded for dev-libs/libzip
Comment 16 ernsteiswuerfel archtester 2021-08-27 17:41:09 UTC
Looking good on ppc64.

 # cat mbedtls-801376.report 
USE tests started on Fr 27. Aug 15:35:08 CEST 2021

FEATURES=' test' USE='' succeeded for =net-libs/mbedtls-2.16.11
USE='doc -havege programs static-libs -threads -zlib' succeeded for =net-libs/mbedtls-2.16.11
USE='doc havege programs static-libs -threads -zlib' succeeded for =net-libs/mbedtls-2.16.11
USE='doc havege -programs -static-libs threads -zlib' succeeded for =net-libs/mbedtls-2.16.11
USE='-doc -havege programs static-libs threads -zlib' succeeded for =net-libs/mbedtls-2.16.11
USE='-doc -havege programs -static-libs -threads zlib' succeeded for =net-libs/mbedtls-2.16.11
USE='doc -havege -programs static-libs -threads zlib' succeeded for =net-libs/mbedtls-2.16.11
USE='doc -havege programs static-libs -threads zlib' succeeded for =net-libs/mbedtls-2.16.11
USE='doc havege -programs -static-libs threads zlib' succeeded for =net-libs/mbedtls-2.16.11
USE='-doc -havege programs -static-libs threads zlib' succeeded for =net-libs/mbedtls-2.16.11
USE='-doc havege -programs static-libs threads zlib' succeeded for =net-libs/mbedtls-2.16.11
USE='doc havege -programs static-libs threads zlib' succeeded for =net-libs/mbedtls-2.16.11
USE='-doc havege programs static-libs threads zlib' succeeded for =net-libs/mbedtls-2.16.11

 FEATURES=' test' failed for =net-libs/mbedtls-2.27.0-r1
USE='-doc havege -programs -static-libs -threads -zlib' succeeded for =net-libs/mbedtls-2.27.0-r1
USE='doc havege -programs -static-libs -threads -zlib' succeeded for =net-libs/mbedtls-2.27.0-r1
USE='-doc -havege programs -static-libs -threads -zlib' succeeded for =net-libs/mbedtls-2.27.0-r1
USE='doc -havege programs -static-libs -threads -zlib' succeeded for =net-libs/mbedtls-2.27.0-r1
USE='-doc havege programs -static-libs -threads -zlib' succeeded for =net-libs/mbedtls-2.27.0-r1
USE='doc havege -programs static-libs -threads -zlib' succeeded for =net-libs/mbedtls-2.27.0-r1
USE='doc -havege programs static-libs -threads -zlib' succeeded for =net-libs/mbedtls-2.27.0-r1
USE='-doc havege programs static-libs -threads -zlib' succeeded for =net-libs/mbedtls-2.27.0-r1
USE='-doc -havege -programs static-libs threads -zlib' succeeded for =net-libs/mbedtls-2.27.0-r1
USE='-doc havege -programs -static-libs -threads zlib' succeeded for =net-libs/mbedtls-2.27.0-r1
USE='-doc -havege -programs -static-libs threads zlib' succeeded for =net-libs/mbedtls-2.27.0-r1
USE='doc havege programs static-libs threads zlib' succeeded for =net-libs/mbedtls-2.27.0-r1

revdep tests started on Fr 27. Aug 17:48:01 CEST 2021

FEATURES=' test' USE='mbedtls ssl' succeeded for net-proxy/privoxy
FEATURES=' test' USE='mbedtls' succeeded for net-p2p/transmission
FEATURES=' test' USE='-gnutls mbedtls ssl tools' succeeded for dev-libs/libzip
FEATURES=' test' USE='-openssl mbedtls' succeeded for net-vpn/openvpn
FEATURES=' test' USE='ssl' succeeded for www-client/dillo
FEATURES=' test' USE='mbedtls' succeeded for net-libs/libssh
FEATURES=' test' USE='-gcrypt mbedtls' succeeded for net-libs/libssh2
FEATURES=' test' USE='mbedtls ssl' succeeded for net-misc/curl
FEATURES=' test' USE='mbedtls' succeeded for dev-libs/libevent
FEATURES=' test' USE='mbedtls' succeeded for www-servers/lighttpd
FEATURES=' test' USE='mbedtls ssl' succeeded for net-misc/curl
FEATURES=' test' USE='-openssl mbedtls' succeeded for net-vpn/openvpn
FEATURES=' test' USE='mbedtls' succeeded for dev-libs/libevent
FEATURES=' test' USE='mbedtls' succeeded for app-crypt/tpm2-tss
FEATURES=' test' USE='-gnutls mbedtls ssl tools' succeeded for dev-libs/libzip
FEATURES=' test' USE='mbedtls' succeeded for net-libs/libssh
FEATURES=' test' USE='ssl' succeeded for www-client/dillo
FEATURES=' test' USE='mbedtls' succeeded for www-servers/lighttpd
FEATURES=' test' USE='mbedtls ssl' succeeded for net-proxy/privoxy
FEATURES=' test' USE='-gcrypt mbedtls' succeeded for net-libs/libssh2
Comment 17 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-08-27 20:06:22 UTC
ppc64 done
Comment 18 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-08-27 20:07:44 UTC
ppc done
Comment 19 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-08-27 20:07:59 UTC
(In reply to ernsteiswuerfel from comment #16)
> Looking good on ppc64.
> 

Thank you for both!
Comment 20 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-09-04 21:35:46 UTC
arm64 done
Comment 21 NATTkA bot gentoo-dev 2021-09-19 07:16:34 UTC Comment hidden (obsolete)
Comment 22 NATTkA bot gentoo-dev 2021-09-19 13:36:40 UTC Comment hidden (obsolete)
Comment 23 NATTkA bot gentoo-dev 2021-09-20 10:32:36 UTC Comment hidden (obsolete)
Comment 24 Agostino Sarubbo gentoo-dev 2021-10-16 07:22:32 UTC
sparc stable.

Maintainer(s), please cleanup.
Security, please vote.
Comment 25 Larry the Git Cow gentoo-dev 2021-10-19 19:39:56 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1cbba573f8561a68fc5ffd554ae72526efa14fd7

commit 1cbba573f8561a68fc5ffd554ae72526efa14fd7
Author:     Jakov Smolić <jsmolic@gentoo.org>
AuthorDate: 2021-10-19 19:29:22 +0000
Commit:     Anthony G. Basile <blueness@gentoo.org>
CommitDate: 2021-10-19 19:39:34 +0000

    net-libs/mbedtls: Security cleanup
    
    Bug: https://bugs.gentoo.org/801376
    Signed-off-by: Jakov Smolić <jsmolic@gentoo.org>
    Signed-off-by: Anthony G. Basile <blueness@gentoo.org>

 net-libs/mbedtls/Manifest               |   2 -
 net-libs/mbedtls/mbedtls-2.16.10.ebuild | 100 -------------------------------
 net-libs/mbedtls/mbedtls-2.26.0.ebuild  | 101 --------------------------------
 3 files changed, 203 deletions(-)
Comment 26 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-10-19 19:44:29 UTC
Thank you!
Comment 27 NATTkA bot gentoo-dev 2021-12-28 15:04:41 UTC
Unable to check for sanity:

> no match for package: net-libs/mbedtls-2.16.11
Comment 28 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-12-22 23:47:42 UTC
GLSA request filed. Still need CVEs, I guess.
Comment 29 Larry the Git Cow gentoo-dev 2023-01-11 05:22:46 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=f524f5fa47d9d739280d4530623a93084918da39

commit f524f5fa47d9d739280d4530623a93084918da39
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2023-01-11 05:19:06 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2023-01-11 05:22:06 +0000

    [ GLSA 202301-08 ] Mbed TLS: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/730752
    Bug: https://bugs.gentoo.org/740108
    Bug: https://bugs.gentoo.org/764317
    Bug: https://bugs.gentoo.org/778254
    Bug: https://bugs.gentoo.org/801376
    Bug: https://bugs.gentoo.org/829660
    Bug: https://bugs.gentoo.org/857813
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 glsa-202301-08.xml | 62 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 62 insertions(+)
Comment 30 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-01-11 05:25:06 UTC
GLSA released, all done!