Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 223429 (CVE-2008-0891) - dev-libs/openssl >=0.9.8f <0.9.8g-r2 Denial of Service vulnerabilities (CVE-2008-0891, CVE-2008-1672)
Summary: dev-libs/openssl >=0.9.8f <0.9.8g-r2 Denial of Service vulnerabilities (CVE-2...
Alias: CVE-2008-0891
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
Whiteboard: A3 [glsa]
Depends on:
Reported: 2008-05-24 12:42 UTC by Robert Buchholz (RETIRED)
Modified: 2020-04-09 06:40 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---

openssl-0.9.8g-CVE-2008-0891.patch (openssl-0.9.8g-CVE-2008-0891.patch,1.21 KB, patch)
2008-05-26 11:13 UTC, Robert Buchholz (RETIRED)
no flags Details | Diff
openssl-0.9.8g-CVE-2008-1672.patch (openssl-0.9.8g-CVE-2008-1672.patch,1.52 KB, patch)
2008-05-26 11:13 UTC, Robert Buchholz (RETIRED)
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Buchholz (RETIRED) gentoo-dev 2008-05-24 12:42:25 UTC
Mark J Cox gave us a heads-up on an OpenSSL flaw possibly resulting in a Denial of Service.

Details will be disclosed to us on Monday, and are not to be publicised until Wednesday.
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2008-05-26 11:09:31 UTC
OpenSSL Server Name extension crash

Testing using the Codenomicon TLS test suite discovered a flaw in the
handling of server name extension data in OpenSSL 0.9.8f and OpenSSL
0.9.8g.  If OpenSSL has been compiled using the non-default TLS server
name extensions, a remote attacker could send a carefully crafted
packet to a server application using OpenSSL and cause a crash.

Please note this issue does not affect any other released versions of
OpenSSL, and does not affect versions compiled without TLS server name


OpenSSL Omit Server Key Exchange message crash

Testing using the Codenomicon TLS test suite discovered a flaw if the
'Server Key exchange message' is omitted from a TLS handshake in
OpenSSL 0.9.8f and OpenSSL 0.9.8g.  If a client connects to a
malicious server with particular cipher suites, the server could cause
the client to crash.  (CVE-2008-1672).
Comment 2 Robert Buchholz (RETIRED) gentoo-dev 2008-05-26 11:11:17 UTC
vapier, do we support these "non-default TLS server name extensions"?

I'll attach upstream patches, please prepare ebuilds and we can do prestable testing on this bug. Do not commit anything to CVS yet.
Comment 3 Robert Buchholz (RETIRED) gentoo-dev 2008-05-26 11:13:04 UTC
Created attachment 154341 [details, diff]
Comment 4 Robert Buchholz (RETIRED) gentoo-dev 2008-05-26 11:13:20 UTC
Created attachment 154343 [details, diff]
Comment 5 Doug Goldstein (RETIRED) gentoo-dev 2008-05-26 14:42:16 UTC
(In reply to comment #2)
> vapier, do we support these "non-default TLS server name extensions"?
> I'll attach upstream patches, please prepare ebuilds and we can do prestable
> testing on this bug. Do not commit anything to CVS yet.

Yes we do in 0.9.8g and 0.9.8g-r1
Comment 6 Robert Buchholz (RETIRED) gentoo-dev 2008-05-26 22:26:40 UTC
(In reply to comment #5)
> Yes we do in 0.9.8g and 0.9.8g-r1

Thanks for the info. Since the embargo is off in ~36 hours, let me know if you intend to do prestable testing (preferred by security), or want to bump to the release directly in the tree. In case of the former, attach ebuild incorporating the patches to this bug.
Comment 7 Matthias Geerdsen (RETIRED) gentoo-dev 2008-05-28 11:29:17 UTC
This is now public via

0.9.8h has been released to adress the issue, please bump the ebuild.
Comment 8 Doug Goldstein (RETIRED) gentoo-dev 2008-05-29 15:15:14 UTC
Well to further complicate this, I'm having several SSL services that are no longer accessible from a client using openssl 0.9.8h while they're accessible from all versions below 0.9.8h. I don't know if this relates to tlsext but infra will be interested since one of my affected services is LDAP.
Comment 9 Robert Buchholz (RETIRED) gentoo-dev 2008-05-30 05:13:15 UTC
Doug, do you experience the same issues using 0.9.8g + the patches on the bug?
Comment 10 SpanKY gentoo-dev 2008-05-30 21:07:08 UTC
even though we have 0.9.8h, it's way too new to consider for stable ... we should apply the patches to 0.9.8g

if Doug could get back to us quickly, that'd be good ...
Comment 11 Doug Goldstein (RETIRED) gentoo-dev 2008-05-30 21:15:04 UTC
yeah yeah. Gimme a minute. I had a busy day today.
Comment 12 Doug Goldstein (RETIRED) gentoo-dev 2008-05-30 21:28:34 UTC
Alright. We look golden. My issue is obviously something in 0.9.8h not related to the security fixes. I'll just make a new bug on that to figure it out. Who knows, maybe upstream is already aware.

Anyway, I had to strip out the diff for CHANGES to get the patches to apply. But I added them to openssl-0.9.8g-r2 to the tree.
Comment 13 Robert Buchholz (RETIRED) gentoo-dev 2008-05-31 08:02:40 UTC
Thanks for bumping!

Arches, please test and mark stable:
Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 release s390 sh sparc x86"
Comment 14 Christian Faulhammer (RETIRED) gentoo-dev 2008-05-31 13:37:35 UTC
x86 stable
Comment 15 Markus Rothe (RETIRED) gentoo-dev 2008-05-31 19:59:27 UTC
ppc64 stable
Comment 16 Jonas Pedersen 2008-05-31 21:27:31 UTC
dev-libs/openssl-0.9.8g-r2  USE="kerberos (sse2) test zlib -bindist -gmp"

1. Emerges on AMD64. 
2. No collisions and passes tests etc. 
3. OpenSSH still works after upgrade and OpenSSH builds against the upgraded OpenSSL package. 

Portage (default-linux/amd64/2007.0/desktop, gcc-4.1.2, glibc-2.6.1-r0, 2.6.24-gentoo-r2 x86_64)
System uname: 2.6.24-gentoo-r2 x86_64 Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz
Timestamp of tree: Sat, 31 May 2008 16:45:01 +0000
distcc 2.18.3 x86_64-pc-linux-gnu (protocols 1 and 2) (default port 3632) [enabled]
ccache version 2.4 [enabled]
app-shells/bash:     3.2_p33
dev-java/java-config: 1.3.7, 2.1.6
dev-lang/python:     2.4.4-r9
dev-python/pycrypto: 2.0.1-r6
dev-util/ccache:     2.4-r7
sys-devel/autoconf:  2.13, 2.61-r1
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10.1
sys-devel/binutils:  2.18-r1
sys-devel/gcc-config: 1.4.0-r4
sys-devel/libtool:   1.5.26
virtual/os-headers:  2.6.23-r3
CFLAGS="-march=nocona -Os -msse3 -pipe -fomit-frame-pointer"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/config /var/lib/hsqldb"
CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/splash /etc/terminfo /etc/udev/rules.d"
CXXFLAGS="-march=nocona -Os -msse3 -pipe -fomit-frame-pointer"
FEATURES="ccache collision-protect distcc distlocks metadata-transfer multilib-strict parallel-fetch sandbox sfperms strict test unmerge-orphans userfetch"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
USE="X a52 aac acl acpi aiglx alsa amd64 apache2 arts atk berkdb cairo cdr cli cracklib crypt cups dbus dga directfb dri dts dvd dvdr dvdread eds emboss encode evo fam fbcn ffmpeg firefox fortran ftp gd gdbm gif gphoto2 gpm gstreamer gtk hal iconv icq ieee1394 ipv6 isdnlog java jpeg kde kerberos live lm_sensors mad midi mikmod mjpeg mmx mozilla mp2 mp3 mpeg mplayer msn mudflap ncurses nls nptl nptlonly ogg oggvorbis opengl openmp pam pcre pda pdf perl png ppds pppd python qt qt3 qt3support qt4 quicktime readline reflection samba sdl session spell spl sse sse2 sse3 ssl svg tcpd threads tiff truetype unicode vorbis x264 xcomposite xml xorg xscreensaver xv xvid zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="keyboard mouse" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" USERLAND="GNU" VIDEO_CARDS="radeon"

Comment 17 Jeroen Roovers (RETIRED) gentoo-dev 2008-06-01 19:40:11 UTC
I think bug #224407 needs a mention here.
Comment 18 Jeroen Roovers (RETIRED) gentoo-dev 2008-06-02 02:15:16 UTC
Stable for HPPA.
Comment 19 Raúl Porcel (RETIRED) gentoo-dev 2008-06-02 10:01:24 UTC
alpha/ia64/sparc stable
Comment 20 Steve Dibb (RETIRED) gentoo-dev 2008-06-03 14:21:54 UTC
amd64 stable
Comment 21 Tobias Scherbaum (RETIRED) gentoo-dev 2008-06-05 18:08:43 UTC
ppc stable
Comment 22 Peter Volkov (RETIRED) gentoo-dev 2008-06-06 07:49:33 UTC
Fixed in release snapshot.
Comment 23 Robert Buchholz (RETIRED) gentoo-dev 2008-06-23 22:51:47 UTC
GLSA 200806-08.