Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 525468 (CVE-2014-3566) - <dev-libs/openssl-1.0.1j: multiple vulnerabilities (CVE-2014-{3513,3567,3568})
Summary: <dev-libs/openssl-1.0.1j: multiple vulnerabilities (CVE-2014-{3513,3567,3568})
Status: RESOLVED FIXED
Alias: CVE-2014-3566
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://www.openssl.org/news/secadv_2...
Whiteboard: A3 [glsa]
Keywords:
: 525484 525686 (view as bug list)
Depends on:
Blocks:
 
Reported: 2014-10-15 08:06 UTC by Agostino Sarubbo
Modified: 2015-06-06 23:14 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2014-10-15 08:06:37 UTC
From ${URL} :

Bodo Möller, Thai Duong and Krzysztof Kotowicz of Google discovered a flaw in the design of SSL 
version 3.0 that would allow an attacker to calculate the plaintext of secure connections, 
allowing, for example, secure HTTP cookies to be stolen.

References:
http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html
https://www.openssl.org/~bodo/ssl-poodle.pdf


Upstream patch:

master:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=cf6da05304d554aaa885151451aa4ecaa977e601

OpenSSL-1.0.1
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=6bfe55380abbf7528e04e59f18921bd6c896af1c

OpenSSL-0.9.8:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=c6a876473cbff0fd323c8abcaace98ee2d21863d
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=dc5dfe431cffbc1fa8eeead0853bd03395e52e71


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Stefan Behte (RETIRED) gentoo-dev Security 2014-10-15 10:15:22 UTC
Also see #525484
Comment 2 Stefan Behte (RETIRED) gentoo-dev Security 2014-10-15 13:43:22 UTC
*** Bug 525484 has been marked as a duplicate of this bug. ***
Comment 3 Stefan Behte (RETIRED) gentoo-dev Security 2014-10-15 13:44:20 UTC
@base-system: go ahead :)
Comment 4 Stefan Behte (RETIRED) gentoo-dev Security 2014-10-15 13:45:56 UTC
There are some more DOS issues fixed, so it's not just information leakage.
Comment 5 Lars Wendler (Polynomial-C) gentoo-dev 2014-10-15 16:31:35 UTC
+*openssl-1.0.1j (15 Oct 2014)
+*openssl-1.0.0o (15 Oct 2014)
+*openssl-0.9.8z_p3 (15 Oct 2014)
+
+  15 Oct 2014; Lars Wendler <polynomial-c@gentoo.org>
+  +openssl-0.9.8z_p3.ebuild, -openssl-1.0.0m.ebuild, -openssl-1.0.0n.ebuild,
+  +openssl-1.0.0o.ebuild, +openssl-1.0.1j.ebuild, -openssl-1.0.2_beta2.ebuild,
+  -files/openssl-1.0.2_beta2-revert-alpha-perl-generation.patch:
+  Security bump (bug #525468). Fixes CVE-2014-{3513,3515,3566,3567,3568}.
+

Arches please test and mark stable the following list of ebuilds:

=dev-libs/openssl-0.9.8z_p3 (=openssl-0.9.8zc)
=dev-libs/openssl-1.0.1j

Target KEYWORDS are:

alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux
Comment 6 Agostino Sarubbo gentoo-dev 2014-10-15 19:02:40 UTC
amd64 stable
Comment 7 Agostino Sarubbo gentoo-dev 2014-10-15 19:03:38 UTC
x86 stable
Comment 8 Tobias Klausmann gentoo-dev 2014-10-16 10:28:17 UTC
Both stable on alpha.
Comment 9 Hanno Böck gentoo-dev 2014-10-16 11:34:45 UTC
It should be noted that this does not really fix CVE-2014-3566 aka POODLE. SCSV is merely a workaround for the "protocol dance" "feature" of browsers.

The real fix is to disable SSLv3. I would propose the following: The openssl ebuild should be compiled with disable-ssl3 by default and for backwards compatibility a useflag could be added ("insecure-ssl3" maybe, it should be made clear to users that SSLv3 is always risky and should be avoided). I'm currently testing openssl with ssl3 disabled on some servers, so far it seems tow
Comment 10 Stefan Behte (RETIRED) gentoo-dev Security 2014-10-16 12:02:22 UTC
Hanno, thanks for your input! I just wanted to push this issue because of the DOS vulnerabilites.
Comment 11 Jeroen Roovers gentoo-dev 2014-10-16 15:27:25 UTC
Stable for HPPA.
Comment 12 Hanno Böck gentoo-dev 2014-10-16 20:00:52 UTC
@craig fast update is fine, but I think we should consider doing more.

I also just found out that OpenSSL by default not only enables SSLv3 but also the (even more broken) SSLv2. I propose the same thing: Provide a use-flag (maybe some people need it for some testing), but disable it by default.
Comment 13 Lars Wendler (Polynomial-C) gentoo-dev 2014-10-16 21:03:38 UTC
(In reply to Hanno Boeck from comment #12)
> @craig fast update is fine, but I think we should consider doing more.
> 
> I also just found out that OpenSSL by default not only enables SSLv3 but
> also the (even more broken) SSLv2. I propose the same thing: Provide a
> use-flag (maybe some people need it for some testing), but disable it by
> default.

Hanno, what you're asking for is handled in bug #510798. Please move the conversation over to that bug and maybe provide ebuild patches.
Comment 14 Anthony Basile gentoo-dev 2014-10-17 12:37:14 UTC
stable on ppc and ppc64
Comment 15 Jeroen Roovers gentoo-dev 2014-10-17 21:03:36 UTC
*** Bug 525686 has been marked as a duplicate of this bug. ***
Comment 16 Agostino Sarubbo gentoo-dev 2014-10-18 14:07:05 UTC
ia64 stable
Comment 17 Agostino Sarubbo gentoo-dev 2014-10-18 14:11:15 UTC
sparc stable
Comment 18 Markus Meier gentoo-dev 2014-10-22 19:18:24 UTC
arm stable, all arches done.
Comment 19 Sean Amoss gentoo-dev Security 2014-12-19 22:09:49 UTC
Maintainers, please clean up vulnerable versions for this bug and bug 519264:

=dev-libs/openssl-0.9.8z_p1-r2
=dev-libs/openssl-1.0.1i
Comment 20 GLSAMaker/CVETool Bot gentoo-dev 2014-12-26 01:14:12 UTC
This issue was resolved and addressed in
 GLSA 201412-39 at http://security.gentoo.org/glsa/glsa-201412-39.xml
by GLSA coordinator Sean Amoss (ackle).
Comment 21 Sean Amoss gentoo-dev Security 2014-12-26 01:18:33 UTC
Re-opening until vulnerable versions are dropped.
Comment 22 GLSAMaker/CVETool Bot gentoo-dev 2015-01-04 00:10:20 UTC
CVE-2014-3513 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3513):
  Memory leak in d1_srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 before
  1.0.1j allows remote attackers to cause a denial of service (memory
  consumption) via a crafted handshake message.
Comment 23 GLSAMaker/CVETool Bot gentoo-dev 2015-01-04 00:50:49 UTC
CVE-2014-3568 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3568):
  OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j does
  not properly enforce the no-ssl3 build option, which allows remote attackers
  to bypass intended access restrictions via an SSL 3.0 handshake, related to
  s23_clnt.c and s23_srvr.c.

CVE-2014-3567 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3567):
  Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL before
  0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote
  attackers to cause a denial of service (memory consumption) via a crafted
  session ticket that triggers an integrity-check failure.
Comment 24 Tobias Heinlein (RETIRED) gentoo-dev 2015-03-20 16:52:06 UTC
Cleanup superseded by bug 543552.