Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 550288 (CVE-2015-2721, CVE-2015-4000) - <dev-libs/nss-3.19.2: Multiple vulnerabilities (CVE-2015-{2721,4000})
Summary: <dev-libs/nss-3.19.2: Multiple vulnerabilities (CVE-2015-{2721,4000})
Status: RESOLVED FIXED
Alias: CVE-2015-2721, CVE-2015-4000
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://weakdh.org/
Whiteboard: A2 [glsa cve blocked]
Keywords:
Depends on: CVE-2016-5285, CVE-2016-8635
Blocks:
  Show dependency tree
 
Reported: 2015-05-24 08:33 UTC by Stephan Litterst
Modified: 2017-01-19 19:21 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Stephan Litterst 2015-05-24 08:33:26 UTC
The current firefox version is vulnerable to Logjam and can be tricked into using weak encryption.
You can check this at https://weakdh.org/ using firefox 31.7.0

Reproducible: Always
Comment 1 charles17 2015-05-24 09:12:26 UTC
According to https://github.com/martinthomson/disable-dhe there will be a fix in Firefox 39 but an extension is already available on 
https://addons.mozilla.org//firefox/addon/disable-dhe/
Comment 2 Alex Xu (Hello71) 2015-05-24 13:46:01 UTC
bug is probably in nss.
Comment 3 Ian Stakenvicius gentoo-dev 2015-05-24 22:40:52 UTC
(In reply to Alex Xu (Hello71) from comment #2)
> bug is probably in nss.

Well, nss-3.19 is supposed to be what's in firefox-39 according to what I found in bugzilla, but it doesn't resolve this.  

If stabilizing newer version of NSS isn't a reasonable solution, mozilla team can look into forcing off security.ssl3.dhe_rsa_aes_{128,256}_sha options in gentoo's prefs.js.  I would do this immediately but I don't know what other side-effects it might have, so mozilla team will need to discuss first.

Note that firefox-bin seems to suffer from this too, btw.
Comment 4 Ian Stakenvicius gentoo-dev 2015-05-27 16:42:53 UTC
I've committed nss-3.19-r1 to the tree, that contains a backport of the commit from nss-3.19.1 which increases rsa and DH minimum key size to 1024.  That'll take care of ~arch and source builds for now, at least.

firefox-bin (and thunderbird-bin/seamonkey-bin i assume but haven't checked) will need a prefs.js setting to disable the dhe options until they bundle nss-3.19.1; i'm looking into that.
Comment 5 georg 2015-05-29 19:59:07 UTC
There is no glsa for this CVE

www-client/firefox-31.7.0::gentoo

security.ssl3.dhe_rsa_aes_128_sha false
security.ssl3.dhe_rsa_aes_256_sha false

hammerhead georg # glsa-check -l
[A] means this GLSA was marked as applied (injected),
[U] means the system is not affected and
[N] indicates that the system might be affected.

hammerhead georg # 

https://www.ssllabs.com/ssltest/viewMyClient.html 
tells me i am affected due to the disabled ciphers.
Comment 6 Ian Stakenvicius gentoo-dev 2015-05-29 20:29:47 UTC
(In reply to georg from comment #5)
> There is no glsa for this CVE
> 
> www-client/firefox-31.7.0::gentoo
> 
> security.ssl3.dhe_rsa_aes_128_sha false
> security.ssl3.dhe_rsa_aes_256_sha false
> 
> hammerhead georg # glsa-check -l
> [A] means this GLSA was marked as applied (injected),
> [U] means the system is not affected and
> [N] indicates that the system might be affected.
> 
> hammerhead georg # 
> 
> https://www.ssllabs.com/ssltest/viewMyClient.html 
> tells me i am affected due to the disabled ciphers.


Well that's because there's no CVE :)  

Although this is a security bug, the solution hasn't been fully implemented (and actually it hasn't even been fully decided on) yet.  Mozilla's fix is two versions away, ~arch is covered right now by dev-libs/nss-3.19-r1 but it will take a bit of time to determine if that is ok to stabilize, and the *-bin packages still need their own fix.  GLSAs are not posted until there is a fully implemented fix.
Comment 7 georg 2015-05-31 05:52:34 UTC
To my knowledge there it is
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000

See also #550180 for filezilla
Comment 8 Ian Stakenvicius gentoo-dev 2015-05-31 13:54:49 UTC
(In reply to georg from comment #7)
> To my knowledge there it is
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000
> 
> See also #550180 for filezilla

works for me!  Updating status line.  security@, please fix whiteboard/keywords please?
Comment 9 Ian Stakenvicius gentoo-dev 2015-06-01 21:15:48 UTC
nss-3.19.1 released and committed to the tree (i dropped 3.19-r1 since the upstream release is better).

I've also revbumped firefox-bin and seamonkey-bin with prefs-based fixes to disable the vulnerable cyphersuites.  Thunderbird-bin is in progress, unfortunately it has a -lot- more cypher suites and figuring out which ones are vulnerable is proving a bit difficult for me.
Comment 10 Yury German Gentoo Infrastructure gentoo-dev Security 2015-07-05 20:48:53 UTC
Firefox / Thunderbird fixes have just been entered in to Bug #554036.
I am removing the firefox / thunderbird from this bug and setting dependency on that bug for it. Also adding another CVE that was fixed in 3.19.1 of NSS.

CVE-2015-{2721,4000}
Comment 11 Ian Stakenvicius gentoo-dev 2015-07-07 15:22:15 UTC
nss-3.19.2 recently released (and added to the tree), and as it seems this is a requirement of the new stable candidate, arches please stabilize =dev-libs/nss-3.19.2
Comment 12 Jeroen Roovers gentoo-dev 2015-07-08 04:18:10 UTC
Stable for HPPA.
Comment 13 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2015-07-08 08:57:46 UTC
amd64 stable
Comment 14 Jeroen Roovers gentoo-dev 2015-07-09 05:50:11 UTC
Stable for PPC64.
Comment 15 Tobias Klausmann gentoo-dev 2015-07-14 15:32:13 UTC
Stable on alpha (took dev-libs/nspr-4.10.8 along as a dep).
Comment 16 Agostino Sarubbo gentoo-dev 2015-07-18 19:32:56 UTC
x86 stable
Comment 17 Agostino Sarubbo gentoo-dev 2015-07-20 08:27:53 UTC
ppc stable
Comment 18 Agostino Sarubbo gentoo-dev 2015-07-23 09:37:47 UTC
sparc stable
Comment 19 Markus Meier gentoo-dev 2015-07-25 15:53:53 UTC
arm stable, all arches done.
Comment 20 Yury German Gentoo Infrastructure gentoo-dev Security 2015-08-05 06:18:51 UTC
Arches, Thank you for your work.
Added to an existing GLSA Request.

Maintainer(s), please drop the vulnerable version(s).
Comment 21 Yury German Gentoo Infrastructure gentoo-dev Security 2015-09-08 05:54:37 UTC
Maintainer(s), Thank you for you for cleanup.
Comment 22 GLSAMaker/CVETool Bot gentoo-dev 2017-01-19 19:21:55 UTC
This issue was resolved and addressed in
 GLSA 201701-46 at https://security.gentoo.org/glsa/201701-46
by GLSA coordinator Thomas Deutschmann (whissi).