Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 571086 (CVE-2015-7575, CVE-2016-1938) - <dev-libs/nss-3.21-r2: Weak RSA-MD5 signature allows attack on client certificate authentication (part of SLOTH attack), miscalculations in bignum lib (CVE-2015-7575, CVE-2016-1938)
Summary: <dev-libs/nss-3.21-r2: Weak RSA-MD5 signature allows attack on client certifi...
Status: RESOLVED FIXED
Alias: CVE-2015-7575, CVE-2016-1938
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: http://www.mitls.org/pages/attacks/SLOTH
Whiteboard: A3 [glsa cve blocked]
Keywords:
: 571518 (view as bug list)
Depends on: CVE-2016-5285, CVE-2016-8635
Blocks:
  Show dependency tree
 
Reported: 2016-01-06 16:00 UTC by Hanno Boeck
Modified: 2017-01-19 19:22 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Hanno Boeck gentoo-dev 2016-01-06 16:00:20 UTC
A new paper by the PROSECCO/INRIA research team published at Real World Crypto uncovered various issues with weak hash functions.

One of them is a client impersonation attack enabled by the fact that nss will accept RSA-MD5 signatures for client authentication. nss 3.21 fixes this.

nss 3.21 is already in the tree, but not yet stabilized. The Mozilla upstream bug report is still private:
https://bugzilla.mozilla.org/show_bug.cgi?id=1158489

We should stabilize nss 3.21.
Comment 1 Sebastian Pipping gentoo-dev 2016-01-06 18:58:40 UTC
According to what [1] reads right now, these Gentoo packages are also affected:

  net-libs/mbedtls-2.1.3
  net-libs/polarssl (all versions)
  dev-java/oracle-jdk-bin:1.8
  dev-java/oracle-jre-bin:1.8

Should those be dedicated bug reports or should this very ticket handle them all?


[1] http://www.mitls.org/pages/attacks/SLOTH#disclosure
Comment 2 Kristian Fiskerstrand gentoo-dev Security 2016-01-07 09:27:36 UTC
(In reply to Sebastian Pipping from comment #1)

> 
> Should those be dedicated bug reports or should this very ticket handle them
> all?

The cleanest by far is dedicated bug reports and blocking a tracker bug for the overall issue.
Comment 3 Ian Stakenvicius gentoo-dev 2016-01-29 04:58:47 UTC
I got the OK from vapier that the changes he made to nss-3.21-r2 should be good to go for stabilization, let's do it:

Arches, please stabilize =dev-libs/nss-3.21-r2
Comment 4 Jeroen Roovers gentoo-dev 2016-01-30 07:52:11 UTC
Stable for HPPA.
Comment 5 Hanno Boeck gentoo-dev 2016-01-30 10:20:28 UTC
3.21 fixes another vuln (found by me actually), I'll just add the CVE to the description here.
Comment 6 Tobias Klausmann gentoo-dev 2016-01-30 16:41:51 UTC
Stable on alpha.
Comment 7 Jeroen Roovers gentoo-dev 2016-01-31 09:57:49 UTC
Stable for PPC64.
Comment 8 Agostino Sarubbo gentoo-dev 2016-01-31 11:10:18 UTC
amd64 stable
Comment 9 Agostino Sarubbo gentoo-dev 2016-01-31 11:11:26 UTC
x86 stable
Comment 10 Markus Meier gentoo-dev 2016-02-03 20:45:00 UTC
arm stable
Comment 11 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2016-02-20 05:32:51 UTC
*** Bug 571518 has been marked as a duplicate of this bug. ***
Comment 12 Agostino Sarubbo gentoo-dev 2016-03-16 12:05:15 UTC
ppc stable
Comment 13 Agostino Sarubbo gentoo-dev 2016-03-19 11:37:36 UTC
sparc stable
Comment 14 Agostino Sarubbo gentoo-dev 2016-03-20 12:01:38 UTC
ia64 stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 15 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2016-11-27 11:06:29 UTC
3.20 is still in the tree...

@maintainer(s), can you please clean this?
Comment 16 GLSAMaker/CVETool Bot gentoo-dev 2017-01-19 19:22:03 UTC
This issue was resolved and addressed in
 GLSA 201701-46 at https://security.gentoo.org/glsa/201701-46
by GLSA coordinator Thomas Deutschmann (whissi).