Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 717442 (CVE-2020-1967) - <dev-libs/openssl-1.1.1g: Segmentation fault in SSL_check_chain (CVE-2020-1967)
Summary: <dev-libs/openssl-1.1.1g: Segmentation fault in SSL_check_chain (CVE-2020-1967)
Status: RESOLVED FIXED
Alias: CVE-2020-1967
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://www.openssl.org/news/secadv/2...
Whiteboard: A3 [glsa+ cve]
Keywords: CC-ARCHES
Depends on: 719688
Blocks:
  Show dependency tree
 
Reported: 2020-04-14 13:41 UTC by Sam James
Modified: 2020-06-09 20:03 UTC (History)
2 users (show)

See Also:
Package list:
dev-libs/openssl-1.1.1g amd64 arm arm64 hppa ppc ppc64 s390 sparc x86
Runtime testing required: ---
nattka: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester gentoo-dev Security 2020-04-14 13:41:46 UTC
From mail to openssl-announce:

The OpenSSL project team would like to announce the forthcoming release
of OpenSSL version 1.1.1g.

This release will be made available on Tuesday 21st April 2020 between
1300-1700 UTC.

OpenSSL 1.1.g is a security-fix release. The highest severity issue
fixed in this release is HIGH:
https://www.openssl.org/policies/secpolicy.html#high
Comment 1 Sam James archtester gentoo-dev Security 2020-04-21 13:25:58 UTC
Description:
"Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Reported by Bernd Edlinger."

Patch: https://github.com/openssl/openssl/commit/eb563247aef3e83dda7679c43f9649270462e5b1

Affected: 1.1.1d - 1.1.1f

@maintainer(s), please create an appropriate ebuild (1.1.1g, just released).
Comment 2 Larry the Git Cow gentoo-dev 2020-04-21 14:10:42 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=43795668935812c25e76cc2bca2758347b6357a6

commit 43795668935812c25e76cc2bca2758347b6357a6
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2020-04-21 14:05:53 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2020-04-21 14:10:34 +0000

    dev-libs/openssl: bump to v1.1.1g
    
    Bug: https://bugs.gentoo.org/717442
    Package-Manager: Portage-2.3.99, Repoman-2.3.22
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 dev-libs/openssl/Manifest              |   1 +
 dev-libs/openssl/openssl-1.1.1g.ebuild | 324 +++++++++++++++++++++++++++++++++
 2 files changed, 325 insertions(+)
Comment 3 Thomas Deutschmann gentoo-dev Security 2020-04-21 14:12:16 UTC
This affects TLS 1.3 only.
Comment 4 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2020-04-22 13:55:12 UTC
amd64 stable
Comment 5 Rolf Eike Beer 2020-04-22 16:04:41 UTC
sparc stable
Comment 6 Sam James archtester gentoo-dev Security 2020-04-22 16:42:13 UTC
arm64 stable
Comment 7 Agostino Sarubbo gentoo-dev 2020-04-23 06:22:51 UTC
arm stable
Comment 8 Agostino Sarubbo gentoo-dev 2020-04-23 06:27:33 UTC
s390 stable
Comment 9 Agostino Sarubbo gentoo-dev 2020-04-23 06:30:53 UTC
x86 stable
Comment 10 GLSAMaker/CVETool Bot gentoo-dev 2020-04-23 14:22:08 UTC
This issue was resolved and addressed in
 GLSA 202004-10 at https://security.gentoo.org/glsa/202004-10
by GLSA coordinator Thomas Deutschmann (whissi).
Comment 11 Thomas Deutschmann gentoo-dev Security 2020-04-23 14:22:47 UTC
Re-opening for remaining architectures.
Comment 12 Rolf Eike Beer 2020-04-26 09:22:11 UTC
hppa stable, forgot to un-CC
Comment 13 Sam James archtester gentoo-dev Security 2020-05-26 16:12:23 UTC
@ppc, ppc64: ping
Comment 14 Georgy Yakovlev gentoo-dev 2020-05-29 17:51:13 UTC
on both little-endian and big-endian ppc64 same test failure

../test/recipes/30-test_afalg.t ....................
Dubious, test returned 1 (wstat 256, 0x100)
Failed 1/1 subtests
Comment 15 Georgy Yakovlev gentoo-dev 2020-05-29 18:58:33 UTC
ppc64 stable
ppc stable

arches done, security please proceed.
Comment 16 Sam James archtester gentoo-dev Security 2020-06-04 17:14:02 UTC
(In reply to Georgy Yakovlev from comment #15)
> ppc64 stable
> ppc stable
> 
> arches done, security please proceed.

Thanks.

@maintainer(s), please cleanup
Comment 17 Larry the Git Cow gentoo-dev 2020-06-04 17:53:39 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9bce053e42181beb3ae28cc8585516202954a248

commit 9bce053e42181beb3ae28cc8585516202954a248
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2020-06-04 17:53:01 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2020-06-04 17:53:01 +0000

    dev-libs/openssl: security cleanup
    
    Bug: https://bugs.gentoo.org/717442
    Package-Manager: Portage-2.3.100, Repoman-2.3.22
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 dev-libs/openssl/Manifest                          |   3 -
 ...sl-1.1.1d-config-Drop-linux-alpha-gcc-bwx.patch |  42 ---
 ...x-potential-memleaks-w-BN_to_ASN1_INTEGER.patch | 107 -------
 .../openssl/files/openssl-1.1.1d-fix-zlib.patch    |  52 ----
 ...stitched-AES-CBC-HMAC-SHA-implementations.patch |  62 ----
 dev-libs/openssl/openssl-1.1.1d-r3.ebuild          | 328 ---------------------
 dev-libs/openssl/openssl-1.1.1f.ebuild             | 324 --------------------
 7 files changed, 918 deletions(-)
Comment 18 Sam James archtester gentoo-dev Security 2020-06-09 20:03:17 UTC
All done.