* CVE-2020-16150 (Local side channel attack on classical CBC decryption in (D)TLS) Description: "An local attacker with access to enough information about the state of the cache (including, but not limited to, an untrusted operating system attacking a secure enclave such as SGX or the TrustZone secure world) can recover portions of the plaintext of a (D)TLS record." Fixed versions: "Affected users will want to upgrade to Mbed TLS 2.24.0, 2.16.8 or 2.7.17 depending on the branch they're currently using." Advisory: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-09-1 * Local side channel attack on RSA and static Diffie-Hellman Description: "An attacker with access to precise enough timing and memory access information (typically an untrusted operating system attacking a secure enclave such as SGX or the TrustZone secure world) can recover the private keys used in RSA or static (finite-field) Diffie-Hellman operations." Fixed versions: "Affected users will want to upgrade to Mbed TLS 2.24.0, 2.16.8 or 2.7.17 depending on the branch they're currently using." Advisory: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-09-2
Please bump to 2.16.8, 2.24.0, thanks!
(In reply to Sam James from comment #1) > Please bump to 2.16.8, 2.24.0, thanks! Okay the bumps are in the tree. I did preliminary testing and everything seems good to go. If you want, go ahead and convert this into a stabilization bug.
Thanks! CC-ARCHES when ready.
arm64 done
arm done
ppc64 stable
x86 stable
ppc stable
amd64 stable, please cleanup
Ping
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a1bdf75cfef9f25bf8ee50237a5620c5a0ec0a84 commit a1bdf75cfef9f25bf8ee50237a5620c5a0ec0a84 Author: John Helmert III <jchelmert3@posteo.net> AuthorDate: 2020-10-30 15:29:24 +0000 Commit: Anthony G. Basile <blueness@gentoo.org> CommitDate: 2020-10-31 12:07:03 +0000 net-libs/mbedtls: security cleanup Bug: https://bugs.gentoo.org/740108 Package-Manager: Portage-3.0.8, Repoman-3.0.2 Signed-off-by: John Helmert III <jchelmert3@posteo.net> Signed-off-by: Anthony G. Basile <blueness@gentoo.org> net-libs/mbedtls/Manifest | 2 - net-libs/mbedtls/mbedtls-2.16.7-r1.ebuild | 94 ------------------------------- net-libs/mbedtls/mbedtls-2.23.0-r1.ebuild | 94 ------------------------------- 3 files changed, 190 deletions(-)
(In reply to Larry the Git Cow from comment #11) > The bug has been referenced in the following commit(s): > > https://gitweb.gentoo.org/repo/gentoo.git/commit/ > ?id=a1bdf75cfef9f25bf8ee50237a5620c5a0ec0a84 > > commit a1bdf75cfef9f25bf8ee50237a5620c5a0ec0a84 > Author: John Helmert III <jchelmert3@posteo.net> > AuthorDate: 2020-10-30 15:29:24 +0000 > Commit: Anthony G. Basile <blueness@gentoo.org> > CommitDate: 2020-10-31 12:07:03 +0000 > > net-libs/mbedtls: security cleanup > > Bug: https://bugs.gentoo.org/740108 > Package-Manager: Portage-3.0.8, Repoman-3.0.2 > Signed-off-by: John Helmert III <jchelmert3@posteo.net> > Signed-off-by: Anthony G. Basile <blueness@gentoo.org> > > net-libs/mbedtls/Manifest | 2 - > net-libs/mbedtls/mbedtls-2.16.7-r1.ebuild | 94 > ------------------------------- > net-libs/mbedtls/mbedtls-2.23.0-r1.ebuild | 94 > ------------------------------- > 3 files changed, 190 deletions(-) Thanks for the reminder.
(In reply to Anthony Basile from comment #12) > (In reply to Larry the Git Cow from comment #11) > > The bug has been referenced in the following commit(s): > > > > https://gitweb.gentoo.org/repo/gentoo.git/commit/ > > ?id=a1bdf75cfef9f25bf8ee50237a5620c5a0ec0a84 > > > > commit a1bdf75cfef9f25bf8ee50237a5620c5a0ec0a84 > > Author: John Helmert III <jchelmert3@posteo.net> > > AuthorDate: 2020-10-30 15:29:24 +0000 > > Commit: Anthony G. Basile <blueness@gentoo.org> > > CommitDate: 2020-10-31 12:07:03 +0000 > > > > net-libs/mbedtls: security cleanup > > > > Bug: https://bugs.gentoo.org/740108 > > Package-Manager: Portage-3.0.8, Repoman-3.0.2 > > Signed-off-by: John Helmert III <jchelmert3@posteo.net> > > Signed-off-by: Anthony G. Basile <blueness@gentoo.org> > > > > net-libs/mbedtls/Manifest | 2 - > > net-libs/mbedtls/mbedtls-2.16.7-r1.ebuild | 94 > > ------------------------------- > > net-libs/mbedtls/mbedtls-2.23.0-r1.ebuild | 94 > > ------------------------------- > > 3 files changed, 190 deletions(-) > > Thanks for the reminder. Thanks for merging!
Resetting sanity check; package list is empty or all packages are done.
(In reply to Sam James from comment #0) > * CVE-2020-16150 (Local side channel attack on classical CBC decryption in > (D)TLS) > > Description: > "An local attacker with access to enough information about the state of the > cache (including, but not limited to, an untrusted operating system > attacking a secure enclave such as SGX or the TrustZone secure world) can > recover portions of the plaintext of a (D)TLS record." > > Fixed versions: "Affected users will want to upgrade to Mbed TLS 2.24.0, > 2.16.8 or 2.7.17 depending on the branch they're currently using." > > Advisory: > https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security- > advisory-2020-09-1 > > * Local side channel attack on RSA and static Diffie-Hellman > > Description: > "An attacker with access to precise enough timing and memory access > information (typically an untrusted operating system attacking a secure > enclave such as SGX or the TrustZone secure world) can recover the private > keys used in RSA or static (finite-field) Diffie-Hellman operations." > > Fixed versions: "Affected users will want to upgrade to Mbed TLS 2.24.0, > 2.16.8 or 2.7.17 depending on the branch they're currently using." > > Advisory: > https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security- > advisory-2020-09-2 Requested a CVE for the non-CVE'd vulnerability here, as well as these two issues in the changelogs: When checking X.509 CRLs, a certificate was only considered as revoked if its revocationDate was in the past according to the local clock if available. In particular, on builds without MBEDTLS_HAVE_TIME_DATE, certificates were never considered as revoked. On builds with MBEDTLS_HAVE_TIME_DATE, an attacker able to control the local clock (for example, an untrusted OS attacking a secure enclave) could prevent revocation of certificates via CRLs. Fixed by no longer checking the revocationDate field, in accordance with RFC 5280. Reported by yuemonangong in #3340. Reported independently and fixed by Raoul Strackx and Jethro Beekman in #3433. Fix a 1-byte buffer overread in mbedtls_x509_crl_parse_der(). Credit to OSS-Fuzz for detecting the problem and to Philippe Antoine for pinpointing the problematic code.
(In reply to John Helmert III from comment #15) > (In reply to Sam James from comment #0) > > * Local side channel attack on RSA and static Diffie-Hellman > > > > Description: > > "An attacker with access to precise enough timing and memory access > > information (typically an untrusted operating system attacking a secure > > enclave such as SGX or the TrustZone secure world) can recover the private > > keys used in RSA or static (finite-field) Diffie-Hellman operations." > > > > Fixed versions: "Affected users will want to upgrade to Mbed TLS 2.24.0, > > 2.16.8 or 2.7.17 depending on the branch they're currently using." > > > > Advisory: > > https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security- > > advisory-2020-09-2 > > Requested a CVE for the non-CVE'd vulnerability here... CVE-2020-36424 > as well as these two > issues in the changelogs: > > When checking X.509 CRLs, a certificate was only considered as revoked if > its revocationDate was in the past according to the local clock if > available. In particular, on builds without MBEDTLS_HAVE_TIME_DATE, > certificates were never considered as revoked. On builds with > MBEDTLS_HAVE_TIME_DATE, an attacker able to control the local clock (for > example, an untrusted OS attacking a secure enclave) could prevent > revocation of certificates via CRLs. Fixed by no longer checking the > revocationDate field, in accordance with RFC 5280. Reported by yuemonangong > in #3340. Reported independently and fixed by Raoul Strackx and Jethro > Beekman in #3433. CVE-2020-36425 > Fix a 1-byte buffer overread in mbedtls_x509_crl_parse_der(). Credit to > OSS-Fuzz for detecting the problem and to Philippe Antoine for pinpointing > the problematic code. CVE-2020-36426
Package list is empty or all packages have requested keywords.
CVE-2020-36477: An issue was discovered in Mbed TLS before 2.24.0. The verification of X.509 certificates when matching the expected common name (the cn argument of mbedtls_x509_crt_verify) with the actual certificate name is mishandled: when the subjecAltName extension is present, the expected name is compared to any name in that extension regardless of its type. This means that an attacker could impersonate a 4-byte or 16-byte domain by getting a certificate for the corresponding IPv4 or IPv6 address (this would require the attacker to control that IP address, though). CVE-2020-36476: An issue was discovered in Mbed TLS before 2.24.0 (and before 2.16.8 LTS and before 2.7.17 LTS). There is missing zeroization of plaintext buffers in mbedtls_ssl_read to erase unused application data from memory.
GLSA request filed.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=f524f5fa47d9d739280d4530623a93084918da39 commit f524f5fa47d9d739280d4530623a93084918da39 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-01-11 05:19:06 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2023-01-11 05:22:06 +0000 [ GLSA 202301-08 ] Mbed TLS: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/730752 Bug: https://bugs.gentoo.org/740108 Bug: https://bugs.gentoo.org/764317 Bug: https://bugs.gentoo.org/778254 Bug: https://bugs.gentoo.org/801376 Bug: https://bugs.gentoo.org/829660 Bug: https://bugs.gentoo.org/857813 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202301-08.xml | 62 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 62 insertions(+)
GLSA released, all done!