The go module "sif" version 2.8.0 and older does not verify that the hash algorithm(s) used are cryptographically secure when verifying digital signatures. I may be wrong (not in the least because now that we mostly rely self-built dependency tarballs for dependencies of Go software it is not trivial to find out what those dependencies actually are) but it seems the only affected package in the tree is app-containers/apptainer, in which case an update to version 1.1.2 - which bundles sif-2.8.1 - or newer is in order. I am currently build-testing apptainer-1.1.2. Once pushed, it will have to be fast-tracked through stabilisation so that all vulnerable versions can be removed from the tree.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9f08746e6fcb72a07689f90aac50c826deda6392 commit 9f08746e6fcb72a07689f90aac50c826deda6392 Author: Marek Szuba <marecki@gentoo.org> AuthorDate: 2022-10-07 14:21:42 +0000 Commit: Marek Szuba <marecki@gentoo.org> CommitDate: 2022-10-07 14:21:42 +0000 app-containers/apptainer: add 1.1.2, drop 1.1.0 Bug: https://bugs.gentoo.org/875869 Signed-off-by: Marek Szuba <marecki@gentoo.org> app-containers/apptainer/Manifest | 2 +- .../apptainer/{apptainer-1.1.0.ebuild => apptainer-1.1.2.ebuild} | 0 2 files changed, 1 insertion(+), 1 deletion(-)
Thanks for reporting!
Please cleanup
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c124743140c0abd7c4c776c1fa087ced2a36cb69 commit c124743140c0abd7c4c776c1fa087ced2a36cb69 Author: Marek Szuba <marecki@gentoo.org> AuthorDate: 2022-10-08 19:23:50 +0000 Commit: Marek Szuba <marecki@gentoo.org> CommitDate: 2022-10-08 19:27:26 +0000 app-containers/apptainer: drop 1.0.3 No versions vulnerable to CVE-2022-39237 left in the tree. Bug: https://bugs.gentoo.org/875869 Signed-off-by: Marek Szuba <marecki@gentoo.org> app-containers/apptainer/Manifest | 1 - app-containers/apptainer/apptainer-1.0.3.ebuild | 67 ------------------------- 2 files changed, 68 deletions(-)
Thanks! Can you offer any commentaryon how exploitable this is?
Quite easy, I would say - sign a benign image using a weak algorithm, get your target to start using it, quietly replace the image contents with malicious payload that produces the same signatures, pwned.
Thanks, we will indeed GLSA this then.
GLSA request filed
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=c82e528af1807b8f557d3b3dee8219380c688f4c commit c82e528af1807b8f557d3b3dee8219380c688f4c Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-10-31 01:13:42 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-10-31 01:40:15 +0000 [ GLSA 202210-19 ] Apptainer: Lack of Digital Signature Hash Verification Bug: https://bugs.gentoo.org/875869 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202210-19.xml | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+)
GLSA released, all done!
