Bug 13920

Summary: [CVE 21] openssl 1.1.1v CVEs found
Product: [ROSA-based products] ROSA Fresh Reporter: Yury <y.tumanov>
Component: System (kernel, glibc, systemd, bash, PAM...)Assignee: ROSA Linux Bugs <bugs>
Status: VERIFIED FIXED QA Contact: ROSA Linux Bugs <bugs>
Severity: blocker    
Priority: Highest CC: a.proklov, e.kosachev, m.novosyolov, pastordidi, s.matveev, v.potapov, y.tumanov
Version: AllFlags: v.potapov: qa_verified+
y.tumanov: secteam_verified+
a.proklov: published+
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: CVE-2016-7798, CVE-2016-8610, CVE-2018-16395, CVE-2018-5407, CVE-2023-4807,
Whiteboard:
Platform: 2021.1 ROSA Vulnerability identifier:
RPM Package: ISO-related:
Bad POT generating: Upstream:

Description Yury 2023-10-18 20:29:53 MSK 
Please patch CVEs for package openssl version 1.1.1v
  
INFO (CVEs are): openssl 1.1.1v
 cves found
CVE-2016-7798
Desc: The openssl gem for Ruby uses the same initialization vector (IV) in GCM Mode (aes-*-gcm) when the IV is set before the key, which makes it easier for context-dependent attackers to bypass the encryption protection mechanism.
Link: https://nvd.nist.gov/vuln/detail/CVE-2016-7798
Severity: HIGH
CVE-2016-8610
Desc: A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.
Link: https://nvd.nist.gov/vuln/detail/CVE-2016-8610
Severity: HIGH
CVE-2018-16395
Desc: An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations.
Link: https://nvd.nist.gov/vuln/detail/CVE-2018-16395
Severity: CRITICAL
CVE-2018-5407
Desc: Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.
Link: https://nvd.nist.gov/vuln/detail/CVE-2018-5407
Severity: MEDIUM
CVE-2023-4807
Desc: Issue summary: The POLY1305 MAC (message authentication code) implementation
contains a bug that might corrupt the internal state of applications on the
Windows 64 platform when running on newer X86_64 processors supporting the
AVX512-IFMA instructions.

Impact summary: If in an application that uses the OpenSSL library an attacker
can influence whether the POLY1305 MAC algorithm is used, the application
state might be corrupted with various application dependent consequences.

The POLY1305 MAC (message authentication code) implementation in OpenSSL does
not save the contents of non-volatile XMM registers on Windows 64 platform
when calculating the MAC of data larger than 64 bytes. Before returning to
the caller all the XMM registers are set to zero rather than restoring their
previous content. The vulnerable code is used only on newer x86_64 processors
supporting the AVX512-IFMA instructions.

The consequences of this kind of internal application state corruption can
be various - from no consequences, if the calling application does not
depend on the contents of non-volatile XMM registers at all, to the worst
consequences, where the attacker could get complete control of the application
process. However given the contents of the registers are just zeroized so
the attacker cannot put arbitrary values inside, the most likely consequence,
if any, would be an incorrect result of some application dependent
calculations or a crash leading to a denial of service.

The POLY1305 MAC algorithm is most frequently used as part of the
CHACHA20-POLY1305 AEAD (authenticated encryption with associated data)
algorithm. The most common usage of this AEAD cipher is with TLS protocol
versions 1.2 and 1.3 and a malicious client can influence whether this AEAD
cipher is used by the server. This implies that server applications using
OpenSSL can be potentially impacted. However we are currently not aware of
any concrete application that would be affected by this issue therefore we
consider this a Low severity security issue.

As a workaround the AVX512-IFMA instructions support can be disabled at
runtime by setting the environment variable OPENSSL_ia32cap:

   OPENSSL_ia32cap=:~0x200000

The FIPS provider is not affected by this issue.
Link: https://nvd.nist.gov/vuln/detail/CVE-2023-4807
Severity: HIGH
Comment 1 Vladimir Potapov 2023-10-20 18:05:37 MSK 
*** Bug 13788 has been marked as a duplicate of this bug. ***
Comment 3 Yury 2023-11-07 12:47:52 MSK 
secteam_verified
Comment 4 Dmitry Postnikov 2023-11-07 14:01:08 MSK 
Еще на freeipa проверен.
*****************************
Обновление отослано в Тестинг

сборка riscv64 не собирается, по-этому не отослана в тестинг
Comment 5 Dmitry Postnikov 2023-11-08 12:12:03 MSK 
Теперь все сборки отправлены

*****************************
Обновление отослано в Тестинг
Comment 6 Vladimir Potapov 2023-11-09 10:33:07 MSK 
openssl-1.1.1w-1
https://abf.io/build_lists/4816577
https://abf.io/build_lists/4816578
https://abf.io/build_lists/4816579
https://abf.io/build_lists/4816580
https://abf.io/build_lists/4816581
*********************** Advisory ***********************
Close CVEs by update
********************************************************
QA Verified