Bug 802648

Summary: VUL-0: CVE-2013-0169: openssl 1.0.1d/1.0.0k/0.9.8y release (lucky thirteen 13)
Product: [Novell Products] SUSE Security Incidents Reporter: Marcus Meissner <meissner>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: heiko.rommel, jack.hodge, meissner, sascha.wessels, security-team
Version: unspecifiedKeywords: DSLA_REQUIRED, DSLA_SOLUTION_PROVIDED
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard: maint:released:sle10-sp3:51844 maint:released:sles9-sp3-teradata:51732 maint:released:sle11-sp2:51848 maint:released:sle11-sp1:51847 maint:released:sle10-sp3:51915 maint:released:sle11-sp1:51916 maint:running:54015:moderate maint:released:sles9:54016 wasL3:39852 CVSSv2:NVD:CVE-2012-2686:5.0:(AV:N/AC:L/Au:N/C:N/I:N/A:P) CVSSv2:RedHat:CVE-2012-2686:5.0:(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Marcus Meissner 2013-02-07 17:07:32 UTC
is public, via oss-sec and openssl.org

http://www.openssl.org/news/secadv_20130205.txt

========================================

SSL, TLS and DTLS Plaintext Recovery Attack (CVE-2013-0169)
============================================================

Nadhem Alfardan and Kenny Paterson have discovered a weakness in the handling
of CBC ciphersuites in SSL, TLS and DTLS. Their attack exploits timing
differences arising during MAC processing. Details of this attack can be
found at: http://www.isg.rhul.ac.uk/tls/

All versions of OpenSSL are affected including 1.0.1c, 1.0.0j and 0.9.8x

Note: this vulnerability is only partially mitigated when OpenSSL is used
in conjuction with the OpenSSL FIPS Object Module and the FIPS mode of
operation is enabled.

Thanks go to Nadhem J. AlFardan and Kenneth G. Paterson of the Information
Security Group Royal Holloway, University of London for discovering this flaw.

An initial fix was prepared by Adam Langley <agl@chromium.org> and Emilia
Käsper <ekasper@google.com> of Google. Additional refinements were added by
Ben Laurie, Andy Polyakov and Stephen Henson of the OpenSSL group.

Affected users should upgrade to OpenSSL 1.0.1d, 1.0.0k or 0.9.8y

TLS 1.1 and 1.2 AES-NI crash (CVE-2012-2686)
=============================================

A flaw in the OpenSSL handling of CBC ciphersuites in TLS 1.1 and TLS 1.2 on
AES-NI supporting platforms can be exploited in a DoS attack. If you are
unsure if you are using AES-NI see "References" below.

Anyone using an AES-NI platform for TLS 1.2 or TLS 1.1 on OpenSSL 1.0.1c is
affected. Platforms which do not support AES-NI or versions of OpenSSL which
do not implement TLS 1.2 or 1.1 (for example OpenSSL 0.9.8 and 1.0.0) are
not affected.

Thanks go to Adam Langley <agl@chromium.org> for initially discovering the
bug and developing a fix and to Wolfgang Ettlingers
 <wolfgang.ettlinger@gmail.com> for independently discovering this issue.

Affected users should upgrade to OpenSSL 1.0.1d

OCSP invalid key DoS issue (CVE-2013-0166)
============================================

A flaw in the OpenSSL handling of OCSP response verification can be exploitedin a denial of service attack.

All versions of OpenSSL are affected including 1.0.1c, 1.0.0j and 0.9.8x

This flaw was discovered and fixed by Stephen Henson of the OpenSSL core team.

Affected users should upgrade to OpenSSL 1.0.1d, 1.0.0k or 0.9.8y.

References
==========
URL for this Security Advisory:
http://www.openssl.org/news/secadv_20130204.txt
Wikipedia AES-NI description:
http://en.wikipedia.org/wiki/AES-NI
Comment 1 Swamp Workflow Management 2013-02-07 23:00:47 UTC
bugbot adjusting priority
Comment 2 Marcus Meissner 2013-02-08 12:02:54 UTC
CVE-2012-2686 only affects 1.0.1*, so openSUSE only.
Comment 3 Shawn Chang 2013-02-11 15:25:56 UTC
thanks for the info, I'm handling the CVE-2013-0169 at first then CVE-2012-2686.
Comment 4 Shawn Chang 2013-02-11 15:46:02 UTC
According to Tomas Hoger's info, CVE-2013-0169 has several commits in the upstream...

0.9.8:
http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=270881316664396326c461ec7a124aec2c6cc081
http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=35a65e814beb899fa1c69a7673a8956c6059dce7
http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a33e6702a0db1b9f4648d247b8b28a5c0e42ca13
http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2928cb4c82d6516d9e65ede4901a5957d8c39c32
http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b3a959a337b8083bc855623f24cebaf43a477350
http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=be88529753897c29c677d1becb321f0072c0659c
http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=99f5093347c65eecbd05f0668aea94b32fcf20d7
http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=24b28060975c01b749391778d13ec2ea1323a1aa
http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=924b11742296c13816a9f301e76fea023003920c
http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1909df070fb5c5b87246a2de19c17588deba5818
http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=33ccde59a1ece0f68cc4b64e930001ab230725b1
http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f9345a2f0b592457fc4a619ac98ea59ffd394ba
http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=40e0de03955e218f45a7979cb46fba193f4e7fc2

1.0.0:
http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9c00a950604aca819cee977f1dcb4b45f2af3aa6
http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e5420be6cd09af2550b128575a675490cfba0483
http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f852b60797dc68aa86c99c4f7b905488d1538d99
http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=080f39539295d2c7c932e79dd670526b90a215a8
http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=610dfc3ef4c4019394534023115226f4ed0e7204
http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b23da2919b332fd83fa6de87caacb0651f64a3f5
http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3cdaca2436643908863c6a62918b0d9703477655
http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=11c48a0fd20d2ec091fde218449f3ba0ff1cf672
http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=33f44acbbe83ab718ae15c0d2c6a57e802705a36
Comment 5 Swamp Workflow Management 2013-02-11 16:05:38 UTC
The SWAMPID for this issue is 51146.
This issue was rated as moderate.
Please submit fixed packages until 2013-02-25.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.
Comment 6 Shawn Chang 2013-02-11 16:42:19 UTC
OpenSSL version 1.0.1e released. The most significant changes are: Corrected
fix for CVE-2013-0169
Comment 8 Bernhard Wiedemann 2013-02-16 10:00:22 UTC
This is an autogenerated message for OBS integration:
This bug (802648) was mentioned in
https://build.opensuse.org/request/show/155588 Maintenance /
Comment 9 Marcus Meissner 2013-02-18 10:30:25 UTC
For openSUSE I submitted minor version updates now (merging your c_rehash fix too)

openSUSE 12.1: 1.0.0k
openSUSE 12.2: 1.0.1e

this avoids the backporting trouble for openSUSE.
Comment 11 Bernhard Wiedemann 2013-02-22 11:00:16 UTC
This is an autogenerated message for OBS integration:
This bug (802648) was mentioned in
https://build.opensuse.org/request/show/156084 Evergreen:11.2 / openssl
Comment 12 Swamp Workflow Management 2013-02-25 10:04:59 UTC
openSUSE-SU-2013:0336-1: An update that fixes 12 vulnerabilities is now available.

Category: security (moderate)
Bug References: 757773,802648,802746
CVE References: CVE-2011-4108,CVE-2011-4576,CVE-2011-4577,CVE-2011-4619,CVE-2012-0027,CVE-2012-0050,CVE-2012-0884,CVE-2012-1165,CVE-2012-2110,CVE-2012-2686,CVE-2013-0166,CVE-2013-0169
Sources used:
openSUSE 12.1 (src):    openssl-1.0.0k-34.20.1
Comment 13 Swamp Workflow Management 2013-02-25 11:04:56 UTC
openSUSE-SU-2013:0339-1: An update that fixes three vulnerabilities is now available.

Category: security (moderate)
Bug References: 757773,802648,802746
CVE References: CVE-2012-2686,CVE-2013-0166,CVE-2013-0169
Sources used:
openSUSE 11.4 (src):    openssl-1.0.0k-18.45.1
Comment 16 Bernhard Wiedemann 2013-02-26 08:00:46 UTC
This is an autogenerated message for OBS integration:
This bug (802648) was mentioned in
https://build.opensuse.org/request/show/156390 Evergreen:11.2 / openssl
Comment 19 Marcus Meissner 2013-03-27 09:12:09 UTC
released
Comment 20 Swamp Workflow Management 2013-03-27 10:04:41 UTC
Update released for: openssl, openssl-32bit, openssl-debuginfo, openssl-devel, openssl-devel-32bit, openssl-doc
Products:
SLE-SERVER 10-SP3-TERADATA (x86_64)
Comment 21 Swamp Workflow Management 2013-03-27 11:04:33 UTC
Update released for: openssl, openssl-devel, openssl-doc
Products:
SUSE-CORE 9-SP3-TERADATA (x86_64)
Comment 22 Swamp Workflow Management 2013-03-27 12:09:38 UTC
Update released for: openssl, openssl-32bit, openssl-64bit, openssl-debuginfo, openssl-devel, openssl-devel-32bit, openssl-devel-64bit, openssl-doc, openssl-x86
Products:
SLE-DEBUGINFO 10-SP4 (i386, ia64, ppc, s390x, x86_64)
SLE-DESKTOP 10-SP4 (i386, x86_64)
SLE-SDK 10-SP4 (i386, ia64, ppc, s390x, x86_64)
SLE-SERVER 10-SP4 (i386, ia64, ppc, s390x, x86_64)
Comment 23 Swamp Workflow Management 2013-03-27 12:27:56 UTC
Update released for: libopenssl-devel, libopenssl0_9_8, libopenssl0_9_8-32bit, libopenssl0_9_8-hmac, libopenssl0_9_8-hmac-32bit, libopenssl0_9_8-hmac-x86, libopenssl0_9_8-x86, openssl, openssl-debuginfo, openssl-debugsource, openssl-doc
Products:
SLE-DEBUGINFO 11-SP2 (i386, ia64, ppc64, s390x, x86_64)
SLE-DESKTOP 11-SP2 (i386, x86_64)
SLE-SDK 11-SP2 (i386, ia64, ppc64, s390x, x86_64)
SLE-SERVER 11-SP2 (i386, ia64, ppc64, s390x, x86_64)
SLES4VMWARE 11-SP2 (i386, x86_64)
Comment 24 Swamp Workflow Management 2013-03-27 13:04:42 UTC
Update released for: libopenssl-devel, libopenssl0_9_8, libopenssl0_9_8-32bit, libopenssl0_9_8-hmac, libopenssl0_9_8-hmac-32bit, openssl, openssl-debuginfo, openssl-debugsource, openssl-doc
Products:
SLE-SERVER 11-SP1-TERADATA (x86_64)
Comment 25 Swamp Workflow Management 2013-04-15 15:53:31 UTC
Update released for: openssl, openssl-32bit, openssl-debuginfo, openssl-devel, openssl-devel-32bit, openssl-doc
Products:
SLE-DEBUGINFO 10-SP3 (i386, s390x, x86_64)
SLE-SERVER 10-SP3-LTSS (i386, s390x, x86_64)
Comment 26 Marcus Meissner 2013-04-16 09:41:01 UTC
perl bin/addnote CVE-2012-2686 "The openssl versions in SUSE Linux Enterprise 11 and older are based on openssl 0.9.8 and do not support TLS 1.1 or 1.2 at this time. So SUSE Linux Enterprise 11 and older distributions are not affected by this security problem."
Comment 27 Swamp Workflow Management 2013-04-22 15:56:54 UTC
Update released for: libopenssl-devel, libopenssl0_9_8, libopenssl0_9_8-32bit, libopenssl0_9_8-hmac, libopenssl0_9_8-hmac-32bit, openssl, openssl-debuginfo, openssl-debugsource, openssl-doc
Products:
SLE-DEBUGINFO 11-SP1 (i386, s390x, x86_64)
SLE-SERVER 11-SP1-LTSS (i386, s390x, x86_64)
SLES4VMWARE 11-SP1-LTSS (i386, x86_64)
Comment 28 Anders Johansson 2013-05-27 09:28:53 UTC
*** Bug 813366 has been marked as a duplicate of this bug. ***
Comment 29 Swamp Workflow Management 2013-08-28 08:50:34 UTC
Update released for: openssl, openssl-devel, openssl-doc
Products:
SUSE-CORE 9-LTSS (i386, s390, s390x, x86_64)
Comment 36 Marcus Meissner 2013-11-05 09:25:07 UTC
done