Bug 1343400 (CVE-2016-2178)
Summary: | CVE-2016-2178 openssl: Non-constant time codepath followed for certain operations in DSA implementation | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Andrej Nemec <anemec> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | apmukher, bbaranow, bmaxwell, cdewolf, csutherl, dandread, darran.lofthouse, dknox, dosoudil, erik-fedora, gzaronik, jaeshin, jawilson, jclere, kent, ktietz, lgao, marcandre.lureau, mbabacek, mturk, myarboro, pgier, psakar, pslavice, redhat-bugzilla, rjones, rnetuka, rsvoboda, sardella, slawomir, tmraz, twalsh, vtunka, weli, yozone |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | openssl 1.0.1u, openssl 1.0.2i | Doc Type: | If docs needed, set a value |
Doc Text: |
It was discovered that OpenSSL did not always use constant time operations when computing Digital Signature Algorithm (DSA) signatures. A local attacker could possibly use this flaw to obtain a private DSA key belonging to another user or service running on the same system.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2019-06-08 02:53:19 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1343401, 1343402, 1343403, 1377623, 1377624, 1377625, 1377626, 1381809, 1381810 | ||
Bug Blocks: | 1343404, 1367347, 1395463, 1461790, 1479475 |
Description
Andrej Nemec
2016-06-07 09:12:18 UTC
Created openssl101e tracking bugs for this issue: Affects: epel-5 [bug 1343403] Created openssl tracking bugs for this issue: Affects: fedora-all [bug 1343401] Created mingw-openssl tracking bugs for this issue: Affects: fedora-all [bug 1343402] Lowering the initial impact because of the nature of time-channel attack. References (thread contains a discussion about severity of this issue): http://seclists.org/oss-sec/2016/q2/493 Details of the issue and the attack taking advantage of it: http://eprint.iacr.org/2016/594 http://eprint.iacr.org/2016/594.pdf Covered now by OpenSSL upstream security advisory and fixed in versions 1.0.1u and 1.0.2i. Constant time flag not preserved in DSA signing (CVE-2016-2178) =============================================================== Severity: Low Operations in the DSA signing algorithm should run in constant time in order to avoid side channel attacks. A flaw in the OpenSSL DSA implementation means that a non-constant time codepath is followed for certain operations. This has been demonstrated through a cache-timing attack to be sufficient for an attacker to recover the private DSA key. OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u This issue was reported to OpenSSL on 23rd May 2016 by César Pereida (Aalto University), Billy Brumley (Tampere University of Technology), and Yuval Yarom (The University of Adelaide and NICTA). The fix was developed by César Pereida. External References: https://www.openssl.org/news/secadv/20160922.txt http://eprint.iacr.org/2016/594 This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Via RHSA-2016:1940 https://rhn.redhat.com/errata/RHSA-2016-1940.html This issue has been addressed in the following products: Via RHSA-2016:2957 https://rhn.redhat.com/errata/RHSA-2016-2957.html This issue has been addressed in the following products: JBoss Core Services on RHEL 7 Via RHSA-2017:0194 https://access.redhat.com/errata/RHSA-2017:0194 This issue has been addressed in the following products: JBoss Core Services on RHEL 6 Via RHSA-2017:0193 https://access.redhat.com/errata/RHSA-2017:0193 This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform Via RHSA-2017:1659 https://access.redhat.com/errata/RHSA-2017:1659 This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Via RHSA-2017:1658 https://access.redhat.com/errata/RHSA-2017:1658 |