Bug 1416852 (CVE-2017-3731)
Summary: | CVE-2017-3731 openssl: Truncated packet could crash via OOB read | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Andrej Nemec <anemec> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | apmukher, bbaranow, bmaxwell, bmcclain, bugzilla-redhat, cdewolf, cfergeau, chazlett, csutherl, dandread, darran.lofthouse, dblechte, dimitris, dosoudil, eedri, erik-fedora, fgavrilo, fnasser, gzaronik, hasuzuki, huwang, jawilson, jclere, jondruse, jshepherd, kfujii, ktietz, lersek, lgao, lsurette, marcandre.lureau, mbabacek, mgoldboi, michal.skrivanek, msugaya, mturk, myarboro, pgier, pjurak, ppalaga, psakar, pslavice, redhat-bugzilla, rh-spice-bugs, rjones, rnetuka, rstancel, rsvoboda, sardella, slawomir, srevivo, tmraz, twalsh, vtunka, weli, ykaul, yozone |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | openssl 1.0.2k, openssl 1.1.0d | Doc Type: | If docs needed, set a value |
Doc Text: |
An integer underflow leading to an out of bounds read flaw was found in OpenSSL. A remote attacker could possibly use this flaw to crash a 32-bit TLS/SSL server or client using OpenSSL if it used the RC4-MD5 cipher suite.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2019-06-08 03:06:24 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1416864, 1416865, 1416866, 1416867, 1417552, 1418964, 1418965, 1418966, 1420893, 1420894 | ||
Bug Blocks: | 1416858 |
Description
Andrej Nemec
2017-01-26 15:35:26 UTC
Upstream commits: https://git.openssl.org/?p=openssl.git;a=commitdiff;h=2198b3a55de681e1f3c23edb0586afe13f438051 https://git.openssl.org/?p=openssl.git;a=commitdiff;h=8e20499629b6bcf868d0072c7011e590b5c2294d Created openssl101e tracking bugs for this issue: Affects: epel-5 [bug 1416866] Created openssl tracking bugs for this issue: Affects: fedora-all [bug 1416864] Created mingw-openssl tracking bugs for this issue: Affects: fedora-all [bug 1416865] Affects: epel-7 [bug 1416867] Also note that for 1.0.1e the upstream fix is insufficient - the check for return value from EVP_CTRL_AEAD_TLS1_AAD has to be added in t1_enc.c. (In reply to Tomas Mraz from comment #9) > Also note that for 1.0.1e the upstream fix is insufficient - the check for > return value from EVP_CTRL_AEAD_TLS1_AAD has to be added in t1_enc.c. This was added upstream as part of this commit: https://git.openssl.org/?p=openssl.git;a=commitdiff;h=1a3701f4fe0530a40ec073cd78d02cfcc26c0f8e#patch7 The root cause here is integer underflow, which leads to out of bounds read, possibly resulting in crash. Upstream advisory lists the following affected use cases: - When CHACHA20/POLY1305 cipher suites are used. Those are not supported by openssl packages as shipped with current versions of Red Hat products. - When RC4-MD5 cipher suite is used. This cipher is supported and enabled by default. Problem can be mitigated by disabling this cipher in configuration of an application using OpenSSL (if the application allows that). This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Via RHSA-2017:0286 https://rhn.redhat.com/errata/RHSA-2017-0286.html This issue has been addressed in the following products: Red Hat JBoss Core Services Via RHSA-2018:2187 https://access.redhat.com/errata/RHSA-2018:2187 This issue has been addressed in the following products: JBoss Core Services on RHEL 6 Via RHSA-2018:2186 https://access.redhat.com/errata/RHSA-2018:2186 This issue has been addressed in the following products: JBoss Core Services on RHEL 7 Via RHSA-2018:2185 https://access.redhat.com/errata/RHSA-2018:2185 |