Bug 1443097 (CVE-2017-3539)
Summary: | CVE-2017-3539 OpenJDK: MD5 allowed for jar verification (Security, 8171121) | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Tomas Hoger <thoger> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | bkearney, dbhole, jvanek, meissner, security-response-team, taw, thomas, tlestach, yozone |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: |
It was discovered that the Security component of OpenJDK did not allow users to restrict the set of algorithms allowed for Jar integrity verification. This flaw could allow an attacker to modify content of the Jar file that used weak signing key or hash algorithm.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2017-05-10 13:46:37 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1438752 |
Description
Tomas Hoger
2017-04-18 13:04:02 UTC
Relevant entry in the Oracle JDK release notes: http://www.oracle.com/technetwork/java/javase/8u131-relnotes-3565278.html http://www.oracle.com/technetwork/java/javaseproducts/documentation/javase7supportreleasenotes-1601161.html#R170_141 http://www.oracle.com/technetwork/java/javase/documentation/overview-156328.html#R160_151 security-libs/java.security MD5 added to jdk.jar.disabledAlgorithms Security property This JDK release introduces a new restriction on how MD5 signed JAR files are verified. If the signed JAR file uses MD5, signature verification operations will ignore the signature and treat the JAR as if it were unsigned. This can potentially occur in the following types of applications that use signed JAR files: * Applets or Web Start Applications * Standalone or Server Applications that are run with a SecurityManager enabled and are configured with a policy file that grants permissions based on the code signer(s) of the JAR file. The list of disabled algorithms is controlled via the security property, jdk.jar.disabledAlgorithms, in the java.security file. This property contains a list of disabled algorithms and key sizes for cryptographically signed JAR files. To check if a weak algorithm or key was used to sign a JAR file, one can use the jarsigner binary that ships with this JDK. Running "jarsigner -verify" on a JAR file signed with a weak algorithm or key will print more information about the disabled algorithm or key. For example, to check a JAR file named test.jar, use the following command: jarsigner -verify test.jar If the file in this example was signed with a weak signature algorithm like MD5withRSA, the following output would be displayed: The jar will be treated as unsigned, because it is signed with a weak algorithm that is now disabled. Re-run jarsigner with the -verbose option for more details. More details can be displayed by using the verbose option: jarsigner -verify -verbose test.jar The following output would be displayed: - Signed by "CN=weak_signer" Digest algorithm: MD5 (weak) Signature algorithm: MD5withRSA (weak), 512-bit key (weak) Timestamped by "CN=strong_tsa" on Mon Sep 26 08:59:39 CST 2016 Timestamp digest algorithm: SHA-256 Timestamp signature algorithm: SHA256withRSA, 2048-bit key To address the issue, the JAR file will need to be re-signed with a stronger algorithm or key size. Alternatively, the restrictions can be reverted by removing the applicable weak algorithms or key sizes from the jdk.jar.disabledAlgorithms security property; however, this option is not recommended. Before re-signing affected JARs, the existing signature(s) should be removed from the JAR file. This can be done with the .zip utility, as follows: zip -d test.jar 'META-INF/.SF' 'META-INF/.RSA' 'META-INF/*.DSA' Please periodically check the Oracle JRE and JDK Cryptographic Roadmap at http://java.com/cryptoroadmap for planned restrictions to signed JARs and other security components. JDK-8171121 (not public) Public now via Oracle CPU April 20167, fixed in Oracle JDK 8u131, 7u141, and 6u151. External References: http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html#AppendixJAVA OpenJDK8 upstream commit: http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/1f2ff3f1882a This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2017:1109 https://access.redhat.com/errata/RHSA-2017:1109 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2017:1108 https://access.redhat.com/errata/RHSA-2017:1108 This issue has been addressed in the following products: Oracle Java for Red Hat Enterprise Linux 7 Oracle Java for Red Hat Enterprise Linux 6 Via RHSA-2017:1118 https://access.redhat.com/errata/RHSA-2017:1118 This issue has been addressed in the following products: Oracle Java for Red Hat Enterprise Linux 7 Oracle Java for Red Hat Enterprise Linux 6 Via RHSA-2017:1117 https://access.redhat.com/errata/RHSA-2017:1117 This issue has been addressed in the following products: Oracle Java for Red Hat Enterprise Linux 7 Oracle Java for Red Hat Enterprise Linux 6 Via RHSA-2017:1119 https://access.redhat.com/errata/RHSA-2017:1119 This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Via RHSA-2017:1204 https://access.redhat.com/errata/RHSA-2017:1204 This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Supplementary Via RHSA-2017:1222 https://access.redhat.com/errata/RHSA-2017:1222 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Supplementary Red Hat Enterprise Linux 6 Supplementary Via RHSA-2017:1221 https://access.redhat.com/errata/RHSA-2017:1221 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Supplementary Red Hat Enterprise Linux 6 Supplementary Via RHSA-2017:1220 https://access.redhat.com/errata/RHSA-2017:1220 This issue has been addressed in the following products: Red Hat Satellite 5.8 Red Hat Satellite 5.8 ELS Via RHSA-2017:3453 https://access.redhat.com/errata/RHSA-2017:3453 |