Bug 1561266 (CVE-2018-0739)

Summary: CVE-2018-0739 openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service
Product: [Other] Security Response Reporter: Sam Fowler <sfowler>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: apmukher, bmaxwell, cdewolf, chazlett, csutherl, darran.lofthouse, deesharm, dimitris, dosoudil, erik-fedora, fgavrilo, gzaronik, hasuzuki, jawilson, jclere, jondruse, jorton, kbost, ktietz, lersek, lgao, marcandre.lureau, mbabacek, m-suemitsu, mturk, myarboro, pgier, pjurak, ppalaga, psakar, pslavice, rjones, rnetuka, rstancel, rsvoboda, slawomir, sstavrev, tmraz, twalsh, vtunka, weli, yiwu, yozone, zpytela
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: openssl 1.1.0h, openssl 1.0.2o Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-06-10 10:18:59 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1561267, 1561268, 1561269, 1563285, 1563286, 1563287, 1563288, 1563289    
Bug Blocks: 1561270    

Description Sam Fowler 2018-03-28 01:16:17 UTC
OpenSSL versions 1.0.2 and 1.1.0 have a vulnerability in the handling of recursive ASN.1 structures. Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe.


External References:

https://www.openssl.org/news/secadv/20180327.txt


Upstream Patches:

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2ac4c6f7b2b2af20c0e2b0ba05367e454cd11b33
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9310d45087ae546e27e61ddf8f6367f29848220d

Comment 1 Sam Fowler 2018-03-28 01:17:08 UTC
Created openssl tracking bugs for this issue:

Affects: fedora-all [bug 1561269]


Created mingw-openssl tracking bugs for this issue:

Affects: epel-7 [bug 1561267]

Comment 7 Fedora Update System 2018-04-09 13:26:57 UTC
compat-openssl10-1.0.2o-1.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report.

Comment 8 Fedora Update System 2018-04-09 18:35:21 UTC
compat-openssl10-1.0.2o-1.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report.

Comment 9 Fedora Update System 2018-04-09 19:09:15 UTC
compat-openssl10-1.0.2o-1.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report.

Comment 11 errata-xmlrpc 2018-10-30 07:35:49 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2018:3090 https://access.redhat.com/errata/RHSA-2018:3090

Comment 12 errata-xmlrpc 2018-10-30 07:51:09 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2018:3221 https://access.redhat.com/errata/RHSA-2018:3221

Comment 13 errata-xmlrpc 2019-02-18 16:55:47 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Core Services

Via RHSA-2019:0366 https://access.redhat.com/errata/RHSA-2019:0366

Comment 14 errata-xmlrpc 2019-02-18 16:58:28 UTC
This issue has been addressed in the following products:

  JBoss Core Services on RHEL 6
  JBoss Core Services on RHEL 7

Via RHSA-2019:0367 https://access.redhat.com/errata/RHSA-2019:0367

Comment 16 errata-xmlrpc 2019-07-09 12:54:58 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Web Server 3 for RHEL 7
  Red Hat JBoss Web Server 3 for RHEL 6

Via RHSA-2019:1711 https://access.redhat.com/errata/RHSA-2019:1711

Comment 17 errata-xmlrpc 2019-07-09 13:56:21 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Web Server

Via RHSA-2019:1712 https://access.redhat.com/errata/RHSA-2019:1712