Bug 1752095 (CVE-2019-1549)

Summary: CVE-2019-1549 openssl: information disclosure in fork()
Product: [Other] Security Response Reporter: Dhananjay Arunesh <darunesh>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: asoldano, atangrin, bbaranow, bmaxwell, brian.stansberry, cdewolf, cfergeau, chazlett, csutherl, darran.lofthouse, dosoudil, erik-fedora, fidencio, gzaronik, iweiss, jawilson, jclere, jorton, jperkins, krathod, ktietz, kwills, lgao, lmorse, marcandre.lureau, mbabacek, msochure, msvehla, mturk, myarboro, nwallace, pmackay, psotirop, rguimara, rh-spice-bugs, rjones, rsvoboda, smaestri, tmraz, tom.jenkinson, twalsh, weli
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-04-06 22:32:03 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1752096, 1752097, 1752098, 1752337    
Bug Blocks: 1752105    

Description Dhananjay Arunesh 2019-09-13 17:08:10 UTC 
OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was
intended to include protection in the event of a fork() system call in order to
ensure that the parent and child processes did not share the same RNG state.
However this protection was not being used in the default case. A partial
mitigation for this issue is that the output from a high precision timer is
mixed into the RNG state so the likelihood of a parent and child process sharing
state is significantly reduced. If an application already calls
OPENSSL_init_crypto() explicitly using OPENSSL_INIT_ATFORK then this problem
does not occur at all. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c).

Reference:
https://www.openssl.org/news/secadv/20190910.txt
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1b0fe00e2704b5e20334a16d3c9099d1ba2ef1be
Comment 1 Dhananjay Arunesh 2019-09-13 17:08:58 UTC 
Created mingw-openssl tracking bugs for this issue:

Affects: epel-7 [bug 1752096]
Affects: fedora-all [bug 1752098]


Created openssl tracking bugs for this issue:

Affects: fedora-all [bug 1752097]
Comment 2 Huzaifa S. Sidhpurwala 2019-09-16 06:12:46 UTC 
OpenSSL 1.1.1 introduced a new Random number generator which is referred to as "Grand redesign of the OpenSSL random generator
" and described in https://www.openssl.org/news/cl111.txt

Also a part of the new design was to ensure that after fork, the parent and the child did not share the same RNG state which could result in same random numbers being generated by both of them. However this was not switched on by default unless the application called OPENSSL_init_crypto() explicitly using OPENSSL_INIT_ATFORK.

This is not a very significant security issue, mainly because output from a high precision timer is mixed into the RNG state so the likelihood of a parent and child process sharing state is significantly reduced.
Comment 8 Kunjan Rathod 2019-11-14 23:04:02 UTC 
This vulnerability is out of security support scope for the following products:
 * Red Hat Enterprise Application Platform 6
 * Red Hat Enterprise Application Platform 5
 * Red Hat JBoss Enterprise Web Server 2
 * Red Hat JBoss Web Server 3
 

Please refer to https://access.redhat.com/support/policy/updates/jboss_notes for more details.
Comment 10 Laurie Morse 2020-03-04 21:08:37 UTC 
This keeps coming up with our services teams needing the fixed versions of OpenSSL.  There are several CVEs that are involved ...
CVE-2019-1547 - Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).
CVE-2019-1549 - Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c).
CVE-2019-1551 - Fixed in OpenSSL 1.1.1e-dev (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u-dev (Affected 1.0.2-1.0.2t).
CVE-2019-1563 - Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).

Our images installed with OpenSSL show the following ...
Based on registry.access.redhat.com/ubi7/ubi-minimal - Need OpenSSL 1.0.2t or 1.0.2u-dev in ubi-7/x86_64 Red Hat Universal Base Image 7 Server (RPMs)
[root@4c866ac08b81 /]# openssl version
OpenSSL 1.0.2k-fips  26 Jan 2017
Based on registry.access.redhat.com/ubi8/ubi-minimal - Need OpenSSL 1.1.1d or 1.1.1e-dev in ubi-8-baseos Red Hat Universal Base Image 8 (RPMs) - BaseOS
[root@6ad506124398 /]# openssl version
OpenSSL 1.1.1c FIPS  28 May 2019

Having these upgrades will solve a lot of these issues for us.  When can we expect the OpenSSL packages upgraded?
Comment 11 errata-xmlrpc 2020-04-06 19:10:18 UTC 
This issue has been addressed in the following products:

  JBoss Core Services Apache HTTP Server 2.4.37 SP2

Via RHSA-2020:1336 https://access.redhat.com/errata/RHSA-2020:1336
Comment 12 errata-xmlrpc 2020-04-06 19:27:05 UTC 
This issue has been addressed in the following products:

  JBoss Core Services on RHEL 6
  JBoss Core Services on RHEL 7

Via RHSA-2020:1337 https://access.redhat.com/errata/RHSA-2020:1337
Comment 13 Product Security DevOps Team 2020-04-06 22:32:03 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2019-1549
Comment 14 errata-xmlrpc 2020-04-28 15:58:30 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:1840 https://access.redhat.com/errata/RHSA-2020:1840
Comment 15 Fedora Update System 2020-05-29 00:57:05 UTC 
FEDORA-EPEL-2020-ff94ccbdec has been pushed to the Fedora EPEL 7 stable repository.
If problem still persists, please make note of it in this bug report.