Bug 1760843 (CVE-2019-14859)

Summary: CVE-2019-14859 python-ecdsa: DER encoding is not being verified in signatures
Product: [Other] Security Response Reporter: Pedro Sampaio <psampaio>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: apevec, bbuckingham, bcourt, bkearney, btotty, dajohnso, dfediuck, dmetzger, eedri, gblomqui, gmccullo, gtanzill, hhudgeon, hkario, hvyas, jhardy, jjoyce, jprause, jschluet, kdixon, lhh, lpeer, lzap, mburns, mgoldboi, michal.skrivanek, mmccune, orion, rchan, rjerrido, roliveri, sbonazzo, sclewis, sherold, simaishi, sisharma, slinaber, slong, spacewar
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: python-ecdsa 0.13.3 Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in python-ecdsa, where it did not correctly verify whether signatures used DER encoding. Without this verification, a malformed signature could be accepted, making the signature malleable. Without proper verification, an attacker could use a malleable signature to create false transactions.
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-10-25 22:11:56 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1760844, 1760845, 1764505, 1764506, 1817095    
Bug Blocks: 1760846    

Description Pedro Sampaio 2019-10-11 13:09:02 UTC
A flaw was found in python-ecdsa before 0.13.3. The library is not verifying if the signatures actually use DER encoding for the signatures. This makes the signatures malleable and exposes use cases that further sign the signatures. In particular bitcoin. 

Upstream issue:

https://github.com/warner/python-ecdsa/issues/114

Upstream patch:

https://github.com/warner/python-ecdsa/pull/115
https://github.com/warner/python-ecdsa/pull/124

References:

https://en.bitcoinwiki.org/wiki/Transaction_Malleability

Comment 1 Pedro Sampaio 2019-10-11 13:09:23 UTC
Created python-ecdsa tracking bugs for this issue:

Affects: epel-all [bug 1760845]
Affects: fedora-all [bug 1760844]

Comment 14 Doran Moppert 2021-03-04 07:04:49 UTC
Statement:

Although Red Hat OpenStack Platform ships the flawed code, RHOSP does not actually use python-ecdsa's functionality. As such, Red Hat OpenStack Platform will not be providing a fix for python-ecdsa at this time.

Red Hat CloudForms 5.9, 5.10 and 5.11 is not affected as these versions no longer ship the python-ecdsa library. Only CloudForms 5.8, which is now EOL, delivered the python-ecdsa library.

Current releases of Red Hat Virtualization Manager no longer include python-ecdsa as a dependency.  While it remains available in repositories as a legacy dependency, it is not installed by default and its use is not recommended.

Current releases of Red Hat Satellite no longer include python-ecdsa as a dependency.  While it remains available in repositories as a legacy dependency, it is not installed by default and its use is not recommended.

Comment 28 errata-xmlrpc 2021-11-16 14:07:42 UTC
This issue has been addressed in the following products:

  Red Hat Satellite 6.10 for RHEL 7

Via RHSA-2021:4702 https://access.redhat.com/errata/RHSA-2021:4702