Bug 1763310 (CVE-2019-17596)

Summary: CVE-2019-17596 golang: invalid public key causes panic in dsa.Verify
Product: [Other] Security Response Reporter: kat <kbost>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: admiller, amctagga, amurdaca, anharris, aos-bugs, asm, bmontgom, bniver, bodavis, deparker, emachado, eparis, flucifre, gmeno, hchiramm, huzaifas, hvyas, jburrell, jcajka, jmulligan, jokerman, jpadman, law, lemenkov, madam, maszulik, mbenjamin, mfojtik, mhackett, mkaplan, mnewsome, nstielau, puebele, renich, rhs-bugs, rphillips, sisharma, sponnaga, storage-qa-internal, tstellar, vbatts, vbellur, vereddy
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: go 1.13.2, go 1.12.11 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-01-14 14:09:33 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1883645, 1763311, 1763312, 1763977, 1763978, 1773500, 1773501, 1785346, 1785389, 1785664, 1793812    
Bug Blocks: 1763314    

Description kat 2019-10-18 18:13:50 UTC 
As announced by Go upstream on 2019-10-17: Invalid DSA public keys can cause a panic in dsa.Verify. In particular, using crypto/x509.Verify on a crafted X.509 certificate chain can lead to a panic, even if the certificates don’t chain to a trusted root. The chain can be delivered via a crypto/tls connection to a client, or to a server that accepts and verifies client certificates. net/http clients can be made to crash by an HTTPS server, while net/http servers that accept client certificates will recover the panic and are unaffected.

Moreover, an application might crash invoking crypto/x509.(*CertificateRequest) CheckSignature on an X.509 certificate request, parsing a golang.org/x/crypto/openpgp Entity, or during a golang.org/x/crypto/otr conversation. Finally, a golang.org/x/crypto/ssh client can panic due to a malformed host key, while a server could panic if either PublicKeyCallback accepts a malformed public key, or if IsUserAuthority accepts a certificate with a malformed public key.

Upstream bug:
https://github.com/golang/go/issues/34960
Comment 1 kat 2019-10-18 18:14:03 UTC 
Created golang tracking bugs for this issue:

Affects: epel-all [bug 1763311]
Affects: fedora-all [bug 1763312]
Comment 2 Huzaifa S. Sidhpurwala 2019-10-22 05:51:05 UTC 
Upstream bug: https://github.com/golang/go/issues/34960
Patch for 1.12 branch: https://github.com/golang/go/commit/2017d88dbc096381d4f348d2fb08bfb3c2b7ed73
Patch for 1.13 branch: https://github.com/golang/go/commit/4cabf6992e98f74a324e6f814a7cb35e41b05f25
Comment 4 Huzaifa S. Sidhpurwala 2019-10-22 06:11:31 UTC 
Analysis:

This is essentially a crash caused when verifying specially crafted DSA public certificates. As per upstream: "Verify on a crafted X.509 certificate chain can lead to a panic, even if the certificates don’t chain to a trusted root. The chain can be delivered via a crypto/tls connection to a client, or to a server that accepts and verifies client certificates. net/http clients can be made to crash by an HTTPS server, while net/http servers that accept client certificates will recover the panic and are unaffected."

Similarly checking signatures on specially crafted  X.509 certificates, or verifying specially crafted ssh host keys may also cause a crash.
Comment 5 Huzaifa S. Sidhpurwala 2019-10-22 06:39:12 UTC 
External References:

https://groups.google.com/forum/#!msg/golang-announce/lVEm7llp0w0/VbafyRkgCgAJ
Comment 7 errata-xmlrpc 2020-01-14 08:44:22 UTC 
This issue has been addressed in the following products:

  Red Hat Developer Tools

Via RHSA-2020:0101 https://access.redhat.com/errata/RHSA-2020:0101
Comment 8 Product Security DevOps Team 2020-01-14 14:09:33 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2019-17596
Comment 9 errata-xmlrpc 2020-02-04 10:35:45 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:0329 https://access.redhat.com/errata/RHSA-2020:0329