Bug 1849734 (CVE-2020-13962)

Summary: CVE-2020-13962 qt5: incorrectly calls SSL_shutdown() in OpenSSL mid-handshake causing denial of service in TLS applications
Product: [Other] Security Response Reporter: Michael Kaplan <mkaplan>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: chkr, helio, j.golderer, jgrulich, johnhatestrash, rdieter
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: QT 5.12.9, QT 5.14.3, QT 5.15.0 Beta4 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-11-04 02:26:10 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1849735, 1849737, 1851538    
Bug Blocks: 1849738    

Description Michael Kaplan 2020-06-22 16:58:27 UTC 
Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated session may be disconnected when any handshake fails. (Mumble 1.3.1 is not affected, regardless of the Qt version.)


Upstream Bug:

https://bugreports.qt.io/browse/QTBUG-83450

References:

https://github.com/mumble-voip/mumble/issues/3679
https://github.com/mumble-voip/mumble/pull/4032
Comment 1 Michael Kaplan 2020-06-22 16:58:43 UTC 
Created mumble tracking bugs for this issue:

Affects: fedora-all [bug 1849735]
Comment 2 Michael Kaplan 2020-06-22 16:59:41 UTC 
Created qt5 tracking bugs for this issue:

Affects: fedora-all [bug 1849737]
Comment 4 Todd Cullum 2020-06-26 21:07:20 UTC 
Technical Summary:

qt5-qtbase calls q_SSL_shutdown() in QSslSocketBackendPrivate::destroySslContext() from src/network/ssl/qsslsocket_openssl.cpp without checking that it is not in the middle of an SSL handshake. Calling q_SSL_shutdown() during a handshake creates an OpenSSL error that is not handled by Qt5, and closes connections, even in other QsslSockets.

> Error while reading: error:140E0197:SSL routines:SSL_shutdown:shutdown while in init [20]

The patch introduces a function q_SSL_in_init() to ensure there is no active handshake and checks for any SSL errors before calling q_SSL_shutdown(). This flaw could lead to a denial of service in both the connection that called q_SSL_shutdown() and any other open connections with other clients. In order for an application to be vulnerable, it would need to utilize the SSL/TLS functionality of qt5-qtcore 5.12.2 through 5.14.2

Upstream patch: https://codereview.qt-project.org/c/qt/qtbase/+/297149
Comment 5 Todd Cullum 2020-06-26 21:10:27 UTC 
Mitigation:

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Comment 8 Product Security DevOps Team 2020-11-04 02:26:10 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-13962
Comment 9 errata-xmlrpc 2020-11-04 03:02:54 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:4690 https://access.redhat.com/errata/RHSA-2020:4690