Red Hat Bugzilla – Bug 1180184
CVE-2015-0204 openssl: only allow ephemeral RSA keys in export ciphersuites (FREAK)
Last modified: 2017-06-19 07:27:17 EDT
New release of OpenSSL [1] fixes the following issue: OpenSSL clients would tolerate temporary RSA keys in non-export ciphersuites. It also had an option SSL_OP_EPHEMERAL_RSA which enabled this server side. Remove both options as they are a protocol violation. Upstream patches: - master: https://github.com/openssl/openssl/commit/ce325c60c74b0fa784f5872404b722e120e5cab0 - 0.9.8: https://github.com/openssl/openssl/commit/72f181539118828ca966a0f8d03f6428e2bcf0d6 - 1.0.1: https://github.com/openssl/openssl/commit/37580f43b5a39f5f4e920d17273fab9713d3a744 [1]: https://www.openssl.org/news/changelog.html
Created openssl tracking bugs for this issue: Affects: fedora-all [bug 1180189]
Upstream commit that looks to fix the problem: https://github.com/openssl/openssl/commit/ce325c60c74b0fa784f5872404b722e120e5cab0 External References: https://www.openssl.org/news/secadv_20150108.txt https://securityblog.redhat.com/2015/03/04/factoring-rsa-export-keys-freak-cve-2015-0204/
Statement: This issue affects versions of openssl as shipped with Red Hat Enterprise Linux 5, 6 and 7. Errata have been released to correct this issue. This issue affects the version of openssl098e as shipped with Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this issue as having Moderate security impact and does not plan to address this flaw for the openssl098e component in any future security updates. This issue affects the version of openssl097a as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Via RHSA-2015:0066 https://rhn.redhat.com/errata/RHSA-2015-0066.html
Red Hat Product Security team initially classified this as having low security impact, but after more details about the issue and the possible attack scenarios become clear, we re-classified as moderate impact security issue.
This issue got dubbed FREAK (Factoring RSA Export Keys). Further details can be found in: https://www.smacktls.com/#freak http://blog.cryptographyengineering.com/2015/03/attack-of-week-freak-or-factoring-nsa.html
Is there going to be a patch for RHEL 5? It looks like there are fixes for this in RHEL 6 and 7 but not yet for RHEL 5, at least not that I can find.
Huzaifa, are there still no plans for an update for RHEL 5 even this has been re-classified meanwhile?
Matt, Robert: RHEL 5 has entered Production Phase 3 as of January 31, 2014. As per our errata policy: "During the Production 3 Phase, Critical impact Security Advisories (RHSAs) and selected Urgent Priority Bug Fix Advisories (RHBAs) may be released as they become available." Red Hat Enterprise Linux Life Cycle https://access.redhat.com/support/policy/updates/errata#Production_3_Phase This means that Red Hat will not be addressing Low, Moderate, or High impact CVE's in relation to RHEL 5.
I have some sympathy with comment #14. This is not a serious problem and all the screaming in the popular press (just search google for "openssl freak") doesn't make it serious either. Mind you, some of the popular press makes it sound like armageddon all over again.
This issue has been addressed in the following products: Red Hat Enterprise Linux 5 Via RHSA-2015:0800 https://rhn.redhat.com/errata/RHSA-2015-0800.html
May somebody explain how comment #16 works together with comment #14, please?
(In reply to Robert Scheck from comment #17) > May somebody explain how comment #16 works together with comment #14, please? Please read the statement in comment 5, it is updated and should explain the current status.
This issue is now listed as fixed in Oracle Java SE 5.0u85 and 6u95: http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixJAVA According to the release notes: http://www.oracle.com/technetwork/java/javase/documentation/overview-156328.html#bugfixes-6u95 Area: security-libs/javax.net.ssl Synopsis: The EXPORT suites have been removed from the default enabled ciphersuite list. The EXPORT strength ciphersuites (such as SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5) were recently shown as too weak to be practically used in secure communications. They are no longer enabled by default. See 8074458 (not public). the actual change is removal of EXPORT cipher suites form the set of cipher suites enabled by default. Hence CVE-2015-0204 is incorrectly used for Oracle JDK, as there's following noted use as part of the CVE-2015-0204 description: NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations.
This issue has been addressed in the following products: JBoss Enterprise Application Platform 6.4.0 Via RHSA-2015:0849 https://rhn.redhat.com/errata/RHSA-2015-0849.html
This issue has been addressed in the following products: Red Hat JBoss Web Server 2.1.1 Via RHSA-2016:1650 https://rhn.redhat.com/errata/RHSA-2016-1650.html