Bug 1385723 (CVE-2016-5542) - CVE-2016-5542 OpenJDK: missing algorithm restrictions for jar verification (Libraries, 8155973)
Summary: CVE-2016-5542 OpenJDK: missing algorithm restrictions for jar verification (L...
Status: CLOSED ERRATA
Alias: CVE-2016-5542
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=moderate,public=20161018,repor...
Keywords: Security
Depends On:
Blocks: 1381992
TreeView+ depends on / blocked
 
Reported: 2016-10-17 15:04 UTC by Tomas Hoger
Modified: 2017-12-07 17:19 UTC (History)
5 users (show)

(edit)
It was discovered that the Libraries component of OpenJDK did not restrict the set of algorithms used for JAR integrity verification. This flaw could allow an attacker to modify content of the JAR file that used weak signing key or hash algorithm.
Clone Of:
(edit)
Last Closed: 2017-01-13 08:12:30 UTC


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2016:2079 normal SHIPPED_LIVE Critical: java-1.8.0-openjdk security update 2016-10-19 18:58:57 UTC
Red Hat Product Errata RHSA-2016:2088 normal SHIPPED_LIVE Critical: java-1.8.0-oracle security update 2017-12-14 22:30:51 UTC
Red Hat Product Errata RHSA-2016:2089 normal SHIPPED_LIVE Critical: java-1.7.0-oracle security update 2017-12-14 22:42:23 UTC
Red Hat Product Errata RHSA-2016:2090 normal SHIPPED_LIVE Important: java-1.6.0-sun security update 2017-12-14 20:03:08 UTC
Red Hat Product Errata RHSA-2016:2136 normal SHIPPED_LIVE Critical: java-1.8.0-ibm security update 2016-11-02 15:06:24 UTC
Red Hat Product Errata RHSA-2016:2137 normal SHIPPED_LIVE Critical: java-1.7.1-ibm security update 2016-11-02 15:05:59 UTC
Red Hat Product Errata RHSA-2016:2138 normal SHIPPED_LIVE Critical: java-1.7.0-ibm security update 2016-11-02 15:05:40 UTC
Red Hat Product Errata RHSA-2016:2658 normal SHIPPED_LIVE Important: java-1.7.0-openjdk security update 2016-11-07 18:27:12 UTC
Red Hat Product Errata RHSA-2016:2659 normal SHIPPED_LIVE Critical: java-1.6.0-ibm security update 2016-11-07 14:05:44 UTC
Red Hat Product Errata RHSA-2017:0061 normal SHIPPED_LIVE Important: java-1.6.0-openjdk security update 2017-01-13 05:00:28 UTC
Red Hat Product Errata RHSA-2017:1216 normal SHIPPED_LIVE Moderate: java-1.7.1-ibm security update 2017-05-09 20:41:26 UTC

Description Tomas Hoger 2016-10-17 15:04:51 UTC
It was discovered that the Libraries component of OpenJDK did not allow users to restrict the set of algorithms allowed for Jar integrity verification.  This flaw could allow an attacker to modify content of the Jar file that used weak signing key or hash algorithm.

The fix for this issue adds new security property - jdk.jar.disabledAlgorithms - which defines a set of algorithms not allowed to be used during Jar verification.  MD2 hash algorithm and RSA keys with less than 1024 bits are disabled by default.  Future updates are also expected to disable MD5 hash algorithm by default.

Comment 1 Tomas Hoger 2016-10-18 18:55:52 UTC
This change has the following entry in the release notes for Oracle JDK 8u111, 7u121, and 6u131:

http://www.oracle.com/technetwork/java/javase/8u111-relnotes-3124969.html
http://www.oracle.com/technetwork/java/javaseproducts/documentation/javase7supportreleasenotes-1601161.html#R170_121
http://www.oracle.com/technetwork/java/javase/documentation/overview-156328.html#R160_131

  Restrict JARs signed with weak algorithms and keys

  This JDK release introduces new restrictions on how signed JAR files are
  verified. If the signed JAR file uses a disabled algorithm or key size less
  than the minimum length, signature verification operations will ignore the
  signature and treat the JAR file as if it were unsigned. This can
  potentially occur in the following types of applications that use signed
  JAR files:

  1. Applets or Web Start Applications
  2. Standalone or Server Applications run with a SecurityManager enabled
  and that are configured with a policy file that grants permissions based
  on the code signer(s) of the JAR.


  The list of disabled algorithms is controlled via a new security property,
  jdk.jar.disabledAlgorithms, in the java.security file. This property
  contains a list of disabled algorithms and key sizes for cryptographically
  signed JAR files.

  The following algorithms and key sizes are restricted in this release:

  MD2 (in either the digest or signature algorithm)
  RSA keys less than 1024 bits 

  NOTE: We are planning to restrict MD5-based signatures in signed JARs in
  the January 2017 CPU.

  To check if a weak algorithm or key was used to sign a JAR file, you can
  use the jarsigner binary that ships with this JDK. Running jarsigner
  -verify -J-Djava.security.debug=jar on a JAR file signed with a weak
  algorithm or key will print more information about the disabled algorithm
  or key.

  For example, to check a JAR file named test.jar, use the following command:

  jarsigner -verify -J-Djava.security.debug=jar test.jar

  If the file in this example was signed with a weak signature algorithm like
  MD2withRSA, the following output would be displayed:

  jar: beginEntry META-INF/my_sig.RSA
  jar: processEntry: processing block
  jar: processEntry caught: java.security.SignatureException: Signature check
    failed. Disabled algorithm used: MD2withRSA
  jar: done with meta!

  The updated jarsigner command will exit with the following warning printed
  to standard output:
  "Signature not parsable or verifiable. The jar will be treated as unsigned.
  The jar may have been signed with a weak algorithm that is now disabled.
  For more information, rerun jarsigner with debug enabled
  (-J-Djava.security.debug=jar)"

  To address the issue, the JAR file will need to be re-signed with a
  stronger algorithm or key size.

  Alternatively, the restrictions can be reverted by removing the applicable
  weak algorithms or key sizes from the jdk.jar.disabledAlgorithms security
  property; however, this option is not recommended. Before re-signing
  affected JAR files, the existing signature(s) should be removed from the
  JAR. This can be done with the zip utility, as follows:

  zip -d test.jar 'META-INF/*.SF' 'META-INF/*.RSA' 'META-INF/*.DSA'

  Please periodically check the Oracle JRE and JDK Cryptographic Roadmap at
  http://java.com/cryptoroadmap for planned restrictions to signed JAR files
  and other security components. In particular, please note the current plan
  is to restrict MD5-based signatures in signed JAR files in the January
  2017 CPU.

  To test if your JARs have been signed with MD5, add MD5 to the
  jdk.jar.disabledAlgorithms security property, ex:

  jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024

  and then run jarsigner -verify -J-Djava.security.debug=jar on your JAR
  files as described above.

  JDK-8155973 (not public)

Comment 2 Tomas Hoger 2016-10-18 20:10:30 UTC
Public now via Oracle CPU October 2016, fixed in Oracle JDK 8u111, 7u121, and 6u131.

External References:

http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html#AppendixJAVA

Comment 4 errata-xmlrpc 2016-10-19 15:19:49 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6
  Red Hat Enterprise Linux 7

Via RHSA-2016:2079 https://rhn.redhat.com/errata/RHSA-2016-2079.html

Comment 5 errata-xmlrpc 2016-10-20 12:38:50 UTC
This issue has been addressed in the following products:

  Oracle Java for Red Hat Enterprise Linux 6
  Oracle Java for Red Hat Enterprise Linux 7

Via RHSA-2016:2088 https://rhn.redhat.com/errata/RHSA-2016-2088.html

Comment 6 errata-xmlrpc 2016-10-20 12:49:34 UTC
This issue has been addressed in the following products:

  Oracle Java for Red Hat Enterprise Linux 5
  Oracle Java for Red Hat Enterprise Linux 6
  Oracle Java for Red Hat Enterprise Linux 7

Via RHSA-2016:2090 https://rhn.redhat.com/errata/RHSA-2016-2090.html

Comment 7 errata-xmlrpc 2016-10-20 12:50:34 UTC
This issue has been addressed in the following products:

  Oracle Java for Red Hat Enterprise Linux 5
  Oracle Java for Red Hat Enterprise Linux 6
  Oracle Java for Red Hat Enterprise Linux 7

Via RHSA-2016:2089 https://rhn.redhat.com/errata/RHSA-2016-2089.html

Comment 8 errata-xmlrpc 2016-11-02 18:21:15 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 5 Supplementary

Via RHSA-2016:2138 https://rhn.redhat.com/errata/RHSA-2016-2138.html

Comment 9 errata-xmlrpc 2016-11-02 18:21:55 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7 Supplementary
  Red Hat Enterprise Linux 6 Supplementary

Via RHSA-2016:2137 https://rhn.redhat.com/errata/RHSA-2016-2137.html

Comment 10 errata-xmlrpc 2016-11-02 18:22:42 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6 Supplementary
  Red Hat Enterprise Linux 7 Supplementary

Via RHSA-2016:2136 https://rhn.redhat.com/errata/RHSA-2016-2136.html

Comment 11 errata-xmlrpc 2016-11-07 09:06:18 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 5 Supplementary
  Red Hat Enterprise Linux 6 Supplementary

Via RHSA-2016:2659 https://rhn.redhat.com/errata/RHSA-2016-2659.html

Comment 12 errata-xmlrpc 2016-11-07 13:28:19 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7
  Red Hat Enterprise Linux 5
  Red Hat Enterprise Linux 6

Via RHSA-2016:2658 https://rhn.redhat.com/errata/RHSA-2016-2658.html

Comment 13 errata-xmlrpc 2017-01-13 00:01:40 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7
  Red Hat Enterprise Linux 5
  Red Hat Enterprise Linux 6

Via RHSA-2017:0061 https://rhn.redhat.com/errata/RHSA-2017-0061.html

Comment 14 errata-xmlrpc 2017-05-09 16:42:02 UTC
This issue has been addressed in the following products:

  Red Hat Satellite 5.6
  Red Hat Satellite 5.7

Via RHSA-2017:1216 https://access.redhat.com/errata/RHSA-2017:1216


Note You need to log in before you can comment on or make changes to this bug.