Bug 1602752 - Possible tag truncation security bug in AEAD API
Summary: Possible tag truncation security bug in AEAD API
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: python-cryptography
Version: 28
Hardware: All
OS: All
unspecified
urgent
Target Milestone: ---
Assignee: Jeremy Cline
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks: 1602755
TreeView+ depends on / blocked
 
Reported: 2018-07-18 12:24 UTC by Christian Heimes
Modified: 2018-07-31 17:10 UTC (History)
7 users (show)

Fixed In Version: python-cryptography-2.3-1.fc28 python-cryptography-2.3-1.fc27
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 1602755 (view as bug list)
Environment:
Last Closed: 2018-07-22 03:03:54 UTC
Type: Bug


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Github /pyca cryptography pull 4342 None None None 2018-07-18 12:24:57 UTC

Description Christian Heimes 2018-07-18 12:24:57 UTC
Description of problem:
The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage.

Version-Release number of selected component (if applicable):
All versions between >=1.9.0 and <2.3
* python-cryptography-2.0.2-4.fc27
* python-cryptography-2.2.1-1.fc28
* python-cryptography-2.2.1-3.fc29

EL7 only contains python-cryptography-1.7.2-1.el7_4.1, so it's not affected.

How reproducible:
always

Additional info:
The issue was fixed by PR https://github.com/pyca/cryptography/pull/4342 and in upstream release 2.3 (released today). The security issue is already public knowledge.

Comment 1 Fedora Update System 2018-07-18 14:15:58 UTC
python-cryptography-2.3-1.fc28 python-cryptography-vectors-2.3-1.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-a9fe5e183e

Comment 2 Fedora Update System 2018-07-18 14:16:07 UTC
python-cryptography-2.3-1.fc27 python-cryptography-vectors-2.3-1.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2018-06c24068c6

Comment 3 Fedora Update System 2018-07-19 17:29:25 UTC
python-cryptography-2.3-1.fc27, python-cryptography-vectors-2.3-1.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-06c24068c6

Comment 4 Fedora Update System 2018-07-19 20:20:40 UTC
python-cryptography-2.3-1.fc28, python-cryptography-vectors-2.3-1.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-a9fe5e183e

Comment 5 Fedora Update System 2018-07-22 03:03:54 UTC
python-cryptography-2.3-1.fc28, python-cryptography-vectors-2.3-1.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report.

Comment 6 Fedora Update System 2018-07-31 17:10:38 UTC
python-cryptography-2.3-1.fc27, python-cryptography-vectors-2.3-1.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.