The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: TLS clients consuming server certificates TLS servers consuming client certificates Hosting providers taking certificates or private keys from customers Certificate authorities parsing certification requests from subscribers Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. On the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. OpenSSL 1.0.2 users should upgrade to 1.0.2zd OpenSSL 1.1.1 users should upgrade to 1.1.1n OpenSSL 3.0 users should upgrade to 3.0.2 This issue was reported to OpenSSL on the 24th February 2022 by Tavis Ormandy from Google. The fix was developed by David Benjamin from Google and Tomáš Mráz from OpenSSL. OpenSSL Security Advisory: https://www.openssl.org/news/secadv/20220315.txt Upstream patch: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3118eb64934499d93db3230748a452351d1d9a65
https://www.openssl.org/news/secadv/20220315.txt https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3118eb64934499d93db3230748a452351d1d9a65
Created edk2 tracking bugs for this issue: Affects: fedora-all [bug 2064917] Created mingw-openssl tracking bugs for this issue: Affects: fedora-all [bug 2064914] Created openssl tracking bugs for this issue: Affects: fedora-all [bug 2064911] Created openssl1.1 tracking bugs for this issue: Affects: fedora-all [bug 2064918] Created openssl11 tracking bugs for this issue: Affects: epel-7 [bug 2064913] Created openssl3 tracking bugs for this issue: Affects: epel-8 [bug 2064915]
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:1065 https://access.redhat.com/errata/RHSA-2022:1065
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.4 Advanced Update Support Via RHSA-2022:1076 https://access.redhat.com/errata/RHSA-2022:1076
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Extended Lifecycle Support Via RHSA-2022:1073 https://access.redhat.com/errata/RHSA-2022:1073
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2022:1071 https://access.redhat.com/errata/RHSA-2022:1071
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2022:1066 https://access.redhat.com/errata/RHSA-2022:1066
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.6 Advanced Update Support Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions Red Hat Enterprise Linux 7.6 Telco Extended Update Support Via RHSA-2022:1078 https://access.redhat.com/errata/RHSA-2022:1078
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.7 Advanced Update Support Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions Red Hat Enterprise Linux 7.7 Telco Extended Update Support Via RHSA-2022:1077 https://access.redhat.com/errata/RHSA-2022:1077
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.3 Advanced Update Support Via RHSA-2022:1082 https://access.redhat.com/errata/RHSA-2022:1082
(In reply to errata-xmlrpc from comment #40) > This issue has been addressed in the following products: > > Red Hat Enterprise Linux 7.3 Advanced Update Support > > Via RHSA-2022:1082 https://access.redhat.com/errata/RHSA-2022:1082 That is not yet reflected in bz2067222. Seems to also apply to other errata, like the 7.4.z fix.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2022:1091 https://access.redhat.com/errata/RHSA-2022:1091
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2022:1112 https://access.redhat.com/errata/RHSA-2022:1112
This issue has been addressed in the following products: Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 Via RHSA-2022:1263 https://access.redhat.com/errata/RHSA-2022:1263
Dear team, I see our errata for RHEL 7 only upgrades openssl to openssl-1.0.2k-25.el7_9 But the description of this CVE noted that 'OpenSSL 1.0.2 users should upgrade to 1.0.2zd' Is our RHSA-2022:1066 already fixes this CVE?
1.0.2zd is an upstream version, we normally don't rebase to a new upstream version on fixing CVE. We apply the patches fixing the vulnerability and increase our version. Yes, the patch was added to openssl-1.0.2k-25
Jace, please see this article on the topic of backporting security fixes: https://access.redhat.com/security/updates/backporting
This issue has been addressed in the following products: Red Hat JBoss Core Services Via RHSA-2022:1390 https://access.redhat.com/errata/RHSA-2022:1390
This issue has been addressed in the following products: JBoss Core Services on RHEL 7 JBoss Core Services for RHEL 8 Via RHSA-2022:1389 https://access.redhat.com/errata/RHSA-2022:1389
This issue has been addressed in the following products: Red Hat Advanced Cluster Management for Kubernetes 2.4 for RHEL 8 Via RHSA-2022:1476 https://access.redhat.com/errata/RHSA-2022:1476
This issue has been addressed in the following products: Red Hat JBoss Web Server Via RHSA-2022:1520 https://access.redhat.com/errata/RHSA-2022:1520
This issue has been addressed in the following products: Red Hat JBoss Web Server 5.6 on RHEL 7 Red Hat JBoss Web Server 5.6 on RHEL 8 Via RHSA-2022:1519 https://access.redhat.com/errata/RHSA-2022:1519
(In reply to errata-xmlrpc from comment #37) > This issue has been addressed in the following products: > > Red Hat Enterprise Linux 7 > > Via RHSA-2022:1066 https://access.redhat.com/errata/RHSA-2022:1066 This is super minor, but I just found it grepping the rpm changelog for this CVE. The changelog lists the CVE that was fixed as CVE-2022-2078 (which doesn't exist) instead of CVE-2022-0778. Here's what's in the changelog: * Wed Mar 23 2022 Dmitry Belyavskiy <dbelyavs> - 1:1.0.2k-25 - Fixes CVE-2022-2078 Infinite loop in BN_mod_sqrt() reachable when parsing certificates - Related: rhbz#2067160
This issue has been addressed in the following products: Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 Via RHSA-2022:4896 https://access.redhat.com/errata/RHSA-2022:4896
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2022:4899 https://access.redhat.com/errata/RHSA-2022:4899
This issue has been addressed in the following products: Red Hat Advanced Cluster Management for Kubernetes 2.5 for RHEL 8 Via RHSA-2022:4956 https://access.redhat.com/errata/RHSA-2022:4956
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:5326 https://access.redhat.com/errata/RHSA-2022:5326
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-0778