Bug 2182561 (CVE-2023-0465) - CVE-2023-0465 openssl: Invalid certificate policies in leaf certificates are silently ignored
Summary: CVE-2023-0465 openssl: Invalid certificate policies in leaf certificates are ...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2023-0465
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2182590 2182567 2182568 2182569 2182570 2182571 2182572 2182573 2182574 2182575 2182589 2182591 2182592 2182593 2182594 2182595 2182596 2182597 2182598 2182599 2182600 2187429
Blocks: 2182416
TreeView+ depends on / blocked
 
Reported: 2023-03-29 03:17 UTC by Sandipan Roy
Modified: 2023-12-07 13:55 UTC (History)
55 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in OpenSSL. Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. OpenSSL and other certificate policy checks silently ignore invalid certificate policies in leaf certificates that are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.
Clone Of:
Environment:
Last Closed: 2023-06-22 03:26:42 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2023:3722 0 None None None 2023-06-21 14:38:59 UTC
Red Hat Product Errata RHSA-2023:7622 0 None None None 2023-12-07 12:18:04 UTC
Red Hat Product Errata RHSA-2023:7623 0 None None None 2023-12-07 12:37:20 UTC
Red Hat Product Errata RHSA-2023:7625 0 None None None 2023-12-07 13:49:12 UTC
Red Hat Product Errata RHSA-2023:7626 0 None None None 2023-12-07 13:55:27 UTC

Description Sandipan Roy 2023-03-29 03:17:16 UTC
Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Invalid certificate policies in leaf certificates are silently ignored by OpenSSL and other certificate policy checks are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies in order to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=facfb1ab745646e97a1920977ae4a9965ea61d5c
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1dd43e0709fece299b15208f36cc7c76209ba0bb
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b013765abfa80036dc779dd0e50602c57bb3bf95
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=10325176f3d3e98c6e2b3bf5ab1e3b334de6947a
https://www.openssl.org/news/secadv/20230328.txt

Comment 2 TEJ RATHI 2023-03-29 04:09:21 UTC
Created edk2 tracking bugs for this issue:

Affects: fedora-36 [bug 2182591]
Affects: fedora-37 [bug 2182596]


Created mingw-openssl tracking bugs for this issue:

Affects: fedora-36 [bug 2182592]
Affects: fedora-37 [bug 2182597]


Created openssl tracking bugs for this issue:

Affects: fedora-36 [bug 2182593]
Affects: fedora-37 [bug 2182598]


Created openssl1.1 tracking bugs for this issue:

Affects: fedora-36 [bug 2182594]
Affects: fedora-37 [bug 2182599]


Created openssl11 tracking bugs for this issue:

Affects: epel-7 [bug 2182589]


Created openssl3 tracking bugs for this issue:

Affects: epel-8 [bug 2182590]


Created shim tracking bugs for this issue:

Affects: fedora-36 [bug 2182595]
Affects: fedora-37 [bug 2182600]

Comment 5 errata-xmlrpc 2023-06-21 14:38:55 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:3722 https://access.redhat.com/errata/RHSA-2023:3722

Comment 6 Product Security DevOps Team 2023-06-22 03:26:38 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2023-0465

Comment 7 errata-xmlrpc 2023-12-07 12:17:59 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Web Server 5.7 on RHEL 7
  Red Hat JBoss Web Server 5.7 on RHEL 8
  Red Hat JBoss Web Server 5.7 on RHEL 9

Via RHSA-2023:7622 https://access.redhat.com/errata/RHSA-2023:7622

Comment 8 errata-xmlrpc 2023-12-07 12:37:15 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Web Server

Via RHSA-2023:7623 https://access.redhat.com/errata/RHSA-2023:7623

Comment 9 errata-xmlrpc 2023-12-07 13:49:07 UTC
This issue has been addressed in the following products:

  JBoss Core Services on RHEL 7
  JBoss Core Services for RHEL 8

Via RHSA-2023:7625 https://access.redhat.com/errata/RHSA-2023:7625

Comment 10 errata-xmlrpc 2023-12-07 13:55:22 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Core Services

Via RHSA-2023:7626 https://access.redhat.com/errata/RHSA-2023:7626


Note You need to log in before you can comment on or make changes to this bug.