wolfssl: CVE-2017-6076

Debian Bug report logs - #856114
wolfssl: CVE-2017-6076

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: wolfssl: CVE-2017-6076

Date: Sat, 25 Feb 2017 11:27:22 +0100

Source: wolfssl
Version: 3.9.10+dfsg-1
Severity: grave
Tags: upstream security patch fixed-upstream

Hi,

the following vulnerability was published for wolfssl.

CVE-2017-6076[0]:
| In versions of wolfSSL before 3.10.2 the function fp_mul_comba makes
| it easier to extract RSA key information for a malicious user who has
| access to view cache on a machine.

From the release notes:

Low level fix for potential cache attack on RSA operations. If using
wolfSSL RSA on a server that other users can have access to monitor
the cache, then it is recommended to update wolfSSL. Thanks to Andreas
Zankl, Johann Heyszl and Georg Sigl at Fraunhofer AISEC for the
initial report.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-6076
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6076
[1] https://github.com/wolfSSL/wolfssl/commit/345df93978c41da1ac8047a37f1fed5286883d8d
[2] https://github.com/wolfSSL/wolfssl/pull/674

Regards,
Salvatore

Message #10 received at 856114@bugs.debian.org (full text, mbox, reply):

From: Felix Lechner <felix.lechner@lease-up.com>

To: 856114@bugs.debian.org

Cc: Salvatore Bonaccorso <carnil@debian.org>

Subject: Re: Bug#856114: wolfssl: CVE-2017-6076

Date: Sat, 25 Feb 2017 08:10:22 -0800

[Message part 1 (text/plain, inline)]

Hi Salvatore,

Thank you for your email. I would like to package the new version but
3.10.2 was not signed on GitHub. (Upstream recently added those signatures
for us.) The more recent release actually fixes two additional
vulnerabilities, with one being more serious. Details are in [0] and
replicated in part here:

This release of wolfSSL fixes 2 low and 1 medium level security
vulnerability.

Low level fix of buffer overflow for when loading in a malformed temporary
DH file. Thanks to Yueh-Hsun Lin and Peng Li from KNOX Security, Samsung
Research America for the report.

Medium level fix for processing of OCSP response. If using OCSP without
hard faults enforced and no alternate revocation checks like OCSP stapling
then it is recommended to update.

Low level fix for potential cache attack on RSA operations. If using
wolfSSL RSA on a server that other users can have access to monitor the
cache, then it is recommended to update wolfSSL. Thanks to Andreas Zankl,
Johann Heyszl and Georg Sigl at Fraunhofer AISEC for the initial report.

I will wait with packaging until the release is signed, which may be after
the weekend. Meanwhile, you are welcome to file reports for the other
vulnerabilities. Did MITRE have them too? Thank you!

Best regards,
Felix

[0] https://github.com/wolfSSL/wolfssl/releases/tag/v3.10.2-stable


On Sat, Feb 25, 2017 at 2:27 AM, Salvatore Bonaccorso <carnil@debian.org>
wrote:

> Source: wolfssl
> Version: 3.9.10+dfsg-1
> Severity: grave
> Tags: upstream security patch fixed-upstream
>
> Hi,
>
> the following vulnerability was published for wolfssl.
>
> CVE-2017-6076[0]:
> | In versions of wolfSSL before 3.10.2 the function fp_mul_comba makes
> | it easier to extract RSA key information for a malicious user who has
> | access to view cache on a machine.
>
> From the release notes:
>
> Low level fix for potential cache attack on RSA operations. If using
> wolfSSL RSA on a server that other users can have access to monitor
> the cache, then it is recommended to update wolfSSL. Thanks to Andreas
> Zankl, Johann Heyszl and Georg Sigl at Fraunhofer AISEC for the
> initial report.
>
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
>
> For further information see:
>
> [0] https://security-tracker.debian.org/tracker/CVE-2017-6076
>     https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6076
> [1] https://github.com/wolfSSL/wolfssl/commit/
> 345df93978c41da1ac8047a37f1fed5286883d8d
> [2] https://github.com/wolfSSL/wolfssl/pull/674
>
> Regards,
> Salvatore
>

[Message part 2 (text/html, inline)]

Message #15 received at 856114@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Felix Lechner <felix.lechner@lease-up.com>

Cc: 856114@bugs.debian.org

Subject: Re: Bug#856114: wolfssl: CVE-2017-6076

Date: Mon, 27 Feb 2017 14:14:04 +0100

Hi Felix,

Sorry for the late reply!

On Sat, Feb 25, 2017 at 08:10:22AM -0800, Felix Lechner wrote:
> Hi Salvatore,
> 
> Thank you for your email. I would like to package the new version but
> 3.10.2 was not signed on GitHub. (Upstream recently added those signatures
> for us.) The more recent release actually fixes two additional
> vulnerabilities, with one being more serious. Details are in [0] and
> replicated in part here:

To have the fixes in stretch, at this point of the release I suspect
we will need to have them cherry-picked. Otherwise I think the release
team will not ack it to unblock. 

> 
> This release of wolfSSL fixes 2 low and 1 medium level security
> vulnerability.
> 
> Low level fix of buffer overflow for when loading in a malformed temporary
> DH file. Thanks to Yueh-Hsun Lin and Peng Li from KNOX Security, Samsung
> Research America for the report.
> 
> Medium level fix for processing of OCSP response. If using OCSP without
> hard faults enforced and no alternate revocation checks like OCSP stapling
> then it is recommended to update.
> 
> Low level fix for potential cache attack on RSA operations. If using
> wolfSSL RSA on a server that other users can have access to monitor the
> cache, then it is recommended to update wolfSSL. Thanks to Andreas Zankl,
> Johann Heyszl and Georg Sigl at Fraunhofer AISEC for the initial report.
> 
> I will wait with packaging until the release is signed, which may be after
> the weekend. Meanwhile, you are welcome to file reports for the other
> vulnerabilities. Did MITRE have them too? Thank you!

Alright, thanks for the information. I will check later today if I
find if CVEs were already assigned. Will come back to you if I have
some questions!

Regards and thanks for your work!

Salvatore

Message #20 received at 856114@bugs.debian.org (full text, mbox, reply):

From: Felix Lechner <felix.lechner@lease-up.com>

To: Salvatore Bonaccorso <carnil@debian.org>

Cc: 856114@bugs.debian.org, Clint Byrum <spamaps@debian.org>

Subject: Re: Bug#856114: wolfssl: CVE-2017-6076

Date: Mon, 27 Feb 2017 17:42:33 -0800

[Message part 1 (text/plain, inline)]

Hi Salvatore,

A version fixing the vulnerability is available on Mentors
<https://mentors.debian.net/package/wolfssl>. Please feel free to upload it.

With a new soname version, this upload will go through NEW. Also I am not
sure the library will make it into stretch. Currently, no packages depend
on it.

In the past, I cooperated with Clint Byrum as a sponsor and copied him on
this message. Perhaps he would prefer to upload? Thank you!

Best regards,
Felix


On Mon, Feb 27, 2017 at 5:14 AM, Salvatore Bonaccorso <carnil@debian.org>
wrote:

> Hi Felix,
>
> Sorry for the late reply!
>
> On Sat, Feb 25, 2017 at 08:10:22AM -0800, Felix Lechner wrote:
> > Hi Salvatore,
> >
> > Thank you for your email. I would like to package the new version but
> > 3.10.2 was not signed on GitHub. (Upstream recently added those
> signatures
> > for us.) The more recent release actually fixes two additional
> > vulnerabilities, with one being more serious. Details are in [0] and
> > replicated in part here:
>
> To have the fixes in stretch, at this point of the release I suspect
> we will need to have them cherry-picked. Otherwise I think the release
> team will not ack it to unblock.
>
> >
> > This release of wolfSSL fixes 2 low and 1 medium level security
> > vulnerability.
> >
> > Low level fix of buffer overflow for when loading in a malformed
> temporary
> > DH file. Thanks to Yueh-Hsun Lin and Peng Li from KNOX Security, Samsung
> > Research America for the report.
> >
> > Medium level fix for processing of OCSP response. If using OCSP without
> > hard faults enforced and no alternate revocation checks like OCSP
> stapling
> > then it is recommended to update.
> >
> > Low level fix for potential cache attack on RSA operations. If using
> > wolfSSL RSA on a server that other users can have access to monitor the
> > cache, then it is recommended to update wolfSSL. Thanks to Andreas Zankl,
> > Johann Heyszl and Georg Sigl at Fraunhofer AISEC for the initial report.
> >
> > I will wait with packaging until the release is signed, which may be
> after
> > the weekend. Meanwhile, you are welcome to file reports for the other
> > vulnerabilities. Did MITRE have them too? Thank you!
>
> Alright, thanks for the information. I will check later today if I
> find if CVEs were already assigned. Will come back to you if I have
> some questions!
>
> Regards and thanks for your work!
>
> Salvatore
>

[Message part 2 (text/html, inline)]

Message #25 received at 856114@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Felix Lechner <felix.lechner@lease-up.com>

Cc: 856114@bugs.debian.org, Clint Byrum <spamaps@debian.org>

Subject: Re: Bug#856114: wolfssl: CVE-2017-6076

Date: Fri, 3 Mar 2017 21:30:02 +0100

Hi,

On Mon, Feb 27, 2017 at 05:42:33PM -0800, Felix Lechner wrote:
> Hi Salvatore,
> 
> A version fixing the vulnerability is available on Mentors
> <https://mentors.debian.net/package/wolfssl>. Please feel free to upload it.
> 
> With a new soname version, this upload will go through NEW. Also I am not
> sure the library will make it into stretch. Currently, no packages depend
> on it.
> 
> In the past, I cooperated with Clint Byrum as a sponsor and copied him on
> this message. Perhaps he would prefer to upload? Thank you!

Clint, can you please take care of the sponsoring? I'm quite
overwhelmed with other tasks, and it is not possible for me helping
reviewing+sponsoring new upstream version packages ATM for me.

@Felix, have the other part still pending on my todo list.

Regards,
Salvatore

Message #30 received at 856114@bugs.debian.org (full text, mbox, reply):

From: Clint Byrum <spamaps@debian.org>

To: Felix Lechner <felix.lechner@lease-up.com>, 856114 <856114@bugs.debian.org>

Subject: Re: Bug#856114: wolfssl: CVE-2017-6076

Date: Fri, 03 Mar 2017 15:02:02 -0800

I'm conferencing today and then vacationing Monday, but I should be able
to get to it Tuesday.

Excerpts from Salvatore Bonaccorso's message of 2017-03-03 21:30:02 +0100:
> Hi,
> 
> On Mon, Feb 27, 2017 at 05:42:33PM -0800, Felix Lechner wrote:
> > Hi Salvatore,
> > 
> > A version fixing the vulnerability is available on Mentors
> > <https://mentors.debian.net/package/wolfssl>. Please feel free to upload it.
> > 
> > With a new soname version, this upload will go through NEW. Also I am not
> > sure the library will make it into stretch. Currently, no packages depend
> > on it.
> > 
> > In the past, I cooperated with Clint Byrum as a sponsor and copied him on
> > this message. Perhaps he would prefer to upload? Thank you!
> 
> Clint, can you please take care of the sponsoring? I'm quite
> overwhelmed with other tasks, and it is not possible for me helping
> reviewing+sponsoring new upstream version packages ATM for me.
> 
> @Felix, have the other part still pending on my todo list.
> 
> Regards,
> Salvatore

Message #35 received at 856114-close@bugs.debian.org (full text, mbox, reply):

From: Felix Lechner <felix.lechner@lease-up.com>

To: 856114-close@bugs.debian.org

Subject: Bug#856114: fixed in wolfssl 3.10.2+dfsg-1

Date: Mon, 10 Apr 2017 18:00:17 +0000

Source: wolfssl
Source-Version: 3.10.2+dfsg-1

We believe that the bug you reported is fixed in the latest version of
wolfssl, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 856114@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Felix Lechner <felix.lechner@lease-up.com> (supplier of updated wolfssl package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 08 Apr 2017 14:09:21 -0700
Source: wolfssl
Binary: libwolfssl10 libwolfssl-dev
Architecture: source armhf
Version: 3.10.2+dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Felix Lechner <felix.lechner@lease-up.com>
Changed-By: Felix Lechner <felix.lechner@lease-up.com>
Description:
 libwolfssl-dev - Development files for the wolfSSL encryption library
 libwolfssl10 - wolfSSL encryption library
Closes: 856114
Changes:
 wolfssl (3.10.2+dfsg-1) unstable; urgency=medium
 .
   * New upstream release.
   * New major version is 10
   * New maintainer email address
   * Fixes a low level vulnerability for buffer overflow when loading a
     malformed temporary DH file
   * Fixes a medium level vulnerability for processing of OCSP response
   * Fixes CVE-2017-6076, a low level vulnerability for a potential
     cache attack on RSA operations (Closes: #856114)
   * Enabled SHA-224 for all architectures, as advised by upstream
Checksums-Sha1:
 c09e10bb6f4e66abe53a74083405627617cd763b 1554 wolfssl_3.10.2+dfsg-1.dsc
 cf39a667b6a51e38ef2d58952845b30075df44df 1530895 wolfssl_3.10.2+dfsg.orig.tar.gz
 6b7623c80b0754f80016431bfecb0580a70de825 14228 wolfssl_3.10.2+dfsg-1.debian.tar.xz
 6226201fb1e79dcdd173208c6742fd1fb29a5a58 460160 libwolfssl-dev_3.10.2+dfsg-1_armhf.deb
 e77d1857a1d6690805c53b658399ed21facd9a8d 840076 libwolfssl10-dbgsym_3.10.2+dfsg-1_armhf.deb
 75b653c655a95e10b3d062cac5f4a5172c82e873 300220 libwolfssl10_3.10.2+dfsg-1_armhf.deb
 88e7a762bbb492c5ffaeac0988bd90f200040357 5673 wolfssl_3.10.2+dfsg-1_armhf.buildinfo
Checksums-Sha256:
 c5e33e1ec8522fe2bcd7d49dd425b00babc6119e13dc9955eee8c0e230c517ae 1554 wolfssl_3.10.2+dfsg-1.dsc
 d150ebd18b62e79be7dae0b4215272d853680f2adbfb51a192021a9be384f00b 1530895 wolfssl_3.10.2+dfsg.orig.tar.gz
 370c6a10d7adffece007630a85d30a81081371190fd00ed9cf6501cae2e9d33f 14228 wolfssl_3.10.2+dfsg-1.debian.tar.xz
 e65f44c48e43d7604460afd627492cf0f8c7d130016297912edacf2fce4a3ec0 460160 libwolfssl-dev_3.10.2+dfsg-1_armhf.deb
 48dca226f236bd4930a0db95a97a87446704cd885fd83fc344b5ff9daa378d49 840076 libwolfssl10-dbgsym_3.10.2+dfsg-1_armhf.deb
 78420297f544ee62b637ff448add12dd26bfa409a1a44a52dde38736833ffdf3 300220 libwolfssl10_3.10.2+dfsg-1_armhf.deb
 5f48edb5a93f4a47763b712eb6ec6608dbfa150f8bb1771dac3dfbd4365ff349 5673 wolfssl_3.10.2+dfsg-1_armhf.buildinfo
Files:
 07e174bf2bd0c4fb09629dc5ca36712d 1554 libs optional wolfssl_3.10.2+dfsg-1.dsc
 b8dbc5543dfc0c392388a1f631a7ce7f 1530895 libs optional wolfssl_3.10.2+dfsg.orig.tar.gz
 5b476b4857b948f50ca9fbed21c100c6 14228 libs optional wolfssl_3.10.2+dfsg-1.debian.tar.xz
 2777906e7bc1ae5fec7b791d3d6fd135 460160 libdevel optional libwolfssl-dev_3.10.2+dfsg-1_armhf.deb
 42ad674f525cc210903e7cbd0ae64bba 840076 debug extra libwolfssl10-dbgsym_3.10.2+dfsg-1_armhf.deb
 ea481a07888cb2ed2ba596790a59a0a0 300220 libs optional libwolfssl10_3.10.2+dfsg-1_armhf.deb
 be629ad2fc474895cfbdaf9b33f22224 5673 libs optional wolfssl_3.10.2+dfsg-1_armhf.buildinfo

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEE/Zzi2Nd1S3irJ5u9LDtDb+rGgQEFAljpcHsACgkQLDtDb+rG
gQEsGAf9Hfc0GznEdtkf9GM0PsSAJZnxKYB3Kv/d7t/HX8beVa5g97rkgsI0/ObJ
p2c2kPLLSZbwOHRchOkpWOiZIaFA8BxI+PqCDVO/e4O9W/L7aYo3e5NJzGOUgoKe
PiyujbsRib7e1qPylQ0QavKEhrtiqq9UuaG9cgy8ygbIdDrGPvCs4QIY1NHCunht
3TLfzMiAUlzYlcg9TfSWsMEN93NlNDgHQnP4luzKiK6BfwkktSSVBu8+RDfhOfO1
9iz9uQtg35cW76sxaDi1i0ZISggye8zExalcwrWu31bcecDcxyir1qm3GPAVdqov
SmG/AdzRAenfyiG95CYIphN04HwQEA==
=nmcb
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.