openssl: CVE-2018-0737: Cache timing vulnerability in RSA Key Generation Source

Debian Bug report logs - #895844
openssl: CVE-2018-0737: Cache timing vulnerability in RSA Key Generation Source

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: openssl: CVE-2018-0737: Cache timing vulnerability in RSA Key Generation Source

Date: Mon, 16 Apr 2018 20:51:26 +0200

Source: openssl
Version: 1.1.0f-3
Severity: important
Tags: patch security upstream
Control: clone -1 -2
Control: reassign -2 openssl1.0 1.0.2l-2
Control: retitle -2 openssl1.0: CVE-2018-0737: Cache timing vulnerability in RSA Key Generation Source

Hi,

The following vulnerability was published for openssl.

CVE-2018-0737[0]:
| The OpenSSL RSA Key generation algorithm has been shown to be
| vulnerable to a cache timing side channel attack. An attacker with
| sufficient access to mount cache timing attacks during the RSA key
| generation process could recover the private key. Fixed in OpenSSL
| 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev
| (Affected 1.0.2b-1.0.2o).

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2018-0737
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0737
[1] https://www.openssl.org/news/secadv/20180416.txt

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Message #12 received at 895844@bugs.debian.org (full text, mbox, reply):

From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

To: Salvatore Bonaccorso <carnil@debian.org>, 895844@bugs.debian.org

Subject: Re: Bug#895844: openssl: CVE-2018-0737: Cache timing vulnerability in RSA Key Generation Source

Date: Mon, 16 Apr 2018 21:07:59 +0200

On 2018-04-16 20:51:26 [+0200], Salvatore Bonaccorso wrote:
> Severity: important
…
> CVE-2018-0737[0]:
> | The OpenSSL RSA Key generation algorithm has been shown to be
> | vulnerable to a cache timing side channel attack. An attacker with
> | sufficient access to mount cache timing attacks during the RSA key
> | generation process could recover the private key. Fixed in OpenSSL
> | 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev
> | (Affected 1.0.2b-1.0.2o).
> 
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

do you want me to go ahead and prepare an upload? Upstream said that
they won't prepare a new release because it is classified with severity
low (yet it is filled here as important).
 
> Regards,
> Salvatore

Sebastian

Message #17 received at 895844@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>, 895844@bugs.debian.org

Subject: Re: Bug#895844: openssl: CVE-2018-0737: Cache timing vulnerability in RSA Key Generation Source

Date: Mon, 16 Apr 2018 21:24:21 +0200

Hi Sebastian,

Impressive repsonse time :)

On Mon, Apr 16, 2018 at 09:07:59PM +0200, Sebastian Andrzej Siewior wrote:
> On 2018-04-16 20:51:26 [+0200], Salvatore Bonaccorso wrote:
> > Severity: important
> …
> > CVE-2018-0737[0]:
> > | The OpenSSL RSA Key generation algorithm has been shown to be
> > | vulnerable to a cache timing side channel attack. An attacker with
> > | sufficient access to mount cache timing attacks during the RSA key
> > | generation process could recover the private key. Fixed in OpenSSL
> > | 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev
> > | (Affected 1.0.2b-1.0.2o).
> > 
> > If you fix the vulnerability please also make sure to include the
> > CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
> 
> do you want me to go ahead and prepare an upload? Upstream said that
> they won't prepare a new release because it is classified with severity
> low (yet it is filled here as important).

I do not think they warrant a DSA, I have actually marked those
already as no-dsa/postponed, and a fix can be included in the next
update needed.

Regards,
Salvatore

Message #22 received at 895844-close@bugs.debian.org (full text, mbox, reply):

From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

To: 895844-close@bugs.debian.org

Subject: Bug#895844: fixed in openssl 1.1.0h-3

Date: Fri, 18 May 2018 11:38:02 +0000

Source: openssl
Source-Version: 1.1.0h-3

We believe that the bug you reported is fixed in the latest version of
openssl, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 895844@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sebastian Andrzej Siewior <sebastian@breakpoint.cc> (supplier of updated openssl package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 17 May 2018 23:35:43 +0200
Source: openssl
Binary: openssl libssl1.1 libcrypto1.1-udeb libssl1.1-udeb libssl-dev libssl-doc
Architecture: source
Version: 1.1.0h-3
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>
Changed-By: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Description:
 libcrypto1.1-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb)
 libssl-dev - Secure Sockets Layer toolkit - development files
 libssl-doc - Secure Sockets Layer toolkit - development documentation
 libssl1.1  - Secure Sockets Layer toolkit - shared libraries
 libssl1.1-udeb - ssl shared library - udeb (udeb)
 openssl    - Secure Sockets Layer toolkit - cryptographic utility
Closes: 895844
Changes:
 openssl (1.1.0h-3) unstable; urgency=medium
 .
   * Drop afalgeng on kfreebsd-* which go enabled because they inherit from
     the linux target.
   * Fix regression with session cache use by clients (See: #895035).
   * openssl rehash: exit 0 on warnings, same as c_rehash (See: #895473 and
     #895482).
   * Fix debian-rules-sets-dpkg-architecture-variable.
   * Let VCS-* point to salsa.d.o.
   * Don't build the binary package in binary-indep mode.
   * Update to policy 4.1.4
     - only Suggest: libssl-doc instead Recommends (only documentation and
       example code is shipped).
     - drop Priority: important.
     - use signing-key.asc and a https links for downloads
   * Use compat 11.
     - this moves the examples to /usr/share/doc/libssl-{doc->dev}/demos but it
       seems to make sense.
   * Fix CVE-2018-0737 (Closes: #895844).
Checksums-Sha1:
 f77bf98a0852b9ab3395ebac64e2ccd368119402 2566 openssl_1.1.0h-3.dsc
 5aab130d2e4d7cf35526e739ef13ae753315f9a6 75884 openssl_1.1.0h-3.debian.tar.xz
 b8f0c8259fecbb7d506eb2989c0d4f11a80eaa01 5883 openssl_1.1.0h-3_source.buildinfo
Checksums-Sha256:
 77ab29b9bcd1c92d6c95077541bca6c19a1cb4ee550801eb77fe729a32a898f7 2566 openssl_1.1.0h-3.dsc
 82dc58b45af704cc838b41a3976050aa5af28c0cdd26422f4a5c97c4f9f3511f 75884 openssl_1.1.0h-3.debian.tar.xz
 dd49b85622c6ae43957b33780d657c3b3fd1ac14bd3bd3d1e79e3471e0ffd5f8 5883 openssl_1.1.0h-3_source.buildinfo
Files:
 de49a46748f55e45b2d2f763c9f55638 2566 utils optional openssl_1.1.0h-3.dsc
 6fe43439946877d41a8fd1c0b36ea067 75884 utils optional openssl_1.1.0h-3.debian.tar.xz
 33e20e836b93569e4dbc0f60bb02f6bf 5883 utils optional openssl_1.1.0h-3_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEErHvQgQWZUb1RregAT+XjJihy5MwFAlr+tZQACgkQT+XjJihy
5MyFpxAAyJ9cP4z/N6dA+At2aYimfgR2Blyt8MEt/B1P948ooUNxP0CoOnMNSsa+
V5zHGSKnvN0sX1D6tGB+YVA5UOxOFQGrU37WPUgWOFPmsOKIxyv6XLqAoVyx6W67
OFk3zVmmU2j4073oK/eAeo2nQwM69DsqxSl7KcnxKbnyjpLs37nRqbug/ml+mQZk
lNqNxLhaw15xG3r7yjLgMRxHI+wrDs7KeWVn/rq/KOWeE+3ms4ia12XXQr3Akdf9
jqigETSSyd2Lrcogv98PYw7A3QfQnrhwAsAIRSgMWkN/yI9GoL/2dSOKpT6gZHRR
+fF8xgUJeHFjlP21tVFQVr5NbbhusiPHJkmHY94Cubl/q1qyUhMnfyiKft7HmakH
/ag3TA9yfS0akqnio337y/05XoIx9+10qTxxtZGmyWJXccsTZlESoY4ommfSL5yj
7Y/SPBso34Uu36KioOdVsJyi6Mp+9kb4jsEHVT3KyMt6wxfXr0SL5MzndFW7nvrm
DwwSTpEAXdzpmRMSR+9i7eZpXduXk1dEEuk7U4HUnhpXBf45qSxhhDuHDScrzRpN
IQW6NdfnzgmJ2x4lDrsU1pL2cpGDZ/T/rEPhVJzaWFiCBcLYXRi2wa0QEK4+/XV2
Bzj4yakuHTNi4LzN9gcPsSlBcB8eq/envqtVY/RZv1Qx5QkLFnw=
=X89P
-----END PGP SIGNATURE-----

Message #27 received at 895844-close@bugs.debian.org (full text, mbox, reply):

From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

To: 895844-close@bugs.debian.org

Subject: Bug#895844: fixed in openssl 1.1.1~~pre7-1

Date: Wed, 30 May 2018 18:35:41 +0000

Source: openssl
Source-Version: 1.1.1~~pre7-1

We believe that the bug you reported is fixed in the latest version of
openssl, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 895844@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sebastian Andrzej Siewior <sebastian@breakpoint.cc> (supplier of updated openssl package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 30 May 2018 19:49:26 +0200
Source: openssl
Binary: openssl libssl1.1 libcrypto1.1-udeb libssl1.1-udeb libssl-dev libssl-doc
Architecture: source
Version: 1.1.1~~pre7-1
Distribution: experimental
Urgency: medium
Maintainer: Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>
Changed-By: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Description:
 libcrypto1.1-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb)
 libssl-dev - Secure Sockets Layer toolkit - development files
 libssl-doc - Secure Sockets Layer toolkit - development documentation
 libssl1.1  - Secure Sockets Layer toolkit - shared libraries
 libssl1.1-udeb - ssl shared library - udeb (udeb)
 openssl    - Secure Sockets Layer toolkit - cryptographic utility
Closes: 895844
Changes:
 openssl (1.1.1~~pre7-1) experimental; urgency=medium
 .
   * Drop afalgeng on kfreebsd-* which go enabled because they inherit from
     the linux target.
   * Fix debian-rules-sets-dpkg-architecture-variable.
   * Update to policy 4.1.4
     - only Suggest: libssl-doc instead Recommends (only documentation and
       example code is shipped).
     - drop Priority: important.
     - use signing-key.asc and a https links for downloads
   * Use compat 11.
     - this moves the examples to /usr/share/doc/libssl-{doc->dev}/demos but it
       seems to make sense.
   * Add a 25-test_verify.t for autopkgtest which runs against intalled
     openssl binary.
   * Fix CVE-2018-0737 (Closes: #895844).
Checksums-Sha1:
 55df169692f4ee3e375393f20ef7208b38250c5e 2664 openssl_1.1.1~~pre7-1.dsc
 1879b688f9e36665f82bda8cac4f392029683bd0 8308876 openssl_1.1.1~~pre7.orig.tar.gz
 3319aa6043979845ef31b590b017bf9ec5a729b1 488 openssl_1.1.1~~pre7.orig.tar.gz.asc
 f4732399240db1189542eef092fd0e4600ab3ddb 82876 openssl_1.1.1~~pre7-1.debian.tar.xz
 cd7ebe5e22319ae688e666b9b7072bfd42ddd6f3 5915 openssl_1.1.1~~pre7-1_source.buildinfo
Checksums-Sha256:
 f4cec8d3fc2192a5dea89116daa7de3a15223bf6d03199ea4742306fd263f724 2664 openssl_1.1.1~~pre7-1.dsc
 e4a54e1eba2900004a2e39cde62aeaf1f1fa0442169f849faf14e735136ad6cc 8308876 openssl_1.1.1~~pre7.orig.tar.gz
 35b81dfc7e67b5db39f4dda52854f17937a5591b1d15148953c1bc9dcd73211b 488 openssl_1.1.1~~pre7.orig.tar.gz.asc
 77b4dee6e5a23983baa78eabfa76ab27bcc0a719ff7eb2b2a672371e4dae1881 82876 openssl_1.1.1~~pre7-1.debian.tar.xz
 faef4b047d598de854e5f94007ba0d58ac560ff9907e9a2649ff14a40898b44e 5915 openssl_1.1.1~~pre7-1_source.buildinfo
Files:
 c9e3dedd7fb2cec584560e6e554dac52 2664 utils optional openssl_1.1.1~~pre7-1.dsc
 3fb0f3632dc5fc380a3b00ac8e4d6413 8308876 utils optional openssl_1.1.1~~pre7.orig.tar.gz
 d9c001b62e30ab57b735f1f69c2a4076 488 utils optional openssl_1.1.1~~pre7.orig.tar.gz.asc
 1fc10e16d9c0aeffb94fa169dc138e8e 82876 utils optional openssl_1.1.1~~pre7-1.debian.tar.xz
 b3b48a95d7939497efbbd0cc3f73cf4d 5915 utils optional openssl_1.1.1~~pre7-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEErHvQgQWZUb1RregAT+XjJihy5MwFAlsO6RUACgkQT+XjJihy
5MwCVA/+OM8q6TecyWxlvjWzizv6wIcbP+sbidcI0LZVm9zjupKcibxbDd2vNmW3
z+LWxHiql/oVShwFn10YKQVtGGNmj2eT44i+FL1xz07MHTu+01B+9YWowSnnHjt7
ElgvOazd6B+4B11BK6GZQFQIhPjD3gHIYBc/E204rQMJkktD2xqWaXlSUdhT+zeV
Cb/PZx+/ZKI9THAqIbm56ieolQismWH3kjfz7tNv4sntwpJL54h62zpn42hW+h/I
w3/OhmLbyjGuWM0Oki4ddILKHwkGG8Sebj4IW4a4HOPt39bcEsxG41DfPparMYmt
nHi+UQgnEEQ3/yPWHto40VFo+S4sgRJZFwN1tixWI5MJPQcTEBNKlK0FE9f1G5a7
b841Kl+5j2ZP3SvE97PxVoO1vWjkfktj95nQdQS6rXn/LJt0nwVhUApP21hFiHYP
WjgJwy1GYz1rdNPMa2xn9ym51cbuHVgk7q8TG5sMgJyZJSRB3AV86aGWrOlpC5q8
CWbepK1N/nzZbnzLY1VF/wUn9+fH6VpeMb8IGI5ZSXP18p+ZXbCymzxFSvMSkV9Q
6KEIRFt01uP/8NBp68SKmsM6F3kjes8vwKT+bgKlvVyJ0Cr8y5YrGgxcwrwLeze+
bGR1fuD7drFe+9HBS3U13KnO3uRucJ/QKA/ZCtAnK/VwEa/KxM0=
=JRle
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.