openssl: CVE-2013-6449: crash when using TLS 1.2

Debian Bug report logs - #732754
openssl: CVE-2013-6449: crash when using TLS 1.2

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: openssl: CVE-2013-6449: crash when using TLS 1.2

Date: Sat, 21 Dec 2013 08:16:42 +0100

Package: openssl
Version: 1.0.1e-2
Severity: grave
Tags: security upstream patch

Hi,

the following vulnerability was published for openssl.

CVE-2013-6449[0]:
crash when using TLS 1.2

It was reported in Apache Traffic Server[1] and upstream at [2], see
also [3]. I was not able to reproduce any crash myself, just checking
against the openssl source package to verify upstrem patches apply.
See [4] and [5] for the patches applied.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6449
    http://security-tracker.debian.org/tracker/CVE-2013-6449
[1] https://issues.apache.org/jira/browse/TS-2355
[2] http://rt.openssl.org/Ticket/Display.html?id=3200&user=guest&pass=guest
[3] https://bugzilla.redhat.com/show_bug.cgi?id=1045363
[4] http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ca98926
[5] http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0294b2b

Regards,
Salvatore

Message #10 received at 732754@bugs.debian.org (full text, mbox, reply):

From: Kurt Roeckx <kurt@roeckx.be>

To: Salvatore Bonaccorso <carnil@debian.org>, 732754@bugs.debian.org

Cc: team@security.debian.org

Subject: Re: [Pkg-openssl-devel] Bug#732754: openssl: CVE-2013-6449: crash when using TLS 1.2

Date: Sat, 21 Dec 2013 09:35:38 +0100

On Sat, Dec 21, 2013 at 08:16:42AM +0100, Salvatore Bonaccorso wrote:
> Package: openssl
> Version: 1.0.1e-2
> Severity: grave
> Tags: security upstream patch
> 
> Hi,
> 
> the following vulnerability was published for openssl.
> 
> CVE-2013-6449[0]:
> crash when using TLS 1.2
> 
> It was reported in Apache Traffic Server[1] and upstream at [2], see
> also [3]. I was not able to reproduce any crash myself, just checking
> against the openssl source package to verify upstrem patches apply.
> See [4] and [5] for the patches applied.

I was expecting this, and planning an upload for it already.  I'll
prepare an upload later today.

I have a bunch of other patches that I'd like to see reach stable,
but I'm not sure how many of those you like in a DSA.


Kurt

Message #15 received at 732754@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Kurt Roeckx <kurt@roeckx.be>

Cc: 732754@bugs.debian.org, team@security.debian.org

Subject: Re: [Pkg-openssl-devel] Bug#732754: openssl: CVE-2013-6449: crash when using TLS 1.2

Date: Sat, 21 Dec 2013 21:24:38 +0100

[Message part 1 (text/plain, inline)]

Hi Kurt,

On Sat, Dec 21, 2013 at 09:35:38AM +0100, Kurt Roeckx wrote:
> On Sat, Dec 21, 2013 at 08:16:42AM +0100, Salvatore Bonaccorso wrote:
> > Package: openssl
> > Version: 1.0.1e-2
> > Severity: grave
> > Tags: security upstream patch
> > 
> > Hi,
> > 
> > the following vulnerability was published for openssl.
> > 
> > CVE-2013-6449[0]:
> > crash when using TLS 1.2
> > 
> > It was reported in Apache Traffic Server[1] and upstream at [2], see
> > also [3]. I was not able to reproduce any crash myself, just checking
> > against the openssl source package to verify upstrem patches apply.
> > See [4] and [5] for the patches applied.
> 
> I was expecting this, and planning an upload for it already.  I'll
> prepare an upload later today.

Thanks!

> I have a bunch of other patches that I'd like to see reach stable,
> but I'm not sure how many of those you like in a DSA.

Okay. Could you sent what you are thinking off, to the security team
alias, so that somebody the team can comment/have a look/...? Is this
about #720426? (If so an 'ack' from the Release Team would be needed
also to have them included).

Regards,
Salvatore

[signature.asc (application/pgp-signature, inline)]

Message #20 received at 732754@bugs.debian.org (full text, mbox, reply):

From: Kurt Roeckx <kurt@roeckx.be>

To: Salvatore Bonaccorso <carnil@debian.org>

Cc: 732754@bugs.debian.org, team@security.debian.org

Subject: Re: [Pkg-openssl-devel] Bug#732754: openssl: CVE-2013-6449: crash when using TLS 1.2

Date: Sun, 22 Dec 2013 00:25:16 +0100

On Sat, Dec 21, 2013 at 09:24:38PM +0100, Salvatore Bonaccorso wrote:
> Hi Kurt,
> 
> On Sat, Dec 21, 2013 at 09:35:38AM +0100, Kurt Roeckx wrote:
> > On Sat, Dec 21, 2013 at 08:16:42AM +0100, Salvatore Bonaccorso wrote:
> > > Package: openssl
> > > Version: 1.0.1e-2
> > > Severity: grave
> > > Tags: security upstream patch
> > > 
> > > Hi,
> > > 
> > > the following vulnerability was published for openssl.
> > > 
> > > CVE-2013-6449[0]:
> > > crash when using TLS 1.2
> > > 
> > > It was reported in Apache Traffic Server[1] and upstream at [2], see
> > > also [3]. I was not able to reproduce any crash myself, just checking
> > > against the openssl source package to verify upstrem patches apply.
> > > See [4] and [5] for the patches applied.
> > 
> > I was expecting this, and planning an upload for it already.  I'll
> > prepare an upload later today.
> 
> Thanks!
> 
> > I have a bunch of other patches that I'd like to see reach stable,
> > but I'm not sure how many of those you like in a DSA.
> 
> Okay. Could you sent what you are thinking off, to the security team
> alias, so that somebody the team can comment/have a look/...? Is this
> about #720426? (If so an 'ack' from the Release Team would be needed
> also to have them included).

I'd like to see those reach stable too, and I'm really tired on
waiting for them.

But I'm also thinking about at least #732710

There are also things like:
Author: Dr. Stephen Henson <steve@openssl.org>
Date:   Mon Sep 16 05:23:44 2013 +0100

    Disable Dual EC DRBG.

    Return an error if an attempt is made to enable the Dual EC DRBG: it
    is not used by default.

And there is a whole bunch of other things I want to get fixed but
which are less important.


Kurt

Message #25 received at 732754@bugs.debian.org (full text, mbox, reply):

From: Kurt Roeckx <kurt@roeckx.be>

To: Salvatore Bonaccorso <carnil@debian.org>

Cc: team@security.debian.org, 732754@bugs.debian.org

Subject: Re: [Pkg-openssl-devel] Bug#732754: Bug#732754: openssl: CVE-2013-6449: crash when using TLS 1.2

Date: Sun, 22 Dec 2013 19:14:00 +0100

On Sun, Dec 22, 2013 at 12:25:16AM +0100, Kurt Roeckx wrote:
> But I'm also thinking about at least #732710
> 
> There are also things like:
> Author: Dr. Stephen Henson <steve@openssl.org>
> Date:   Mon Sep 16 05:23:44 2013 +0100
> 
>     Disable Dual EC DRBG.
> 
>     Return an error if an attempt is made to enable the Dual EC DRBG: it
>     is not used by default.
> 
> And there is a whole bunch of other things I want to get fixed but
> which are less important.

And then this just appeared in git too:
commit 34628967f1e65dc8f34e000f0f5518e21afbfc7b
Author: Dr. Stephen Henson <steve@openssl.org>
Date:   Fri Dec 20 15:26:50 2013 +0000

    Fix DTLS retransmission from previous session.

    For DTLS we might need to retransmit messages from the previous session
    so keep a copy of write context in DTLS retransmission buffers instead
    of replacing it after sending CCS. CVE-2013-6450.

Kurt

Message #30 received at 732754-close@bugs.debian.org (full text, mbox, reply):

From: Kurt Roeckx <kurt@roeckx.be>

To: 732754-close@bugs.debian.org

Subject: Bug#732754: fixed in openssl 1.0.1e-5

Date: Sun, 22 Dec 2013 19:49:00 +0000

Source: openssl
Source-Version: 1.0.1e-5

We believe that the bug you reported is fixed in the latest version of
openssl, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 732754@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Kurt Roeckx <kurt@roeckx.be> (supplier of updated openssl package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 22 Dec 2013 19:25:35 +0100
Source: openssl
Binary: openssl libssl1.0.0 libcrypto1.0.0-udeb libssl-dev libssl-doc libssl1.0.0-dbg
Architecture: source all amd64
Version: 1.0.1e-5
Distribution: unstable
Urgency: low
Maintainer: Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>
Changed-By: Kurt Roeckx <kurt@roeckx.be>
Description: 
 libcrypto1.0.0-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb)
 libssl-dev - Secure Sockets Layer toolkit - development files
 libssl-doc - Secure Sockets Layer toolkit - development documentation
 libssl1.0.0 - Secure Sockets Layer toolkit - shared libraries
 libssl1.0.0-dbg - Secure Sockets Layer toolkit - debug information
 openssl    - Secure Sockets Layer toolkit - cryptographic utility
Closes: 694738 728055 732348 732710 732754
Changes: 
 openssl (1.0.1e-5) unstable; urgency=low
 .
   * Change default digest to SHA256 instead of SHA1.  (Closes: #694738)
   * Drop support for multiple certificates in 1 file.  It never worked
     properly in the first place, and the only one shipping in
     ca-certificates has been split.
   * Fix libdoc-manpgs-pod-spell.patch to only fix spalling errors
   * Remove make-targets.patch.  It prevented the test dir from being cleaned.
   * Update to a git snapshot of the OpenSSL_1_0_1-stable branch.
     - Fixes CVE-2013-6449 (Closes: #732754)
     - Fixes CVE-2013-6450
     - Drop patches ssltest_no_sslv2.patch cpuid.patch aesni-mac.patch
       dtls_version.patch get_certificate.patch, since they where all
       already commited upstream.
     - adjust fix-pod-errors.patch for the reordering of items in the
       documentation they've done trying to fix those pod errors.
     - disable rdrand engine by default (Closes: #732710)
   * disable zlib support.  Fixes CVE-2012-4929 (Closes: #728055)
   * Add arm64 support (Closes: #732348)
   * Properly use the default number of bits in req when none are given
Checksums-Sha1: 
 1015bdeffc5f854fb184d573f94833a7eb4be187 2197 openssl_1.0.1e-5.dsc
 94694a8c6f571524b4340a5a187027fbe569bc0d 196978 openssl_1.0.1e-5.debian.tar.gz
 17bf4ad750294ef277103f25a9eccd9801e51721 1132258 libssl-doc_1.0.1e-5_all.deb
 c4b4b82514fa989834ddfd26693c3a360845a672 662002 openssl_1.0.1e-5_amd64.deb
 90ddd72866f6f410daebf1997471ec9a05a9331c 1003238 libssl1.0.0_1.0.1e-5_amd64.deb
 f33bfe2ec9891ac3a9a1d24ca1dd490bb803bd47 623904 libcrypto1.0.0-udeb_1.0.1e-5_amd64.udeb
 48aaa3fc63dfd07d6c55809d728116234ebc6452 1241958 libssl-dev_1.0.1e-5_amd64.deb
 bf57262021d4da0da70f5f6de491e31190da0c58 2826986 libssl1.0.0-dbg_1.0.1e-5_amd64.deb
Checksums-Sha256: 
 b7bedc00efe2870722adf58e9c1461cf6dbd73e74c9f74c34ac40a515817d137 2197 openssl_1.0.1e-5.dsc
 e2fa44b2ba4418840b3ce2fd144cd7a0fce29ce25d90551e492ef19c7c368ea1 196978 openssl_1.0.1e-5.debian.tar.gz
 e54f7e533bc33d51f3ee2b773bf4357558f9c74df4ba5ede62b08974c4e4b268 1132258 libssl-doc_1.0.1e-5_all.deb
 8923c9df7ab5c2bb8444c4a4e4288571d618fb929a5446d63cb1439038b56eeb 662002 openssl_1.0.1e-5_amd64.deb
 25d769b9235b290bedd5f020e87dc78ccaa67adda4997cddcdc1cb09f6d7f764 1003238 libssl1.0.0_1.0.1e-5_amd64.deb
 3bf27252bc51cdcf30f45ac690b39b9e5fff1bbc11ca37b544b7d194caf6f953 623904 libcrypto1.0.0-udeb_1.0.1e-5_amd64.udeb
 433ddb83f39322aefbbcb6cc36e217f19e2415510046aa274d0396561b5cd5ce 1241958 libssl-dev_1.0.1e-5_amd64.deb
 c103856c6ea28429eeb365575394ff5983449b697028569a16829b4f3eafd732 2826986 libssl1.0.0-dbg_1.0.1e-5_amd64.deb
Files: 
 c73ef6bf0bbf7499c0fcd5e2783341ab 2197 utils optional openssl_1.0.1e-5.dsc
 1cea0119b9ed9ed76a7e8538f9ae4545 196978 utils optional openssl_1.0.1e-5.debian.tar.gz
 aec19eec4eec9adf861df8c36dc52079 1132258 doc optional libssl-doc_1.0.1e-5_all.deb
 9e9ea1c07dfa9480a0e89b0c7df4488b 662002 utils optional openssl_1.0.1e-5_amd64.deb
 7549079d3517842ddc4a588d04cc92af 1003238 libs important libssl1.0.0_1.0.1e-5_amd64.deb
 1f28be32a4c76f0c835b693cf9126726 623904 debian-installer optional libcrypto1.0.0-udeb_1.0.1e-5_amd64.udeb
 d569fe1cb27ec9d8c4b5450672b6dc9a 1241958 libdevel optional libssl-dev_1.0.1e-5_amd64.deb
 66871173845c2ce096c8141bb684275e 2826986 debug extra libssl1.0.0-dbg_1.0.1e-5_amd64.deb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iQIcBAEBCgAGBQJSt0EPAAoJEKGfLDAaVSLd/TwP/0LxJgPvFkEkSFnlRaAJv7ru
kva/26a32XNEr61Q655rWaVrqmBggyk8Tpa4Rc1I4Kfk3UMtexrUKtzlhtuf+V9f
nTf98daKR7lo+JfKqcSpNdmULwstK10GItZ/EHXMVAcHpaFZaqvjlCGuSQrfL0pw
+eDLePfrvj+/T4TFp8CLYU+MgqNS1dYNXn38zEwSw5EfjIzycf61i6ETJgfKFb8S
EhDU9exgimShP0o7B95pPYPjuxNH3lxj69J3e5GGQ4gJQENDUYTx7j3BZrw105Co
WNahqgkZXWRv965gdk8DLmwIht0OHjVkrfViXdbeSXygbJ9dBOqLBaivnNKW6jzF
+K4EE0/SwS+MHXmuw7IF0FgDBcZ/xP8IDrDE1nPT6ylX8aoDSkP1ajx62rZAxeRq
o8V4/Mug5QLsPkGUrJ3uEEEYPzt2gL/PV9IT+ITXuZqMbXUAAVTUmgQylx9b+EBb
HMeewrFSwl3XVuQr1c1oqF2lvhSlEOdplsUsvc5YAOwcASfV7QWtUyY0RgsvtGEl
2kTy0Etriuy/zFVw0x+ci/49Nl9d/JifsVawMfbqKcOLNJCoQn2NU82fQ9+yX5U7
jBZbssJZcgW2tQU94m0vf+XJe05p4kxCChC2VkHVUpl0qlQJT7zgk8eslxtK5jy/
0MpQBQSZKBcpEVej+wv3
=yv/Q
-----END PGP SIGNATURE-----

Message #35 received at 732754@bugs.debian.org (full text, mbox, reply):

From: Kurt Roeckx <kurt@roeckx.be>

To: Salvatore Bonaccorso <carnil@debian.org>

Cc: 732754@bugs.debian.org, team@security.debian.org

Subject: Re: [Pkg-openssl-devel] Bug#732754: Bug#732754: Bug#732754: openssl: CVE-2013-6449: crash when using TLS 1.2

Date: Sun, 22 Dec 2013 23:51:09 +0100

On Sun, Dec 22, 2013 at 07:14:00PM +0100, Kurt Roeckx wrote:
> On Sun, Dec 22, 2013 at 12:25:16AM +0100, Kurt Roeckx wrote:
> > But I'm also thinking about at least #732710
> > 
> > There are also things like:
> > Author: Dr. Stephen Henson <steve@openssl.org>
> > Date:   Mon Sep 16 05:23:44 2013 +0100
> > 
> >     Disable Dual EC DRBG.
> > 
> >     Return an error if an attempt is made to enable the Dual EC DRBG: it
> >     is not used by default.
> > 
> > And there is a whole bunch of other things I want to get fixed but
> > which are less important.
> 
> And then this just appeared in git too:
> commit 34628967f1e65dc8f34e000f0f5518e21afbfc7b
> Author: Dr. Stephen Henson <steve@openssl.org>
> Date:   Fri Dec 20 15:26:50 2013 +0000
> 
>     Fix DTLS retransmission from previous session.
> 
>     For DTLS we might need to retransmit messages from the previous session
>     so keep a copy of write context in DTLS retransmission buffers instead
>     of replacing it after sending CCS. CVE-2013-6450.

So after looking at things, I have about 25 patches I'd like to
move to testing.

For security I would like to have the following:
- CVE-2013-6449: 0294b2be5f4c11e60620c0018674ff0e17b14238 + 
  ca989269a2876bae79393bd54c3e72d49975fc75
- CVE-2013-6450: 34628967f1e65dc8f34e000f0f5518e21afbfc7b
- disable rdrand: 1c2c5e402a757a63d690bd2390bd6b8b491ef184
- Disable Dual EC DRBG: a4870de5aaef562c0947494b410a2387f3a6d04d


Kurt

Message #40 received at 732754@bugs.debian.org (full text, mbox, reply):

From: Kurt Roeckx <kurt@roeckx.be>

To: Salvatore Bonaccorso <carnil@debian.org>

Cc: team@security.debian.org, 732754@bugs.debian.org

Subject: Re: [Pkg-openssl-devel] Bug#732754: Bug#732754: Bug#732754: Bug#732754: openssl: CVE-2013-6449: crash when using TLS 1.2

Date: Mon, 23 Dec 2013 18:44:23 +0100

On Sun, Dec 22, 2013 at 11:51:09PM +0100, Kurt Roeckx wrote:
> 
> For security I would like to have the following:
> - CVE-2013-6449: 0294b2be5f4c11e60620c0018674ff0e17b14238 + 
>   ca989269a2876bae79393bd54c3e72d49975fc75
> - CVE-2013-6450: 34628967f1e65dc8f34e000f0f5518e21afbfc7b
> - disable rdrand: 1c2c5e402a757a63d690bd2390bd6b8b491ef184
> - Disable Dual EC DRBG: a4870de5aaef562c0947494b410a2387f3a6d04d

So I've put that at:
http://people.debian.org/~kroeckx/openssl/



Kurt

Message #45 received at 732754@bugs.debian.org (full text, mbox, reply):

From: Moritz Mühlenhoff <jmm@inutil.org>

To: Kurt Roeckx <kurt@roeckx.be>

Cc: team@security.debian.org, 732754@bugs.debian.org

Subject: Re: [Pkg-openssl-devel] Bug#732754: Bug#732754: Bug#732754: Bug#732754: openssl: CVE-2013-6449: crash when using TLS 1.2

Date: Sun, 29 Dec 2013 08:52:19 +0100

On Mon, Dec 23, 2013 at 06:44:23PM +0100, Kurt Roeckx wrote:
> On Sun, Dec 22, 2013 at 11:51:09PM +0100, Kurt Roeckx wrote:
> > 
> > For security I would like to have the following:
> > - CVE-2013-6449: 0294b2be5f4c11e60620c0018674ff0e17b14238 + 
> >   ca989269a2876bae79393bd54c3e72d49975fc75
> > - CVE-2013-6450: 34628967f1e65dc8f34e000f0f5518e21afbfc7b
> > - disable rdrand: 1c2c5e402a757a63d690bd2390bd6b8b491ef184
> > - Disable Dual EC DRBG: a4870de5aaef562c0947494b410a2387f3a6d04d
> 
> So I've put that at:
> http://people.debian.org/~kroeckx/openssl/

Looks good to me. Please upload to security-master.

Cheers,
        Moritz

Message #50 received at 732754@bugs.debian.org (full text, mbox, reply):

From: Kurt Roeckx <kurt@roeckx.be>

To: Salvatore Bonaccorso <carnil@debian.org>

Cc: 732754@bugs.debian.org, team@security.debian.org

Subject: Re: [Pkg-openssl-devel] Bug#732754: Bug#732754: Bug#732754: Bug#732754: Bug#732754: openssl: CVE-2013-6449: crash when using TLS 1.2

Date: Mon, 6 Jan 2014 18:24:14 +0100

On Mon, Dec 23, 2013 at 06:44:23PM +0100, Kurt Roeckx wrote:
> On Sun, Dec 22, 2013 at 11:51:09PM +0100, Kurt Roeckx wrote:
> > 
> > For security I would like to have the following:
> > - CVE-2013-6449: 0294b2be5f4c11e60620c0018674ff0e17b14238 + 
> >   ca989269a2876bae79393bd54c3e72d49975fc75
> > - CVE-2013-6450: 34628967f1e65dc8f34e000f0f5518e21afbfc7b
> > - disable rdrand: 1c2c5e402a757a63d690bd2390bd6b8b491ef184
> > - Disable Dual EC DRBG: a4870de5aaef562c0947494b410a2387f3a6d04d
> 
> So I've put that at:
> http://people.debian.org/~kroeckx/openssl/

So the patch for CVE-2013-6450 was missing a commit.  See:
http://rt.openssl.org/Ticket/Display.html?id=3214&user=guest&pass=guest

I'll upload a 1.0.1e-2+deb7u2 soon.


Kurt

Message #55 received at 732754@bugs.debian.org (full text, mbox, reply):

From: Kurt Roeckx <kurt@roeckx.be>

To: Salvatore Bonaccorso <carnil@debian.org>

Cc: team@security.debian.org, 732754@bugs.debian.org

Subject: Re: [Pkg-openssl-devel] Bug#732754: Bug#732754: Bug#732754: Bug#732754: Bug#732754: Bug#732754: openssl: CVE-2013-6449: crash when using TLS 1.2

Date: Mon, 6 Jan 2014 18:54:33 +0100

On Mon, Jan 06, 2014 at 06:24:14PM +0100, Kurt Roeckx wrote:
> On Mon, Dec 23, 2013 at 06:44:23PM +0100, Kurt Roeckx wrote:
> > On Sun, Dec 22, 2013 at 11:51:09PM +0100, Kurt Roeckx wrote:
> > > 
> > > For security I would like to have the following:
> > > - CVE-2013-6449: 0294b2be5f4c11e60620c0018674ff0e17b14238 + 
> > >   ca989269a2876bae79393bd54c3e72d49975fc75
> > > - CVE-2013-6450: 34628967f1e65dc8f34e000f0f5518e21afbfc7b
> > > - disable rdrand: 1c2c5e402a757a63d690bd2390bd6b8b491ef184
> > > - Disable Dual EC DRBG: a4870de5aaef562c0947494b410a2387f3a6d04d
> > 
> > So I've put that at:
> > http://people.debian.org/~kroeckx/openssl/
> 
> So the patch for CVE-2013-6450 was missing a commit.  See:
> http://rt.openssl.org/Ticket/Display.html?id=3214&user=guest&pass=guest
> 
> I'll upload a 1.0.1e-2+deb7u2 soon.

I've uploaded it.  The changelog for it:
   * The patch we applied for CVE-2013-6450 was causing segfaults,
     also apply the previous commit checking for NULL in
     EVP_MD_CTX_destroy()
   * Fix for TLS record tampering bug CVE-2013-4353

Message #60 received at 732754@bugs.debian.org (full text, mbox, reply):

From: Kurt Roeckx <kurt@roeckx.be>

To: Salvatore Bonaccorso <carnil@debian.org>

Cc: 732754@bugs.debian.org, team@security.debian.org

Subject: Re: [Pkg-openssl-devel] Bug#732754: Bug#732754: Bug#732754: Bug#732754: Bug#732754: Bug#732754: Bug#732754: openssl: CVE-2013-6449: crash when using TLS 1.2

Date: Mon, 6 Jan 2014 19:20:25 +0100

On Mon, Jan 06, 2014 at 06:54:33PM +0100, Kurt Roeckx wrote:
> On Mon, Jan 06, 2014 at 06:24:14PM +0100, Kurt Roeckx wrote:
> > On Mon, Dec 23, 2013 at 06:44:23PM +0100, Kurt Roeckx wrote:
> > > On Sun, Dec 22, 2013 at 11:51:09PM +0100, Kurt Roeckx wrote:
> > > > 
> > > > For security I would like to have the following:
> > > > - CVE-2013-6449: 0294b2be5f4c11e60620c0018674ff0e17b14238 + 
> > > >   ca989269a2876bae79393bd54c3e72d49975fc75
> > > > - CVE-2013-6450: 34628967f1e65dc8f34e000f0f5518e21afbfc7b
> > > > - disable rdrand: 1c2c5e402a757a63d690bd2390bd6b8b491ef184
> > > > - Disable Dual EC DRBG: a4870de5aaef562c0947494b410a2387f3a6d04d
> > > 
> > > So I've put that at:
> > > http://people.debian.org/~kroeckx/openssl/
> > 
> > So the patch for CVE-2013-6450 was missing a commit.  See:
> > http://rt.openssl.org/Ticket/Display.html?id=3214&user=guest&pass=guest
> > 
> > I'll upload a 1.0.1e-2+deb7u2 soon.
> 
> I've uploaded it.  The changelog for it:
>    * The patch we applied for CVE-2013-6450 was causing segfaults,
>      also apply the previous commit checking for NULL in
>      EVP_MD_CTX_destroy()
>    * Fix for TLS record tampering bug CVE-2013-4353

So after uploading this, I got this as reply:
> Although there is no CVE connected to it it is also advisable to
> include f3dcc8411e518fb0835c7d72df4a58718205260d as well.

Should I make an other upload (with different version) for that?


Kurt

The patch would be:
commit f3dcc8411e518fb0835c7d72df4a58718205260d
Author: Dr. Stephen Henson <steve@openssl.org>
Date:   Tue Dec 24 18:17:00 2013 +0000

    Don't change version number if session established

    When sending an invalid version number alert don't change the
    version number to the client version if a session is already
    established.

    Thanks to Marek Majkowski for additional analysis of this issue.

    PR#3191

diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index c4bc4e7..96ba632 100644
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -335,7 +335,7 @@ fprintf(stderr, "Record type=%d, Length=%d\n", rr->type, rr->length);
                        if (version != s->version)
                                {
                                SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);
-                                if ((s->version & 0xFF00) == (version & 0xFF00))
+                                if ((s->version & 0xFF00) == (version & 0xFF00) && !s->enc_write_ctx && !s->write_hash)
                                        /* Send back error using their minor version number :-) */
                                        s->version = (unsigned short)version;
                                al=SSL_AD_PROTOCOL_VERSION;
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index e5a8b3f..52efed3 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -958,7 +958,8 @@ int ssl3_get_client_hello(SSL *s)
            (s->version != DTLS1_VERSION && s->client_version < s->version))
                {
                SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_WRONG_VERSION_NUMBER);
-               if ((s->client_version>>8) == SSL3_VERSION_MAJOR)
+               if ((s->client_version>>8) == SSL3_VERSION_MAJOR &&
+                       !s->enc_write_ctx && !s->write_hash)
                        {
                        /* similar to ssl3_get_record, send alert using remote version number */
                        s->version = s->client_version;

Message #65 received at 732754@bugs.debian.org (full text, mbox, reply):

From: Moritz Mühlenhoff <jmm@inutil.org>

To: Kurt Roeckx <kurt@roeckx.be>

Cc: Salvatore Bonaccorso <carnil@debian.org>, 732754@bugs.debian.org, team@security.debian.org

Subject: Re: [Pkg-openssl-devel] Bug#732754: Bug#732754: Bug#732754: Bug#732754: Bug#732754: Bug#732754: Bug#732754: openssl: CVE-2013-6449: crash when using TLS 1.2

Date: Mon, 6 Jan 2014 19:35:40 +0100

On Mon, Jan 06, 2014 at 07:20:25PM +0100, Kurt Roeckx wrote:
> On Mon, Jan 06, 2014 at 06:54:33PM +0100, Kurt Roeckx wrote:
> > On Mon, Jan 06, 2014 at 06:24:14PM +0100, Kurt Roeckx wrote:
> > > On Mon, Dec 23, 2013 at 06:44:23PM +0100, Kurt Roeckx wrote:
> > > > On Sun, Dec 22, 2013 at 11:51:09PM +0100, Kurt Roeckx wrote:
> > > > > 
> > > > > For security I would like to have the following:
> > > > > - CVE-2013-6449: 0294b2be5f4c11e60620c0018674ff0e17b14238 + 
> > > > >   ca989269a2876bae79393bd54c3e72d49975fc75
> > > > > - CVE-2013-6450: 34628967f1e65dc8f34e000f0f5518e21afbfc7b
> > > > > - disable rdrand: 1c2c5e402a757a63d690bd2390bd6b8b491ef184
> > > > > - Disable Dual EC DRBG: a4870de5aaef562c0947494b410a2387f3a6d04d
> > > > 
> > > > So I've put that at:
> > > > http://people.debian.org/~kroeckx/openssl/
> > > 
> > > So the patch for CVE-2013-6450 was missing a commit.  See:
> > > http://rt.openssl.org/Ticket/Display.html?id=3214&user=guest&pass=guest
> > > 
> > > I'll upload a 1.0.1e-2+deb7u2 soon.
> > 
> > I've uploaded it.  The changelog for it:
> >    * The patch we applied for CVE-2013-6450 was causing segfaults,
> >      also apply the previous commit checking for NULL in
> >      EVP_MD_CTX_destroy()
> >    * Fix for TLS record tampering bug CVE-2013-4353
> 
> So after uploading this, I got this as reply:
> > Although there is no CVE connected to it it is also advisable to
> > include f3dcc8411e518fb0835c7d72df4a58718205260d as well.
> 
> Should I make an other upload (with different version) for that?

Yes, please include it.

Cheers,
        Moritz

Message #70 received at 732754@bugs.debian.org (full text, mbox, reply):

From: Kurt Roeckx <kurt@roeckx.be>

To: Moritz Mühlenhoff <jmm@inutil.org>

Cc: Salvatore Bonaccorso <carnil@debian.org>, 732754@bugs.debian.org, team@security.debian.org

Subject: Re: [Pkg-openssl-devel] Bug#732754: Bug#732754: Bug#732754: Bug#732754: Bug#732754: Bug#732754: Bug#732754: openssl: CVE-2013-6449: crash when using TLS 1.2

Date: Mon, 6 Jan 2014 19:41:05 +0100

On Mon, Jan 06, 2014 at 07:35:40PM +0100, Moritz Mühlenhoff wrote:
> On Mon, Jan 06, 2014 at 07:20:25PM +0100, Kurt Roeckx wrote:
> > On Mon, Jan 06, 2014 at 06:54:33PM +0100, Kurt Roeckx wrote:
> > > On Mon, Jan 06, 2014 at 06:24:14PM +0100, Kurt Roeckx wrote:
> > > > On Mon, Dec 23, 2013 at 06:44:23PM +0100, Kurt Roeckx wrote:
> > > > > On Sun, Dec 22, 2013 at 11:51:09PM +0100, Kurt Roeckx wrote:
> > > > > > 
> > > > > > For security I would like to have the following:
> > > > > > - CVE-2013-6449: 0294b2be5f4c11e60620c0018674ff0e17b14238 + 
> > > > > >   ca989269a2876bae79393bd54c3e72d49975fc75
> > > > > > - CVE-2013-6450: 34628967f1e65dc8f34e000f0f5518e21afbfc7b
> > > > > > - disable rdrand: 1c2c5e402a757a63d690bd2390bd6b8b491ef184
> > > > > > - Disable Dual EC DRBG: a4870de5aaef562c0947494b410a2387f3a6d04d
> > > > > 
> > > > > So I've put that at:
> > > > > http://people.debian.org/~kroeckx/openssl/
> > > > 
> > > > So the patch for CVE-2013-6450 was missing a commit.  See:
> > > > http://rt.openssl.org/Ticket/Display.html?id=3214&user=guest&pass=guest
> > > > 
> > > > I'll upload a 1.0.1e-2+deb7u2 soon.
> > > 
> > > I've uploaded it.  The changelog for it:
> > >    * The patch we applied for CVE-2013-6450 was causing segfaults,
> > >      also apply the previous commit checking for NULL in
> > >      EVP_MD_CTX_destroy()
> > >    * Fix for TLS record tampering bug CVE-2013-4353
> > 
> > So after uploading this, I got this as reply:
> > > Although there is no CVE connected to it it is also advisable to
> > > include f3dcc8411e518fb0835c7d72df4a58718205260d as well.
> > 
> > Should I make an other upload (with different version) for that?
> 
> Yes, please include it.

So should I reuse the version number, or change it?


Kurt

Message #75 received at 732754@bugs.debian.org (full text, mbox, reply):

From: Moritz Mühlenhoff <jmm@inutil.org>

To: Kurt Roeckx <kurt@roeckx.be>

Cc: 732754@bugs.debian.org, team@security.debian.org

Subject: Re: [Pkg-openssl-devel] Bug#732754: Bug#732754: Bug#732754: Bug#732754: Bug#732754: Bug#732754: Bug#732754: openssl: CVE-2013-6449: crash when using TLS 1.2

Date: Mon, 6 Jan 2014 19:53:41 +0100

On Mon, Jan 06, 2014 at 07:41:05PM +0100, Kurt Roeckx wrote:
> On Mon, Jan 06, 2014 at 07:35:40PM +0100, Moritz Mühlenhoff wrote:
> > On Mon, Jan 06, 2014 at 07:20:25PM +0100, Kurt Roeckx wrote:
> > > On Mon, Jan 06, 2014 at 06:54:33PM +0100, Kurt Roeckx wrote:
> > > > On Mon, Jan 06, 2014 at 06:24:14PM +0100, Kurt Roeckx wrote:
> > > > > On Mon, Dec 23, 2013 at 06:44:23PM +0100, Kurt Roeckx wrote:
> > > > > > On Sun, Dec 22, 2013 at 11:51:09PM +0100, Kurt Roeckx wrote:
> > > > > > > 
> > > > > > > For security I would like to have the following:
> > > > > > > - CVE-2013-6449: 0294b2be5f4c11e60620c0018674ff0e17b14238 + 
> > > > > > >   ca989269a2876bae79393bd54c3e72d49975fc75
> > > > > > > - CVE-2013-6450: 34628967f1e65dc8f34e000f0f5518e21afbfc7b
> > > > > > > - disable rdrand: 1c2c5e402a757a63d690bd2390bd6b8b491ef184
> > > > > > > - Disable Dual EC DRBG: a4870de5aaef562c0947494b410a2387f3a6d04d
> > > > > > 
> > > > > > So I've put that at:
> > > > > > http://people.debian.org/~kroeckx/openssl/
> > > > > 
> > > > > So the patch for CVE-2013-6450 was missing a commit.  See:
> > > > > http://rt.openssl.org/Ticket/Display.html?id=3214&user=guest&pass=guest
> > > > > 
> > > > > I'll upload a 1.0.1e-2+deb7u2 soon.
> > > > 
> > > > I've uploaded it.  The changelog for it:
> > > >    * The patch we applied for CVE-2013-6450 was causing segfaults,
> > > >      also apply the previous commit checking for NULL in
> > > >      EVP_MD_CTX_destroy()
> > > >    * Fix for TLS record tampering bug CVE-2013-4353
> > > 
> > > So after uploading this, I got this as reply:
> > > > Although there is no CVE connected to it it is also advisable to
> > > > include f3dcc8411e518fb0835c7d72df4a58718205260d as well.
> > > 
> > > Should I make an other upload (with different version) for that?
> > 
> > Yes, please include it.
> 
> So should I reuse the version number, or change it?

Better bump it, that way we don't cause confusion on the buildds.

Message #80 received at 732754@bugs.debian.org (full text, mbox, reply):

From: Kurt Roeckx <kurt@roeckx.be>

To: Moritz Mühlenhoff <jmm@inutil.org>

Cc: 732754@bugs.debian.org, team@security.debian.org

Subject: Re: [Pkg-openssl-devel] Bug#732754: Bug#732754: Bug#732754: Bug#732754: Bug#732754: Bug#732754: Bug#732754: openssl: CVE-2013-6449: crash when using TLS 1.2

Date: Mon, 6 Jan 2014 20:37:26 +0100

On Mon, Jan 06, 2014 at 07:53:41PM +0100, Moritz Mühlenhoff wrote:
> > > > 
> > > > So after uploading this, I got this as reply:
> > > > > Although there is no CVE connected to it it is also advisable to
> > > > > include f3dcc8411e518fb0835c7d72df4a58718205260d as well.
> > > > 
> > > > Should I make an other upload (with different version) for that?
> > > 
> > > Yes, please include it.
> > 
> > So should I reuse the version number, or change it?
> 
> Better bump it, that way we don't cause confusion on the buildds.

New version uploaded.


Kurt

Message #85 received at 732754-close@bugs.debian.org (full text, mbox, reply):

From: Kurt Roeckx <kurt@roeckx.be>

To: 732754-close@bugs.debian.org

Subject: Bug#732754: fixed in openssl 1.0.1e-2+deb7u1

Date: Mon, 06 Jan 2014 22:47:45 +0000

Source: openssl
Source-Version: 1.0.1e-2+deb7u1

We believe that the bug you reported is fixed in the latest version of
openssl, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 732754@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Kurt Roeckx <kurt@roeckx.be> (supplier of updated openssl package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 23 Dec 2013 17:47:19 +0100
Source: openssl
Binary: openssl libssl1.0.0 libcrypto1.0.0-udeb libssl-dev libssl-doc libssl1.0.0-dbg
Architecture: source all amd64
Version: 1.0.1e-2+deb7u1
Distribution: stable-security
Urgency: medium
Maintainer: Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>
Changed-By: Kurt Roeckx <kurt@roeckx.be>
Description: 
 libcrypto1.0.0-udeb - crypto shared library - udeb (udeb)
 libssl-dev - SSL development libraries, header files and documentation
 libssl-doc - SSL development documentation documentation
 libssl1.0.0 - SSL shared libraries
 libssl1.0.0-dbg - Symbol tables for libssl and libcrypto
 openssl    - Secure Socket Layer (SSL) binary and related cryptographic tools
Closes: 732710 732754
Changes: 
 openssl (1.0.1e-2+deb7u1) stable-security; urgency=medium
 .
   * Fix CVE-2013-6449 (Closes: #732754)
   * Fix CVE-2013-6450
   * disable rdrand by default.  It was used as only source of entropy when
     available. (Closes: #732710)
   * Disable Dual EC DRBG.
Checksums-Sha1: 
 df07fffd312e26f10a9d937aea135f94abae2d1b 2228 openssl_1.0.1e-2+deb7u1.dsc
 3f1b1223c9e8189bfe4e186d86449775bd903460 4459777 openssl_1.0.1e.orig.tar.gz
 99bd93a87a9c55fa19385c02a0cfa4d2e3610f90 95169 openssl_1.0.1e-2+deb7u1.debian.tar.gz
 66bf040c8ac7be5d4f2f9942249400a4ab1e69bc 1197168 libssl-doc_1.0.1e-2+deb7u1_all.deb
 a9ce52aaf530bbcea63936fa1b597d6bb1482ad3 699348 openssl_1.0.1e-2+deb7u1_amd64.deb
 40451425e3ff2d71872e601283181360cb3d49bf 1224380 libssl1.0.0_1.0.1e-2+deb7u1_amd64.deb
 b424473f0171644e10ca4e852b4938552661a4e5 604560 libcrypto1.0.0-udeb_1.0.1e-2+deb7u1_amd64.udeb
 b15315f13cb1ca52d36cfe8ca63b780434587adf 1706732 libssl-dev_1.0.1e-2+deb7u1_amd64.deb
 ec35f89f4db0b37b03545c49825336fa2ac9e867 3016388 libssl1.0.0-dbg_1.0.1e-2+deb7u1_amd64.deb
Checksums-Sha256: 
 2118c53bc0172a06b09af316faba4851905eaeb8bddfcf0c5946742810a23814 2228 openssl_1.0.1e-2+deb7u1.dsc
 f74f15e8c8ff11aa3d5bb5f276d202ec18d7246e95f961db76054199c69c1ae3 4459777 openssl_1.0.1e.orig.tar.gz
 d67d7b56c95c683f56a9eebeb87324442adae69175fe6f7f4664ddf06ece3f53 95169 openssl_1.0.1e-2+deb7u1.debian.tar.gz
 c6b0fe25495b2f57c932373fa0229afdceef014261f58f53eaa19cc5df8d9d1a 1197168 libssl-doc_1.0.1e-2+deb7u1_all.deb
 ef37da8352f3d2cfc614a9254ec4ea3654716bfd7d8b0b9ca640b8d589739e26 699348 openssl_1.0.1e-2+deb7u1_amd64.deb
 30e9582a97a4bddb73af6b756f82ce68e8f890826fd8429c6b34c6d599ad6914 1224380 libssl1.0.0_1.0.1e-2+deb7u1_amd64.deb
 dbacc547aced8efe203043aa45fbbfb29d4e2fce0ed39a818a64d4969927a534 604560 libcrypto1.0.0-udeb_1.0.1e-2+deb7u1_amd64.udeb
 a143bf420a8eac6fffe7e2b6f410168e5c4146f9a9f5a0f00bfb90172d1afcbb 1706732 libssl-dev_1.0.1e-2+deb7u1_amd64.deb
 3644feb52253ac27431f46552d3c9c27fbddc083e0982e8e39b955fd84748144 3016388 libssl1.0.0-dbg_1.0.1e-2+deb7u1_amd64.deb
Files: 
 2dc22b937c4c0a4810046a6b28de569d 2228 utils optional openssl_1.0.1e-2+deb7u1.dsc
 66bf6f10f060d561929de96f9dfe5b8c 4459777 utils optional openssl_1.0.1e.orig.tar.gz
 93bfd76b302c59941cf49d8dd212f6ce 95169 utils optional openssl_1.0.1e-2+deb7u1.debian.tar.gz
 b0eccec9f4be71f565cb7f8465241c52 1197168 doc optional libssl-doc_1.0.1e-2+deb7u1_all.deb
 746752adf3775df5e20e6ee7e77a6cd3 699348 utils optional openssl_1.0.1e-2+deb7u1_amd64.deb
 691cf5a95087a04fd90753caa2e9e71f 1224380 libs important libssl1.0.0_1.0.1e-2+deb7u1_amd64.deb
 e42306fa3914cd5f0a330bc445999e66 604560 debian-installer optional libcrypto1.0.0-udeb_1.0.1e-2+deb7u1_amd64.udeb
 8a58f858edefec12e45da82767ca712b 1706732 libdevel optional libssl-dev_1.0.1e-2+deb7u1_amd64.deb
 5fef5bd1dc433beab29e442a9c504fb1 3016388 debug extra libssl1.0.0-dbg_1.0.1e-2+deb7u1_amd64.deb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iQIcBAEBCgAGBQJSuHWFAAoJEKGfLDAaVSLd1ogP/0tyAtUyzBmDcqRNMa9zUmQX
ih9+J5Mk5OCyEwEplpw3b3PqOojzdEdm/fbzETTHdjT+lt4JWHP3Ug/66AMjhtzT
pLGorVLk5p7OSeBplTk+7wTdgLI4bu4PRRIl/N0hHfueSY3HJr/Jbeo+2oJNXxWN
rmrAS3iJNRJqo8dzFKLQghsx75+tbUYGAisxqEc6fwvYPIAUPARmTM+370n2R2V0
NlcxDquHIIhCFX1jh43dz36c/ANJ7GcwGxQktwBFRhMRASVYApCxDZZj2pa2Ksvd
laQCvqeONIZMcAnE3oqciZQNyanp3tq4JtY2TN8U8DGw07nzH6sUN/ibe2DaI0C5
Vy4EqJPPJfPTd5DFN7ugzGV5tyjhs659+SriFdHd02WGPGRqIFVLmKHE1JsO/Cvz
a8mLE7HcAbqyWyxVjuV8nzv0Pl5UXAnm6Ok36VJm/Bdk0JLfPYQ+RyXP46YbQJX2
XvFPr/7pP0OnQ5fGu3eqOJ42/Vfth/0oGAmrYq0GxV8PQmiiSo/wUTDh4kIPcUD3
IEUii0PZUGFaht2ShluXD3ax95q2IuTTz16qTE6betSxS8fE+RDxJ9BXvZsKB/4C
S2O35yJ4/6bOwiR7onELT54wsXyJr5+4XtAo5CSroE1/e2u26RWBbKfK+g+munuj
tm5K7Rj5CeoCp93Pkbaf
=itBf
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.