Debian Bug report logs -
#857560
mbedtls: CVE-2017-2784: Freeing of memory allocated on stack when validating a public key with a secp224k1 curve
Reported by: James Cowgill <jcowgill@debian.org>
Date: Sun, 12 Mar 2017 15:24:02 UTC
Severity: grave
Tags: security, upstream
Found in version mbedtls/2.4.0-1
Fixed in version mbedtls/2.4.2-1
Done: James Cowgill <jcowgill@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org:
Bug#857560; Package libmbedcrypto0.
(Sun, 12 Mar 2017 15:24:04 GMT) (full text, mbox, link).
Acknowledgement sent
to James Cowgill <jcowgill@debian.org>:
New Bug report received and forwarded.
(Sun, 12 Mar 2017 15:24:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Package: libmbedcrypto0
Version: 2.4.0-1
Severity: grave
Tags: security
Control: clone -1 -2
Control: reassign -2 libpolarssl7 1.3.9-2.1+deb8u1
Control: retitle -2 polarssl: CVE-2017-2748 - Freeing of memory allocated on stack when validating a public key with a secp224k1 curve
Hi all,
This security advisory was recently published and contains one "high"
severity bug:
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2017-01
The security changelog for 2.4.2 also contains fixes for some other
bugs as well. The 3rd bug (relating to SLOTH) does not affect polarssl.
= mbed TLS 2.4.2 branch released 2017-03-08
Security
* Add checks to prevent signature forgeries for very large messages while
using RSA through the PK module in 64-bit systems. The issue was caused by
some data loss when casting a size_t to an unsigned int value in the
functions rsa_verify_wrap(), rsa_sign_wrap(), rsa_alt_sign_wrap() and
mbedtls_pk_sign(). Found by Jean-Philippe Aumasson.
* Fixed potential livelock during the parsing of a CRL in PEM format in
mbedtls_x509_crl_parse(). A string containing a CRL followed by trailing
characters after the footer could result in the execution of an infinite
loop. The issue can be triggered remotely. Found by Greg Zaverucha,
Microsoft.
* Removed MD5 from the allowed hash algorithms for CertificateRequest and
CertificateVerify messages, to prevent SLOTH attacks against TLS 1.2.
Introduced by interoperability fix for #513.
* Fixed a bug that caused freeing a buffer that was allocated on the stack,
when verifying the validity of a key on secp224k1. This could be
triggered remotely for example with a maliciously constructed certificate
and potentially could lead to remote code execution on some platforms.
Reported independently by rongsaws and Aleksandar Nikolic, Cisco Talos
team. #569 CVE-2017-2784
Thanks,
James
[signature.asc (application/pgp-signature, attachment)]
Bug 857560 cloned as bug 857561
Request was from James Cowgill <jcowgill@debian.org>
to submit@bugs.debian.org.
(Sun, 12 Mar 2017 15:24:04 GMT) (full text, mbox, link).
Added tag(s) upstream.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Sun, 12 Mar 2017 16:57:03 GMT) (full text, mbox, link).
Reply sent
to James Cowgill <jcowgill@debian.org>:
You have taken responsibility.
(Tue, 14 Mar 2017 11:21:03 GMT) (full text, mbox, link).
Notification sent
to James Cowgill <jcowgill@debian.org>:
Bug acknowledged by developer.
(Tue, 14 Mar 2017 11:21:03 GMT) (full text, mbox, link).
Message #14 received at 857560-close@bugs.debian.org (full text, mbox, reply):
Source: mbedtls
Source-Version: 2.4.2-1
We believe that the bug you reported is fixed in the latest version of
mbedtls, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 857560@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
James Cowgill <jcowgill@debian.org> (supplier of updated mbedtls package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 14 Mar 2017 10:54:33 +0000
Source: mbedtls
Binary: libmbedtls-dev libmbedcrypto0 libmbedtls10 libmbedx509-0 libmbedtls-doc
Architecture: source
Version: 2.4.2-1
Distribution: unstable
Urgency: high
Maintainer: James Cowgill <jcowgill@debian.org>
Changed-By: James Cowgill <jcowgill@debian.org>
Description:
libmbedcrypto0 - lightweight crypto and SSL/TLS library - crypto library
libmbedtls-dev - lightweight crypto and SSL/TLS library - development files
libmbedtls-doc - lightweight crypto and SSL/TLS library - documentation
libmbedtls10 - lightweight crypto and SSL/TLS library - tls library
libmbedx509-0 - lightweight crypto and SSL/TLS library - x509 certificate library
Closes: 857560
Changes:
mbedtls (2.4.2-1) unstable; urgency=high
.
* New upstream version.
- Fixes CVE-2017-2784 - freeing of memory allocated on the stack when
validating a public key with a secp224k1 curve. (Closes: #857560)
.
* debian/rules:
- Run testsuite inside faketime to prevent it suddenly failing in the
future. Thanks Niels Thykier!
Checksums-Sha1:
92d7df74397542a182796aedcbbc21ba7151981f 2177 mbedtls_2.4.2-1.dsc
71e0aa93e4548611fdb15af93e8b93b30c764e4c 1925368 mbedtls_2.4.2.orig.tar.gz
5756122ca8b76724c55c0c9277e41747b0e2aa94 10532 mbedtls_2.4.2-1.debian.tar.xz
e6d928778b62a523db60e62299541ad4f53178d5 5644 mbedtls_2.4.2-1_source.buildinfo
Checksums-Sha256:
465917e7740ca57dc9c1965663872a06de61744197c056a76a9fa3f4189f939c 2177 mbedtls_2.4.2-1.dsc
17dd98af7478aadacc480c7e4159e447353b5b2037c1b6d48ed4fd157fb1b018 1925368 mbedtls_2.4.2.orig.tar.gz
009f1f2f0874524170fccf9d767f067e209316a509a18e31f8d5d0bd637e58bf 10532 mbedtls_2.4.2-1.debian.tar.xz
202a3a27376159303253cc980e1dc803b84338e38d3acc519c2f1c90af54d993 5644 mbedtls_2.4.2-1_source.buildinfo
Files:
632b8afdf2136f9f63b8fa22fa35c391 2177 libs optional mbedtls_2.4.2-1.dsc
8e3a8357e0fc23a3954a819027f5167e 1925368 libs optional mbedtls_2.4.2.orig.tar.gz
8dbbeb68abf39fb4165b0701f46a55f5 10532 libs optional mbedtls_2.4.2-1.debian.tar.xz
e2f2bca2c245ed97a524e748cca8e1cc 5644 libs optional mbedtls_2.4.2-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCgAGBQJYx8zcAAoJEMfxZ23qLQHv588P/1rgUlG/fbVB5EgmFFkD/WhG
M4L/gCgZz60DaF8cFEq1tbw3YT1Ak3cmnFGD14HqH3XnGINydW3LHfhIgkFtLSfe
PDrobB3Y3MXKwd+vXaSz78bggqQDP9DUWvj1Dxw5rSYl/vgeoA7ErQGFTL6qDzPc
7EdaDle1wfjqQZIq6B6o4sV5NAABKNWyWNZRRvmsx4GjdiSUmBXiyOpzDbfEMbCZ
UrX8WKdSt5v8olhp1T7G7CD82/i142x20ubfpTZpSDDUoVg5bWKcThWsMJxJji9j
vTigALcXMY6IwhcFOc6xqU1Sbb+NIKNjTNW+Wl5UhhyZCRHkRqFhsA42PcwaVTSj
yScJYZGj/HA812KCboWWqahvZInkDYwkq3e7Xy6NgVHMXG98a2bXodJ6mKPjejiq
Yo7RVszes7kvJw78JQiNd0PVvDOEzz3pJRLGAQsDnRsAmb1fP2W3HBn94BufcZVq
Rva39YR/5hfn+A3maYJyGJjXcMu7WGcOLwee06Y1v3v5KBHYhqY1aQfYfgtR674M
rHZOE8ZxBVTDqPX0SbL/uS+gxMWIFdfXdVNv6eKwGm2DP7pEv8uWsTPFvfA1nqy4
3BCAaY7rBw+pdJMev0gpWejoTE2sFUR4SIiSDOk2YBIecNJnilioNnQL+hatPMaX
GK6ClE6aST5inoJE1n84
=GMT6
-----END PGP SIGNATURE-----
Changed Bug title to 'mbedtls: CVE-2017-2784: Freeing of memory allocated on stack when validating a public key with a secp224k1 curve' from 'mbedtls: CVE-2017-2748 - Freeing of memory allocated on stack when validating a public key with a secp224k1 curve'.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Wed, 15 Mar 2017 05:33:03 GMT) (full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Wed, 05 Jun 2019 08:12:39 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 17:45:02 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon