Arch Linux

Please read this before reporting a bug:

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!

FS#67858 - [security] [openssl-1.0] CVE-2020-1968

Attached to Project: Arch Linux
Opened by loqs (loqs) - Wednesday, 09 September 2020, 19:21 GMT
Last edited by freswa (frederik) - Thursday, 10 September 2020, 13:37 GMT
Task Type Bug Report
Category Security
Status Assigned
Assigned To Pierre Schmitz (Pierre)
Levente Polyak (anthraxx)
Architecture All
Severity High
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 0%
Votes 0
Private No


A Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman (DH) based ciphersuite. In such a case this would result in the attacker being able to eavesdrop on all encrypted communications sent over that TLS connection.

Additional info:
* openssl-1.0 1.0.2.u-1
This task depends upon

Comment by Pierre Schmitz (Pierre) - Friday, 11 September 2020, 04:26 GMT
Quoting that same page:

[OpenSSL 1.0.2 is out of support and no longer receiving public updates. Extended
support is available for premium support customers:
Comment by loqs (loqs) - Friday, 11 September 2020, 12:31 GMT
From [1]
OpenSSL assigned the issue CVE-2020-1968. OpenSSL does use fresh DH keys per default since version 1.0.2f (which made SSL_OP_SINGLE_DH_USE default as a response to CVE-2016-0701). Therefore, the attack mainly affects OpenSSL 1.0.2 when a DH certificate is in use, which is rare. OpenSSL 1.1.1 never reuses a DH secret and does not implement any "static" DH ciphersuites. To mitigate the attack, the developers moved all remaining DH cipher suites into the "weak-ssl-ciphers" list. In addition, motivated by this research, the developers also activated the fresh generation of EC ephemeral keys in OpenSSL 1.0.2w. Please refer to the OpenSSL Security Advisory.
Although [2] states: Note that this issue only impacts DH ciphersuites and not ECDH ciphersuites.

The patch disables ECDH and DH by marking them as weak. Anonymous DH, DHE and ECDHE and not changed.

Comment by Pascal Ernster (hardfalcon) - Friday, 11 September 2020, 15:47 GMT Comment by loqs (loqs) - Tuesday, 29 September 2020, 00:03 GMT
Patch used by Ubuntu and Debian. This is applied after the patch marking 3DES and RC4 as weak so does not include ciphers already marked as weak by that patch.
Comment by loqs (loqs) - Sunday, 28 February 2021, 19:33 GMT
diff includes fixes for CVE-2020-1968 CVE-2020-1971 CVE-2021-23840 CVE-2021-23841 all sourced from [1]