FS#67858 : [security] [openssl-1.0] CVE-2020-1968

Please read this before reporting a bug:
https://wiki.archlinux.org/index.php/Reporting_Bug_Guidelines

Do NOT report bugs when a package is just outdated, or it is in Unsupported. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!

FS#67858 - [security] [openssl-1.0] CVE-2020-1968

Attached to Project: Arch Linux
Opened by loqs (loqs) - Wednesday, 09 September 2020, 19:21 GMT
Last edited by freswa (frederik) - Thursday, 10 September 2020, 13:37 GMT

Task Type	Bug Report
Category	Security
Status	Assigned
Assigned To	Pierre Schmitz (Pierre) Levente Polyak (anthraxx)
Architecture	All
Severity	High
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	0
Private	No

Details

Description:
A Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman (DH) based ciphersuite. In such a case this would result in the attacker being able to eavesdrop on all encrypted communications sent over that TLS connection.

Additional info:
* openssl-1.0 1.0.2.u-1
* https://www.openssl.org/news/secadv/20200909.txt

This task depends upon

Comments (4)
Related Tasks (0/0)

Comment by Pierre Schmitz (Pierre) - Friday, 11 September 2020, 04:26 GMT

Quoting that same page:

[OpenSSL 1.0.2 is out of support and no longer receiving public updates. Extended
support is available for premium support customers:
https://www.openssl.org/support/contracts.html

Comment by loqs (loqs) - Friday, 11 September 2020, 12:31 GMT

From [1]
OpenSSL assigned the issue CVE-2020-1968. OpenSSL does use fresh DH keys per default since version 1.0.2f (which made SSL_OP_SINGLE_DH_USE default as a response to CVE-2016-0701). Therefore, the attack mainly affects OpenSSL 1.0.2 when a DH certificate is in use, which is rare. OpenSSL 1.1.1 never reuses a DH secret and does not implement any "static" DH ciphersuites. To mitigate the attack, the developers moved all remaining DH cipher suites into the "weak-ssl-ciphers" list. In addition, motivated by this research, the developers also activated the fresh generation of EC ephemeral keys in OpenSSL 1.0.2w. Please refer to the OpenSSL Security Advisory.
Although [2] states: Note that this issue only impacts DH ciphersuites and not ECDH ciphersuites.

The patch disables ECDH and DH by marking them as weak. Anonymous DH, DHE and ECDHE and not changed.

[1] https://raccoon-attack.com/
[2] https://www.openssl.org/news/vulnerabilities.html

disable-static-DH.patch (10.5 KiB)

Comment by Pascal E. (hardfalcon) - Friday, 11 September 2020, 15:47 GMT

To spare you the redundant manual searches, here's a few links to other distros tracking the same issue:

https://security-tracker.debian.org/tracker/CVE-2020-1968

https://bugzilla.redhat.com/show_bug.cgi?id=1877458

https://bugzilla.opensuse.org/show_bug.cgi?id=1176331

Comment by loqs (loqs) - Tuesday, 29 September 2020, 00:03 GMT

Patch used by Ubuntu and Debian. This is applied after the patch marking 3DES and RC4 as weak so does not include ciphers already marked as weak by that patch.

CVE-2020-1968.patch (3.9 KiB)

Mark-3DES-and-RC4-ciphers-as-... (8.9 KiB)

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

Arch Linux

FS#67858 - [security] [openssl-1.0] CVE-2020-1968

Details

Loading...