Please read this before reporting a bug:
https://wiki.archlinux.org/index.php/Reporting_Bug_Guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/index.php/Reporting_Bug_Guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#67858 - [security] [openssl-1.0] CVE-2020-1968
Attached to Project:
Arch Linux
Opened by loqs (loqs) - Wednesday, 09 September 2020, 19:21 GMT
Last edited by freswa (frederik) - Thursday, 10 September 2020, 13:37 GMT
Opened by loqs (loqs) - Wednesday, 09 September 2020, 19:21 GMT
Last edited by freswa (frederik) - Thursday, 10 September 2020, 13:37 GMT
|
DetailsDescription:
A Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman (DH) based ciphersuite. In such a case this would result in the attacker being able to eavesdrop on all encrypted communications sent over that TLS connection. Additional info: * openssl-1.0 1.0.2.u-1 * https://www.openssl.org/news/secadv/20200909.txt |
This task depends upon
[OpenSSL 1.0.2 is out of support and no longer receiving public updates. Extended
support is available for premium support customers:
https://www.openssl.org/support/contracts.html
OpenSSL assigned the issue CVE-2020-1968. OpenSSL does use fresh DH keys per default since version 1.0.2f (which made SSL_OP_SINGLE_DH_USE default as a response to CVE-2016-0701). Therefore, the attack mainly affects OpenSSL 1.0.2 when a DH certificate is in use, which is rare. OpenSSL 1.1.1 never reuses a DH secret and does not implement any "static" DH ciphersuites. To mitigate the attack, the developers moved all remaining DH cipher suites into the "weak-ssl-ciphers" list. In addition, motivated by this research, the developers also activated the fresh generation of EC ephemeral keys in OpenSSL 1.0.2w. Please refer to the OpenSSL Security Advisory.
Although [2] states: Note that this issue only impacts DH ciphersuites and not ECDH ciphersuites.
The patch disables ECDH and DH by marking them as weak. Anonymous DH, DHE and ECDHE and not changed.
[1] https://raccoon-attack.com/
[2] https://www.openssl.org/news/vulnerabilities.html
https://security-tracker.debian.org/tracker/CVE-2020-1968
https://bugzilla.redhat.com/show_bug.cgi?id=1877458
https://bugzilla.opensuse.org/show_bug.cgi?id=1176331
[1] http://security.debian.org/debian-security/pool/updates/main/o/openssl1.0/openssl1.0_1.0.2u-1~deb9u4.debian.tar.xz