Re: matrixssl
Christopher Samuel writes: > I found that error reported in an unrelated bug report, the solution > seems to be: > > https://bugs.contribs.org/show_bug.cgi?id=7664#c4 Thanks for this. Finally got it working... ...BUT matrixssl is SSLv3 only. openssl in sid - which seems to be required for the exploit patch - doesn't support SSLv3. So it errors out instead of connecting. openssl from wheezy doesn't work either, unless you pass the -ssl3 parameter to "openssl s_client". Wonder if it is actually worth fixing a security bug in a library that only supports an known insecure protocol. Ok, managed to rebuild the Debian package with ssl3 support enabled. It appears to work. Will try the exploit. Still leaves me wondering if it is actually worth fixing security issues in matrixssl. -- Brian May
Re: matrixssl
Brian May writes: > Ok, managed to rebuild the Debian package with ssl3 support enabled. It > appears to work. Will try the exploit. Still leaves me wondering if it > is actually worth fixing security issues in matrixssl. Hmmm.. Interesting. Wheezy version appears to be not vulnerable to these exploits. Or I am doing something wrong. Take your pick. If I set RSA_BREAK_ZERO or RSA_BREAK_MODULUS and try to connect to a server, I get an instant disconnect: === server === (wheezy-amd64-default)root@prune:/home/brian# tcpsvd localhost 8123 sslio -u brian -C cert.pem -K key2.pem cat sslio[22436]: fatal: ssl decode error: illegal parameter sslio[22475]: fatal: ssl decode error: illegal parameter === cut === === client === (stretch-amd64-default)root@prune:/home/brian/tree/debian/debian-lts/wheezy/matrixssl/openssl-1.0.2h# export RSA_BREAK_ZERO=yes (stretch-amd64-default)root@prune:/home/brian/tree/debian/debian-lts/wheezy/matrixssl/openssl-1.0.2h# openssl s_client -ssl3 -connect localhost:8123 CONNECTED(0003) depth=0 C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = localhost verify error:num=18:self signed certificate verify return:1 depth=0 C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = localhost verify return:1 140106150102680:error:14094417:SSL routines:ssl3_read_bytes:sslv3 alert illegal parameter:s3_pkt.c:1472:SSL alert number 47 140106150102680:error:1409E0E5:SSL routines:ssl3_write_bytes:ssl handshake failure:s3_pkt.c:656: --- Certificate chain 0 s:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=localhost i:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=localhost --- Server certificate -BEGIN CERTIFICATE- MIICgDCCAemgAwIBAgIJAITtyLEbQkaHMA0GCSqGSIb3DQEBCwUAMFkxCzAJBgNV BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX aWRnaXRzIFB0eSBMdGQxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0xNjA5MDUwNzQx MjdaFw0xNjEwMDUwNzQxMjdaMFkxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21l LVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxEjAQBgNV BAMMCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAz8hRc6PB MiupLrhiHbuA05wNN4QnnCTrt6b4Te2/ZiUBf96FbwycUHr/lTRGg6VnqCS6sYyn 391qWtgmYrSg+I1qpuoJ4iXKiH7ms6hapRWOYcWDffh9nxW5Y0eIKcXovS0gTo++ gtyv6YsEuG+yCkUkkArhB+IrCvF7Yr5F4AECAwEAAaNQME4wHQYDVR0OBBYEFL/T mnPWt433CRNsDPcPA0Qtcn6TMB8GA1UdIwQYMBaAFL/TmnPWt433CRNsDPcPA0Qt cn6TMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADgYEAcOlr2RC3GUwZT5QO PPTGcJWXAygrH18tCvnUeYkxS62ZZnPAnQvSCBMJ4rR9qvRN/LVERayn5IjvG9T/ mIDD4ca8KInpEf1993x+ilb4wOQvPpQ8sbo8n7mkcG597c+8Ts+gD6Hottin/JVf ls9+lwksgQnWz+soMeHCQsMCEJo= -END CERTIFICATE- subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=localhost issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=localhost --- No client certificate CA names sent --- SSL handshake has read 754 bytes and written 208 bytes --- New, TLSv1/SSLv3, Cipher is RC4-SHA Server public key is 1024 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : SSLv3 Cipher: RC4-SHA Session-ID: 7A25015D9CAB0A4B7359B5222D2483C904002B0BE51F9B8EBD115666 Session-ID-ctx: Master-Key: C6E7544269DFDE1A25A2FB58CACD642A6B14D9BE249CC652904739C57681D768B240233E3F93AC6030F01CF8D05C4D2A Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None Start Time: 1473063748 Timeout : 7200 (sec) Verify return code: 18 (self signed certificate) --- (stretch-amd64-default)root@prune:/home/brian/tree/debian/debian-lts/wheezy/matrixssl/openssl-1.0.2h# unset RSA_BREAK_ZERO (stretch-amd64-default)root@prune:/home/brian/tree/debian/debian-lts/wheezy/matrixssl/openssl-1.0.2h# export RSA_BREAK_MODULUS=yes (stretch-amd64-default)root@prune:/home/brian/tree/debian/debian-lts/wheezy/matrixssl/openssl-1.0.2h# openssl s_client -ssl3 -connect localhost:8123 CONNECTED(0003) depth=0 C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = localhost verify error:num=18:self signed certificate verify return:1 depth=0 C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = localhost verify return:1 140672067921560:error:14094417:SSL routines:ssl3_read_bytes:sslv3 alert illegal parameter:s3_pkt.c:1472:SSL alert number 47 140672067921560:error:1409E0E5:SSL routines:ssl3_write_bytes:ssl handshake failure:s3_pkt.c:656: --- Certificate chain 0 s:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=localhost i:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=localhost --- Server certificate -BEGIN CERTIFICATE- MIICgDCCAemgAwIBAgIJAITtyLEbQkaHMA0GCSqGSIb3DQEBCwUAMFkxCzAJBgNV BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX aWRnaXRzIFB0eSBMdGQxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0xNjA5MDUwNzQx MjdaFw0xNjEwMDUwNzQxMjdaMFkxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21l LVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxEjAQBgNV BAMMCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAz8hRc6PB MiupLrhiHbuA05wNN4QnnCTrt6b4Te2/ZiUBf96FbwycUHr/lTRGg6VnqCS6sY
Re: qemu: CVE-2016-7116
Hi Thorsten, > > "A privileged user inside guest could use this flaw to access undue > > files on the host." > > ... you should also cite: > "... host directory sharing via Plan 9 File System(9pfs) support ..." > > The latest news on [1] is from 2008. I am not sure whether there are really > that much installations in the wild that really use it. There are several "versions" of Plan 9 currently. The Bell one, which is rather inactive, and forked one, 9front, which seems to be under active development[0]. > I still think it is not needed. I wasn't sure whether we should do an LTS upload for qemu or not. That's why I asked here before claiming qemu in dla-needed. I'll follow the team's decision. (By the way, *if we do an LTS upload*, shouldn't we include this patch[1][2], too ?) Cheers, Hugo [0] http://ninetimes.cat-v.org/ [1] http://git.qemu.org/?p=qemu.git;a=commit;h=805b5d98c649d26fc44d2d7755a97f18e62b438a [2] https://marc.info/?l=oss-security&m=147259351226835&w=2 -- Hugo Lefeuvre (hle)|www.owl.eu.com 4096/ ACB7 B67F 197F 9B32 1533 431C AC90 AC3E C524 065E signature.asc Description: PGP signature
Re: matrixssl
Hi Brian I think we should state no-dsa for this. Matrixssl is very seldomly used. According to popcon there are in total 75 users. https://qa.debian.org/popcon.php?package=matrixssl Considering that it is really hard to reproduce (or impossible) and lack of users I think we should spend our efforts on more important problems. Best regards // Ola On Mon, Sep 5, 2016 at 10:30 AM, Brian May wrote: > Brian May writes: >> Ok, managed to rebuild the Debian package with ssl3 support enabled. It >> appears to work. Will try the exploit. Still leaves me wondering if it >> is actually worth fixing security issues in matrixssl. > > Hmmm.. Interesting. Wheezy version appears to be not vulnerable to these > exploits. Or I am doing something wrong. Take your pick. > > If I set RSA_BREAK_ZERO or RSA_BREAK_MODULUS and try to connect to a > server, I get an instant disconnect: > > === server === > (wheezy-amd64-default)root@prune:/home/brian# tcpsvd localhost 8123 sslio -u > brian -C cert.pem -K key2.pem cat > sslio[22436]: fatal: ssl decode error: illegal parameter > sslio[22475]: fatal: ssl decode error: illegal parameter > === cut === > > === client === > (stretch-amd64-default)root@prune:/home/brian/tree/debian/debian-lts/wheezy/matrixssl/openssl-1.0.2h# > export RSA_BREAK_ZERO=yes > (stretch-amd64-default)root@prune:/home/brian/tree/debian/debian-lts/wheezy/matrixssl/openssl-1.0.2h# > openssl s_client -ssl3 -connect localhost:8123 > CONNECTED(0003) > depth=0 C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = localhost > verify error:num=18:self signed certificate > verify return:1 > depth=0 C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = localhost > verify return:1 > 140106150102680:error:14094417:SSL routines:ssl3_read_bytes:sslv3 alert > illegal parameter:s3_pkt.c:1472:SSL alert number 47 > 140106150102680:error:1409E0E5:SSL routines:ssl3_write_bytes:ssl handshake > failure:s3_pkt.c:656: > --- > Certificate chain > 0 s:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=localhost >i:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=localhost > --- > Server certificate > -BEGIN CERTIFICATE- > MIICgDCCAemgAwIBAgIJAITtyLEbQkaHMA0GCSqGSIb3DQEBCwUAMFkxCzAJBgNV > BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX > aWRnaXRzIFB0eSBMdGQxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0xNjA5MDUwNzQx > MjdaFw0xNjEwMDUwNzQxMjdaMFkxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21l > LVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxEjAQBgNV > BAMMCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAz8hRc6PB > MiupLrhiHbuA05wNN4QnnCTrt6b4Te2/ZiUBf96FbwycUHr/lTRGg6VnqCS6sYyn > 391qWtgmYrSg+I1qpuoJ4iXKiH7ms6hapRWOYcWDffh9nxW5Y0eIKcXovS0gTo++ > gtyv6YsEuG+yCkUkkArhB+IrCvF7Yr5F4AECAwEAAaNQME4wHQYDVR0OBBYEFL/T > mnPWt433CRNsDPcPA0Qtcn6TMB8GA1UdIwQYMBaAFL/TmnPWt433CRNsDPcPA0Qt > cn6TMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADgYEAcOlr2RC3GUwZT5QO > PPTGcJWXAygrH18tCvnUeYkxS62ZZnPAnQvSCBMJ4rR9qvRN/LVERayn5IjvG9T/ > mIDD4ca8KInpEf1993x+ilb4wOQvPpQ8sbo8n7mkcG597c+8Ts+gD6Hottin/JVf > ls9+lwksgQnWz+soMeHCQsMCEJo= > -END CERTIFICATE- > subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=localhost > issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=localhost > --- > No client certificate CA names sent > --- > SSL handshake has read 754 bytes and written 208 bytes > --- > New, TLSv1/SSLv3, Cipher is RC4-SHA > Server public key is 1024 bit > Secure Renegotiation IS NOT supported > Compression: NONE > Expansion: NONE > No ALPN negotiated > SSL-Session: > Protocol : SSLv3 > Cipher: RC4-SHA > Session-ID: > 7A25015D9CAB0A4B7359B5222D2483C904002B0BE51F9B8EBD115666 > Session-ID-ctx: > Master-Key: > C6E7544269DFDE1A25A2FB58CACD642A6B14D9BE249CC652904739C57681D768B240233E3F93AC6030F01CF8D05C4D2A > Key-Arg : None > PSK identity: None > PSK identity hint: None > SRP username: None > Start Time: 1473063748 > Timeout : 7200 (sec) > Verify return code: 18 (self signed certificate) > --- > (stretch-amd64-default)root@prune:/home/brian/tree/debian/debian-lts/wheezy/matrixssl/openssl-1.0.2h# > unset RSA_BREAK_ZERO > (stretch-amd64-default)root@prune:/home/brian/tree/debian/debian-lts/wheezy/matrixssl/openssl-1.0.2h# > export RSA_BREAK_MODULUS=yes > (stretch-amd64-default)root@prune:/home/brian/tree/debian/debian-lts/wheezy/matrixssl/openssl-1.0.2h# > openssl s_client -ssl3 -connect localhost:8123 > CONNECTED(0003) > depth=0 C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = localhost > verify error:num=18:self signed certificate > verify return:1 > depth=0 C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = localhost > verify return:1 > 140672067921560:error:14094417:SSL routines:ssl3_read_bytes:sslv3 alert > illegal parameter:s3_pkt.c:1472:SSL alert number 47 > 140672067921560:error:1409E0E5:SSL routines:ssl3_write_bytes:ssl handshake > failure:s3_pkt.c:656: > --- > Certificate chain > 0 s:/C=AU/ST=Some-State/O=
Re: matrixssl
On Mon, 2016-09-05 at 18:16 +1000, Brian May wrote: > > Christopher Samuel writes: > > > > > I found that error reported in an unrelated bug report, the solution > > seems to be: > > > > https://bugs.contribs.org/show_bug.cgi?id=7664#c4 > > Thanks for this. Finally got it working... > > ...BUT matrixssl is SSLv3 only. [...] So let's add it to the unsupported packages list. Ben. -- Ben Hutchings I haven't lost my mind; it's backed up on tape somewhere. signature.asc Description: This is a digitally signed message part
Re: qemu: CVE-2016-7116
Hi Hugo and Guido, On Mon, 5 Sep 2016, Hugo Lefeuvre wrote: There are several "versions" of Plan 9 currently. The Bell one, which is rather inactive, and forked one, 9front, which seems to be under active development[0]. oh, great, I "found" the wrong one. I wasn't sure whether we should do an LTS upload for qemu or not. That's why I asked here before claiming qemu in dla-needed. I'll follow the team's decision. I hadn't heard before of 9p and I thought nobody would use it. But this seems to be wrong, so please go ahead. I removed the ... (By the way, *if we do an LTS upload*, shouldn't we include this patch[1][2], too ?) Yes, and while you are at it, maybe [11] from [2] is worth a look as well ... Thorsten [1] http://git.qemu.org/?p=qemu.git;a=commit;h=805b5d98c649d26fc44d2d7755a97f18e62b438a [2] https://marc.info/?l=oss-security&m=147259351226835&w=2 [11] http://git.qemu.org/?p=qemu.git;a=commit;h=fff39a7ad09da07ef490de05c92c91f22f8002f2
Re: [SECURITY] [DLA 611-1] jsch security update
unsubscribe > On 5.9.2016, at 21:07 , Chris Lamb wrote: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Package: jsch > Version: 0.1.42-2+deb7u1 > CVE ID : CVE-2016-5725 > > It was discovered that there was a path traversal vulnerability in jsch, a > pure Java implementation of the SSH2 protocol. > > For Debian 7 "Wheezy", this issue has been fixed in jsch version > 0.1.42-2+deb7u1. > > We recommend that you upgrade your jsch packages. > > > Regards, > > - -- > ,''`. > : :' : Chris Lamb > `. `'` la...@debian.org / chris-lamb.co.uk > `- > > -BEGIN PGP SIGNATURE- > > iQIcBAEBCAAGBQJXzbQ7AAoJEB6VPifUMR5YwuUP/iVTPIRM9GRiINkjxDQ7dw0w > 85iwaNo2obd442voLOYuDx73fUdeDtM/UQ8JefcK6mw90I6R/2vlgHhr0xNyMUpS > VjBI2e0fNcV5pGFI9IZEo6Yon8SQ1ccNMoYIa2Ek8eEai569dNZ9H3XW8dGPMVV2 > IGcO/nBQTxRzhhKU+Mbysr9tJLprOTSWZ5u6qwe0STxsDuXiYOHjAYHHw3ZY4KYs > ll3TUg8s5FGLv38Tj3a6oUFPkoRYP6a9h5c50LtNBOnedOtxyB0huvg/PydTrxvP > k75mEhNg1bwMd4fF9hOfiy37MF9h2VHNF9DZJkd5mK1OncSbhyhaXQznmNt8z9Zk > QfdsqjPPqEnJCuzPPW9DhORBz0d9tkcivdAkSyD/KLF1zTHUAXJcU5sjsuxi3l1G > hqfHyM9mFQzH7qRhP+pFOa0PPQtdoWsDtO2oljv7zYo+SbDxMqBpOK2QX7ZnBkGz > FLMPGrfhXMKh9l+s93EKAghznq5OSw/OaFhaJeu1N176mrCF/xghjUHJSu6F7uJB > bcm2O1JZBgzblHpsLY7XH9xHa0gPmSJpoElRc/rsaCAHNhxwBHhv9MaGFh7Vw0D5 > JOZ+whbr+A99BUC5XG1R+z1sj/FPZbbH0d4MQbxSgbPrXrrK2D/ZVTgFQPLEyETL > 32mlJdwjA8bE3V/74N/c > =2BTa > -END PGP SIGNATURE- > -- Jarkko Santala +358 40 720 4512
LTS report for August
August 2016 was my third month as a debian-lts contributor. I was allocated 14.75 hours in addition to the 2 hours not used in the previous month. I used 9.5 hours in which I worked on the following: * DLA 581-1 libreoffice security update (CVE-2016-1513) * DLA 595-1 wireshark security update (9 CVE-s) * DLA 597-1 libupnp security update (CVE-2016-6255) - did some further checking and also checked reverse dependencies * DLA 605-1 eog security update (CVE-2016-6855) - also prepared fix for Jessie in the packaging repo I also share Brian's observation that the backlog shrank to a very low level and the lack of actionable outstanding issues made me carry 7.25 hours to September. Cheers, Balint signature.asc Description: OpenPGP digital signature
LTS Report for August 2016
For August I was allocated 14.5 hours. I spent 11 hours as follows: * CVE-2016-6293: Fix buffer overflow in uloc_acceptLanguageFromHTTP This issue turned out to be very complex to figure out. It was initially discovered by a PHP developer and reported to the PHP bug tracker. As the upstream bug report was detailed, I first attempted to replicate the bug in the same way as described in the bug report. It turns out that the gcc in wheezy does not support address sanitizer and that the ICU and PHP from wheezy won't build with clang, so I embarked on a rather frustrating journey to finally strike the correct combination: build on jessie, ICU from wheezy (of course), and PHP from sid (I had to patch out the fix that was implemented in PHP to unmask the bug in ICU). Once I figured that out, I was able to reliably reproduce the buffer overflow. After that I found the related fix in the upstream source repository and then I had to backport the fix (the affected file transitioned from C to C++ some time ago so I could not simply take upstream's patch). I was able to incorporate an upstream update to the related unit test and between that and the address sanitizer check I am confident that the fix I implented is correct. Remaining items to complete this task: - Build/sign/upload package - Publish DLA I apologize if the description was a bit too lengthy, but given the amount of time I spent on a single task I thought it worthwhile to explain with a bit of detail. Regards, -Roberto -- Roberto C. Sánchez
