ID

VAR-201811-0912

CVE

CVE-2018-5407

TITLE

OpenSSL Information disclosure vulnerability

DESCRIPTION

Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'. OpenSSL is an open source general encryption library of the OpenSSL team that can implement the Secure Sockets Layer (SSLv2/v3) and Transport Layer Security (TLSv1) protocols. The product supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, secure hash algorithms, etc. An information disclosure vulnerability exists in OpenSSL. This vulnerability stems from configuration errors in network systems or products during operation. An unauthorized attacker could exploit the vulnerability to obtain sensitive information of the affected components. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] openssl (SSA:2018-325-01) New openssl packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/openssl-1.0.2q-i586-1_slack14.2.txz: Upgraded. This update fixes a timing side-channel flaw on processors which implement SMT/Hyper-Threading architectures, and a side channel attack on DSA signature generation that could allow an attacker to recover the private key. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5407 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0734 (* Security fix *) patches/packages/openssl-solibs-1.0.2q-i586-1_slack14.2.txz: Upgraded. +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated packages for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1u-i486-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1u-i486-1_slack14.0.txz Updated packages for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1u-x86_64-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1u-x86_64-1_slack14.0.txz Updated packages for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1u-i486-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1u-i486-1_slack14.1.txz Updated packages for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1u-x86_64-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1u-x86_64-1_slack14.1.txz Updated packages for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openssl-1.0.2q-i586-1_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openssl-solibs-1.0.2q-i586-1_slack14.2.txz Updated packages for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openssl-1.0.2q-x86_64-1_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openssl-solibs-1.0.2q-x86_64-1_slack14.2.txz Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.1.1a-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.1.1a-i586-1.txz Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.1.1a-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.1.1a-x86_64-1.txz MD5 signatures: +-------------+ Slackware 14.0 packages: e6d4b3a76383f9f253da4128ba23f269 openssl-1.0.1u-i486-1_slack14.0.txz c61d31a1751ae39af89d3fee0b54f0d8 openssl-solibs-1.0.1u-i486-1_slack14.0.txz Slackware x86_64 14.0 packages: 96be19e6a96c9beb5d3bbc55348fb483 openssl-1.0.1u-x86_64-1_slack14.0.txz b7a8fa2ebd16c8ae106fc1267bc29eca openssl-solibs-1.0.1u-x86_64-1_slack14.0.txz Slackware 14.1 packages: 099b960e62eaea5d1a639a61a2fabca7 openssl-1.0.1u-i486-1_slack14.1.txz b5d5219e05db97f63c4d6c389d6884fb openssl-solibs-1.0.1u-i486-1_slack14.1.txz Slackware x86_64 14.1 packages: fc96c87d76c9d1efd1290ac847fa7c7c openssl-1.0.1u-x86_64-1_slack14.1.txz e873b66f84f45ea34d028a3d524ce573 openssl-solibs-1.0.1u-x86_64-1_slack14.1.txz Slackware 14.2 packages: d5f0cc19451e9c7e3967820cf02a20c6 openssl-1.0.2q-i586-1_slack14.2.txz 594ca80447baecd608a51083b12a26d9 openssl-solibs-1.0.2q-i586-1_slack14.2.txz Slackware x86_64 14.2 packages: 943bb2f3259ccf97a1b8b25f5f511c30 openssl-1.0.2q-x86_64-1_slack14.2.txz 0d45afe2487c47b283c06902c56e4559 openssl-solibs-1.0.2q-x86_64-1_slack14.2.txz Slackware -current packages: 6f01f6dd0f40a12e473320386cfc8536 a/openssl-solibs-1.1.1a-i586-1.txz 6e5a2ab2475a0d851376d12911b3c6b7 n/openssl-1.1.1a-i586-1.txz Slackware x86_64 -current packages: eb4697703f1f4b81ad38e9247ab70dac a/openssl-solibs-1.1.1a-x86_64-1.txz 12a10fd6bd2344b3e73106c8d5b9828c n/openssl-1.1.1a-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the packages as root: # upgradepkg openssl-1.0.2q-i586-1_slack14.2.txz openssl-solibs-1.0.2q-i586-1_slack14.2.txz +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. Solution: For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/ index.html 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. Bugs fixed (https://bugzilla.redhat.com/): 1645695 - CVE-2018-5407 openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) 1683804 - CVE-2019-1559 openssl: 0-byte record padding oracle 1713275 - CVE-2019-0221 tomcat: XSS in SSI printenv 1723708 - CVE-2019-10072 tomcat: HTTP/2 connection window exhaustion on write, incomplete fix of CVE-2019-0199 5. For the stable distribution (stretch), these problems have been fixed in version 1.1.0j-1~deb9u1. Going forward, openssl security updates for stretch will be based on the 1.1.0x upstream releases. We recommend that you upgrade your openssl packages. For the detailed security status of openssl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openssl Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlwBuAcACgkQEMKTtsN8 TjZbBw/+MOB5+pZbCHHXyH3IeD+yj+tSPvmNc3SCwdEtUxGXr0ZX7TKHfaLs/8s6 Udto0K8a1FvjrcUQCfhnFpNcSAv9pxX13Fr6Pd560miIfAu9/5jAqiCufCoiz+xj 45LNJGlaxxaFjgBGCitZSJA0Fc4SM6v5XFyJfR3kChdQ/3kGQbbMNAp16Fy3ZsxJ VXwviomUxmmmdvjxyhifTIpuwr9OiJSQ+13etQjTDQ3pzSbLBPSOxmpV0vPIC7I2 Dwa4zuQXA/DF4G6l8T4rXCwCN4e4pwbTc8bbCjXeZK+iVAhnRD6wXlS3cc5IVAzx /qTa89LZU8B6ylcB6nodeAHLuZTC3Le8ndoxYz5S2/jHZMM/jCQNHYJemHWNbOqn q+e5W0D1fIVLiLoL/iHW5XhN6yJY2Ma7zjXMRBnkzJA9CTNIKgUjrSFz0Ud+wIM/ u8QhNPwZ0hPd5IfSgIyWqmuQ5XzFYqAQvwT1gUJiK7tIvuT0VsSyKVaSZVbi4yrM 9sxkZaP1UNLcTVCFw6A0KFwhb9z6kQtyH1MRkFPphmnb8jlHA3cTdPJkFUBi3VaT 7izThm5/mVLbAjZ8X7nkqnzWzmc885j0ml3slDd/MOVWB5CD3vFAcI8k3VZr3A61 P2gNSN6UbAbLMGsxgs3hYUHgazi7MdXJ/aNavjGSbYBNL780Iaw=3Qji -----END PGP SIGNATURE----- . Description: This release adds the new Apache HTTP Server 2.4.37 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.29 and includes bug fixes and enhancements. Security Fix(es): * openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys (CVE-2018-0737) * openssl: timing side channel attack in the DSA signature algorithm (CVE-2018-0734) * mod_auth_digest: access control bypass due to race condition (CVE-2019-0217) * openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407) * mod_session_cookie does not respect expiry time (CVE-2018-17199) * mod_http2: DoS via slow, unneeded request bodies (CVE-2018-17189) * mod_http2: possible crash on late upgrade (CVE-2019-0197) * mod_http2: read-after-free on a string compare (CVE-2019-0196) * nghttp2: HTTP/2: large amount of data request leads to denial of service (CVE-2019-9511) * nghttp2: HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption (CVE-2019-9513) * mod_http2: HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516) * mod_http2: HTTP/2: request for large response leads to denial of service (CVE-2019-9517) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. After installing the updated packages, the httpd daemon will be restarted automatically. Bugs fixed (https://bugzilla.redhat.com/): 1568253 - CVE-2018-0737 openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys 1644364 - CVE-2018-0734 openssl: timing side channel attack in the DSA signature algorithm 1645695 - CVE-2018-5407 openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) 1668493 - CVE-2018-17199 httpd: mod_session_cookie does not respect expiry time 1668497 - CVE-2018-17189 httpd: mod_http2: DoS via slow, unneeded request bodies 1695020 - CVE-2019-0217 httpd: mod_auth_digest: access control bypass due to race condition 1695030 - CVE-2019-0196 httpd: mod_http2: read-after-free on a string compare 1695042 - CVE-2019-0197 httpd: mod_http2: possible crash on late upgrade 1735741 - CVE-2019-9513 HTTP/2: flood using PRIORITY frames results in excessive resource consumption 1741860 - CVE-2019-9511 HTTP/2: large amount of data requests leads to denial of service 1741864 - CVE-2019-9516 HTTP/2: 0-length headers lead to denial of service 1741868 - CVE-2019-9517 HTTP/2: request for large response leads to denial of service 6. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: ovmf security and enhancement update Advisory ID: RHSA-2019:2125-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:2125 Issue date: 2019-08-06 CVE Names: CVE-2017-5731 CVE-2017-5732 CVE-2017-5733 CVE-2017-5734 CVE-2017-5735 CVE-2018-3613 CVE-2018-5407 CVE-2018-12181 CVE-2019-0160 CVE-2019-0161 ==================================================================== 1. Summary: An update for ovmf is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server (v. 7) - noarch 3. Description: OVMF (Open Virtual Machine Firmware) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fix(es): * edk2: Privilege escalation via processing of malformed files in TianoCompress.c (CVE-2017-5731) * edk2: Privilege escalation via processing of malformed files in BaseUefiDecompressLib.c (CVE-2017-5732) * edk2: Privilege escalation via heap-based buffer overflow in MakeTable() function (CVE-2017-5733) * edk2: Privilege escalation via stack-based buffer overflow in MakeTable() function (CVE-2017-5734) * edk2: Privilege escalation via heap-based buffer overflow in Decode() function (CVE-2017-5735) * edk2: Logic error in MdeModulePkg in EDK II firmware allows for privilege escalation by authenticated users (CVE-2018-3613) * openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407) * edk2: Stack buffer overflow with corrupted BMP (CVE-2018-12181) * edk2: buffer overflows in PartitionDxe and UdfDxe with long file names and invalid UDF media (CVE-2019-0160) * edk2: stack overflow in XHCI causing denial of service (CVE-2019-0161) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1641433 - CVE-2018-3613 edk2: Logic error in MdeModulePkg in EDK II firmware allows for privilege escalation by authenticated users 1641442 - CVE-2017-5731 edk2: Privilege escalation via processing of malformed files in TianoCompress.c 1641446 - CVE-2017-5732 edk2: Privilege escalation via processing of malformed files in BaseUefiDecompressLib.c 1641450 - CVE-2017-5733 edk2: Privilege escalation via heap-based buffer overflow in MakeTable() function 1641458 - CVE-2017-5734 edk2: Privilege escalation via stack-based buffer overflow in MakeTable() function 1641465 - CVE-2017-5735 edk2: Privilege escalation via heap-based buffer overflow in Decode() function 1645695 - CVE-2018-5407 openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) 1686783 - CVE-2018-12181 edk2: Stack buffer overflow with corrupted BMP 1691640 - CVE-2019-0160 edk2: buffer overflows in PartitionDxe and UdfDxe with long file names and invalid UDF media 1694065 - CVE-2019-0161 edk2: stack overflow in XHCI causing denial of service 6. Package List: Red Hat Enterprise Linux Server (v. 7): Source: ovmf-20180508-6.gitee3198e672e2.el7.src.rpm noarch: OVMF-20180508-6.gitee3198e672e2.el7.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-5731 https://access.redhat.com/security/cve/CVE-2017-5732 https://access.redhat.com/security/cve/CVE-2017-5733 https://access.redhat.com/security/cve/CVE-2017-5734 https://access.redhat.com/security/cve/CVE-2017-5735 https://access.redhat.com/security/cve/CVE-2018-3613 https://access.redhat.com/security/cve/CVE-2018-5407 https://access.redhat.com/security/cve/CVE-2018-12181 https://access.redhat.com/security/cve/CVE-2019-0160 https://access.redhat.com/security/cve/CVE-2019-0161 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXUl2ZNzjgjWX9erEAQhKuA/+O5K7BxvCHuj1pDM/pezYzjBfOcdVKQWz L61IFKCy653XFNrw0fLFh8Er+/vkrlZD93rmGl9JqU4PmaeqO8Tofgw9d3XsuaI6 7hWuhyiYqjzkbRP+XZGQK3B8a8aY4a2uRMjNemo9nMjLTuEpkGWShxo6O0AGPuCG GLhV6PTqAmNaxQSqEIdzzBk/YTVx+/ElEKEAYINfhyFV/KLAJcEso/v9DwA0vRaR J0srktZqKHG0WZ8JUMGBT+iEfwsgWI/oZP2DdcUwALTtS8LiGsY6eUmhR6Hj7BBx DDazP8ihme8q1Z3sTZVb+s2O4/v76bFexY6Q+k5SkS9/Xs8kYan8twTXo+r3d8Hy AJBtCnUS8WQV3mXokvIjPtEWfzomcL0N2RYJlhFMFwO43LLUfBH2k7yq+4qQRPqC KJI/I0lqckFDPJcW1T5CPhzPmixGchWoJpMzxNI4axznXg5SeyEX0Rd2czsuCUA0 wPXmrt6VBpEReROhjY0707Wyaq65BZws9+E7CoXDjvKiobQ/yHUVmv1GdUDeHpH5 dhOU+BMp38VwPORp/hX/cbm+FIZyPZWBKtOF/fuPJ3VV8xKNyGZ4Igcr9AdHT9O+ nHDfz2bu3595ZdZlUMw5wMb3pvtT48dT1NAgwsvTWgts/p9tg/JqoD3DJkHQaDiG bSZXnvoCTGA=vpvG -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

local

TYPE

information disclosure

EXPLOIT AVAILABILITY

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Red Hat

SOURCES

LAST UPDATE DATE

2024-11-11T23:12:44.304000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE