OpenSSL site-wide compression disable tracking bug

Bug #1187195 reported by Seth Arnold
266
This bug affects 2 people
Affects Status Importance Assigned to Milestone
openssl (Ubuntu)
Fix Released
Undecided
Unassigned
Lucid
Fix Released
Undecided
Unassigned
Precise
Fix Released
Undecided
Unassigned
Quantal
Fix Released
Undecided
Unassigned
Raring
Fix Released
Undecided
Unassigned
Saucy
Fix Released
Undecided
Unassigned

Bug Description

This bug is a tracking bug for OpenSSL patches that introduce a new environment variable OPENSSL_DEFAULT_ZLIB that is necessary for re-enabling compression on a per-application basis.

Many applications, such as Apache Webserver, Qt's wrappers, and others, provide controls that can be used to configure if compression is required, allowed, or forbidden.

This bug tracks an update to include a patch from Fedora, http://pkgs.fedoraproject.org/cgit/openssl.git/plain/openssl-1.0.1e-env-zlib.patch , that will disable OpenSSL's automatic compression for all programs that do not have the OPENSSL_DEFAULT_ZLIB environment variable defined. (Value does not matter.) This is necessary because some programs, e.g. Postfix, do not have controls exposed to disable compression.

I do not know if the compression-related SSL attacks even make sense for SMTP, but some PCI-DSS auditors are flagging Postfix configurations with this flaw. It is safer to turn off compression everywhere it is not necessary.

Revision history for this message
Seth Arnold (seth-arnold) wrote :

Pocket copied openssl to proposed.

Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.

Thank you in advance!

tags: added: verification-needed
Changed in openssl (Ubuntu Saucy):
status: New → Fix Committed
Changed in openssl (Ubuntu Raring):
status: New → Fix Committed
Changed in openssl (Ubuntu Quantal):
status: New → Fix Committed
Changed in openssl (Ubuntu Precise):
status: New → Fix Committed
Changed in openssl (Ubuntu Lucid):
status: New → Fix Committed
Revision history for this message
Seth Arnold (seth-arnold) wrote :

To test this modification, I extended the Ubuntu Security Team's QRT testcase for OpenSSL to run through the entire test suite twice -- once with compression enabled, once with compression disabled, and verify that compression has been enabled or disabled where appropriate. These modifications can be found here: http://bazaar.launchpad.net/~ubuntu-bugcontrol/qa-regression-testing/master/revision/1931

Because the 10.04 LTS Python test suite will exit when the test suite is over I special-cased that distribution to run only the tests with compression enabled. I don't foresee this being a problem, and the modification to run the other set of tests would be readily visible for future updates.

I ran this test suite on all five currently supported distributions: 10.04 LTS, 12.04 LTS, 12.10, 13.04, and Saucy, on KVM VMs running both i386 and AMD64.

Thus, I'd like testing from the larger community to determine if this is suitable for the distribution. Cases when users will need to manually enable compression for compatibility reasons are likely low, as Fedora has shipped with this modification for several months.

I want to know which services do not work 'out of the box' before shipping this update to the larger Ubuntu community.

Thanks.

Revision history for this message
Seth Arnold (seth-arnold) wrote :

To ubuntu-sru: if this passes the verification process, please ping the security team (sarnold). Thanks!

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package openssl - 1.0.1e-2ubuntu1.1

---------------
openssl (1.0.1e-2ubuntu1.1) saucy-security; urgency=low

  * SECURITY UPDATE: Disable compression to avoid CRIME systemwide
    (LP: #1187195)
    - CVE-2012-4929
    - debian/patches/openssl-1.0.1e-env-zlib.patch: disable default use of
      zlib to compress SSL/TLS unless the environment variable
      OPENSSL_DEFAULT_ZLIB is set in the environment during library
      initialization.
    - Introduced to assist with programs not yet updated to provide their own
      controls on compression, such as Postfix
    - http://pkgs.fedoraproject.org/cgit/openssl.git/plain/openssl-1.0.1e-env-zlib.patch
 -- Seth Arnold <email address hidden> Mon, 03 Jun 2013 18:14:05 -0700

Changed in openssl (Ubuntu Saucy):
status: Fix Committed → Fix Released
Revision history for this message
Theodotos Andreou (theodotos) wrote :

Guys I have also failed the PCI test on my SSL enabled postfix and dovecot.

I run TestSSLServer and it says:

CRIME status: vulnerable

I am using Ubuntu 12.04.2 LTS (precise) 64 bit and my openssl version is 1.0.1-4ubuntu5.9.

Is this backported to precise? What is the easiest way to be protected against it? Does the OPENSSL_DEFAULT_ZLIB env variable works on my version?

Revision history for this message
Simon Déziel (sdeziel) wrote :

@Theodotos, there is a package on it's way for Precise (http://changelogs.ubuntu.com/changelogs/pool/main/o/openssl/openssl_1.0.1-4ubuntu5.10/changelog). You can deploy it now by enabling the precise-proposed repo but it should hit the regular repos soonish as it was published on June 3rd.

Revision history for this message
Theodotos Andreou (theodotos) wrote :

OKI enabled the proposed repo and now I got the updated version:

# aptitude show openssl | grep -i version
Version: 1.0.1-4ubuntu5.10

But running TestSSLServer against my dovecot pop3s (port 995) I still get that the system is vulnerable to CRIME.

Compression is supposed to be disabled by default and only enabled when you use the OPENSSL_DEFAULT_ZLIB environment variable right?

Revision history for this message
Theodotos Andreou (theodotos) wrote :

False alarm. I updated openssl but not libssl. Works now. Thanks Simon!

Revision history for this message
Seth Arnold (seth-arnold) wrote :

Theodotos, thanks for the feedback. Please also let us know if you need to set the environment variable for any services, I'd really like to know if there are any services that require compression.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package openssl - 1.0.1-4ubuntu5.10

---------------
openssl (1.0.1-4ubuntu5.10) precise-security; urgency=low

  * SECURITY UPDATE: Disable compression to avoid CRIME systemwide
    (LP: #1187195)
    - CVE-2012-4929
    - debian/patches/openssl-1.0.1e-env-zlib.patch: disable default use of
      zlib to compress SSL/TLS unless the environment variable
      OPENSSL_DEFAULT_ZLIB is set in the environment during library
      initialization.
    - Introduced to assist with programs not yet updated to provide their own
      controls on compression, such as Postfix
    - http://pkgs.fedoraproject.org/cgit/openssl.git/plain/openssl-1.0.1e-env-zlib.patch
 -- Seth Arnold <email address hidden> Mon, 03 Jun 2013 18:13:18 -0700

Changed in openssl (Ubuntu Precise):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package openssl - 0.9.8k-7ubuntu8.15

---------------
openssl (0.9.8k-7ubuntu8.15) lucid-security; urgency=low

  * SECURITY UPDATE: Disable compression to avoid CRIME systemwide
    (LP: #1187195)
    - CVE-2012-4929
    - debian/patches/openssl-1.0.1e-env-zlib.patch: disable default use of
      zlib to compress SSL/TLS unless the environment variable
      OPENSSL_DEFAULT_ZLIB is set in the environment during library
      initialization.
    - Introduced to assist with programs not yet updated to provide their own
      controls on compression, such as Postfix
    - http://pkgs.fedoraproject.org/cgit/openssl.git/plain/openssl-1.0.1e-env-zlib.patch
 -- Seth Arnold <email address hidden> Mon, 03 Jun 2013 20:37:34 -0700

Changed in openssl (Ubuntu Lucid):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package openssl - 1.0.1c-3ubuntu2.5

---------------
openssl (1.0.1c-3ubuntu2.5) quantal-security; urgency=low

  * SECURITY UPDATE: Disable compression to avoid CRIME systemwide
    (LP: #1187195)
    - CVE-2012-4929
    - debian/patches/openssl-1.0.1e-env-zlib.patch: disable default use of
      zlib to compress SSL/TLS unless the environment variable
      OPENSSL_DEFAULT_ZLIB is set in the environment during library
      initialization.
    - Introduced to assist with programs not yet updated to provide their own
      controls on compression, such as Postfix
    - http://pkgs.fedoraproject.org/cgit/openssl.git/plain/openssl-1.0.1e-env-zlib.patch
 -- Seth Arnold <email address hidden> Mon, 03 Jun 2013 18:13:33 -0700

Changed in openssl (Ubuntu Quantal):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package openssl - 1.0.1c-4ubuntu8.1

---------------
openssl (1.0.1c-4ubuntu8.1) raring-security; urgency=low

  * SECURITY UPDATE: Disable compression to avoid CRIME systemwide
    (LP: #1187195)
    - CVE-2012-4929
    - debian/patches/openssl-1.0.1e-env-zlib.patch: disable default use of
      zlib to compress SSL/TLS unless the environment variable
      OPENSSL_DEFAULT_ZLIB is set in the environment during library
      initialization.
    - Introduced to assist with programs not yet updated to provide their own
      controls on compression, such as Postfix
    - http://pkgs.fedoraproject.org/cgit/openssl.git/plain/openssl-1.0.1e-env-zlib.patch
 -- Seth Arnold <email address hidden> Mon, 03 Jun 2013 18:13:47 -0700

Changed in openssl (Ubuntu Raring):
status: Fix Committed → Fix Released
tags: added: verification-done
removed: verification-needed
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.