Ubuntu
openssl package

openssl CVE-2014-0224 fix broke tls_session_secret_cb and EAP-FAST

Bug #1329297 reported by Jouni Malinen on 2014-06-12

6

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	openssl (Ubuntu)	Fix Released	Undecided	Marc Deslauriers
	Lucid	Invalid	Undecided	Marc Deslauriers
	Precise	Fix Released	Undecided	Marc Deslauriers
	Saucy	Fix Released	Undecided	Marc Deslauriers
	Trusty	Fix Released	Undecided	Marc Deslauriers
	Utopic	Fix Released	Undecided	Marc Deslauriers

Bug Description

The recently introduced openssl update to fix the CVE-2014-0224 vulnerability missed one code path where ChangeCipherSpec needs to be allowed. tls_session_secret_cb configured the key and needs to allow CCS message. The current Ubuntu package breaks programs that use that API, e.g., wpa_supplicant and EAP-FAST.

The upstream fix for the issue:

http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fb8d9ddb9dc19d84dffa84932f75e607c8a3ffe6;hp=c43a55407dccc6902058184d7dd0bd111fe6a61e

Upstream report and discussion related to the issue:

http://openssl.6102.n7.nabble.com/OpenSSL-1-0-1h-issue-with-EAP-FAST-session-resumption-td50696.html

ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: openssl 1.0.1f-1ubuntu2.2
ProcVersionSignature: Ubuntu 3.13.0-29.53-generic 3.13.11.2
Uname: Linux 3.13.0-29-generic x86_64
ApportVersion: 2.14.1-0ubuntu3.2
Architecture: amd64
CurrentDesktop: Unity
Date: Thu Jun 12 14:54:57 2014
InstallationDate: Installed on 2014-04-17 (55 days ago)
InstallationMedia: Ubuntu 14.04 LTS "Trusty Tahr" - Release amd64 (20140417)
SourcePackage: openssl
UpgradeStatus: No upgrade log present (probably fresh install)

Tags:

Related branches

lp:ubuntu/utopic-proposed/openssl

lp:ubuntu/precise-security/openssl

lp:ubuntu/saucy-security/openssl

lp:ubuntu/trusty-security/openssl

CVE References

2014-0224

Revision history for this message

Jouni Malinen (jkmaline) wrote on 2014-06-12:

#1

Dependencies.txt Edit (733 bytes, text/plain; charset="utf-8")
ProcEnviron.txt Edit (316 bytes, text/plain; charset="utf-8")

Revision history for this message

Marc Deslauriers (mdeslaur) wrote on 2014-06-12:

#2

Thanks for reporting this!

Changed in openssl (Ubuntu Lucid):
assignee:	nobody → Marc Deslauriers (mdeslaur)
Changed in openssl (Ubuntu Trusty):
assignee:	nobody → Marc Deslauriers (mdeslaur)
Changed in openssl (Ubuntu Saucy):
assignee:	nobody → Marc Deslauriers (mdeslaur)
Changed in openssl (Ubuntu Precise):
assignee:	nobody → Marc Deslauriers (mdeslaur)
Changed in openssl (Ubuntu Utopic):
assignee:	nobody → Marc Deslauriers (mdeslaur)
Changed in openssl (Ubuntu Lucid):
status:	New → Confirmed
Changed in openssl (Ubuntu Precise):
status:	New → Confirmed
Changed in openssl (Ubuntu Saucy):
status:	New → Confirmed
Changed in openssl (Ubuntu Trusty):
status:	New → Confirmed
Changed in openssl (Ubuntu Utopic):
status:	New → Confirmed

Revision history for this message

Marc Deslauriers (mdeslaur) wrote on 2014-06-12:

#3

1.0.1 commit:

https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=0d4d2e02eb55f3a03e2a8e39b723b2a2ba436584

0.9.8 is not affected.

Changed in openssl (Ubuntu Lucid):
status:	Confirmed → Invalid

Revision history for this message

Launchpad Janitor (janitor) wrote on 2014-06-12:

#4

This bug was fixed in the package openssl - 1.0.1f-1ubuntu5

---------------
openssl (1.0.1f-1ubuntu5) utopic; urgency=medium

  * SECURITY UPDATE: regression with tls_session_secret_cb (LP: #1329297)
    - debian/patches/CVE-2014-0224.patch: set the CCS_OK flag when using
      tls_session_secret_cb for session resumption in ssl/s3_clnt.c.
-- Marc Deslauriers <email address hidden> Thu, 12 Jun 2014 08:23:12 -0400

Changed in openssl (Ubuntu Utopic):
status:	Confirmed → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2014-06-12:

#5

This bug was fixed in the package openssl - 1.0.1-4ubuntu5.15

---------------
openssl (1.0.1-4ubuntu5.15) precise-security; urgency=medium

  * SECURITY UPDATE: regression with tls_session_secret_cb (LP: #1329297)
    - debian/patches/CVE-2014-0224.patch: set the CCS_OK flag when using
      tls_session_secret_cb for session resumption in ssl/s3_clnt.c.
-- Marc Deslauriers <email address hidden> Thu, 12 Jun 2014 08:30:56 -0400

Changed in openssl (Ubuntu Precise):
status:	Confirmed → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2014-06-12:

#6

This bug was fixed in the package openssl - 1.0.1e-3ubuntu1.5

---------------
openssl (1.0.1e-3ubuntu1.5) saucy-security; urgency=medium

  * SECURITY UPDATE: regression with tls_session_secret_cb (LP: #1329297)
    - debian/patches/CVE-2014-0224.patch: set the CCS_OK flag when using
      tls_session_secret_cb for session resumption in ssl/s3_clnt.c.
-- Marc Deslauriers <email address hidden> Thu, 12 Jun 2014 08:30:03 -0400

Changed in openssl (Ubuntu Saucy):
status:	Confirmed → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2014-06-12:

#7

This bug was fixed in the package openssl - 1.0.1f-1ubuntu2.3

---------------
openssl (1.0.1f-1ubuntu2.3) trusty-security; urgency=medium

  * SECURITY UPDATE: regression with tls_session_secret_cb (LP: #1329297)
    - debian/patches/CVE-2014-0224.patch: set the CCS_OK flag when using
      tls_session_secret_cb for session resumption in ssl/s3_clnt.c.
-- Marc Deslauriers <email address hidden> Thu, 12 Jun 2014 08:29:16 -0400

Changed in openssl (Ubuntu Trusty):
status:	Confirmed → Fix Released

Revision history for this message

Jouni Malinen (jkmaline) wrote on 2014-06-12:

#8

Thanks! Would not have believed this could get released so quickly :-)

Revision history for this message

Robert E. (resans) wrote on 2014-06-17:

#9

Hi,

I'm not sure if this is the correct forum for this question, but this issue seems to have been posted as a security problem ("USN-2232-2: OpenSSL regression"). It looks like this is just a functional issue. Can anyone clarify if this is a security issue, and if so, what the implications are?

Thanks

Revision history for this message

Marc Deslauriers (mdeslaur) wrote on 2014-06-17:

#10

USN-2232-1 is a security fix
USN-2232-2 is a regression fix for USN-2232-1 that has no security impact

Revision history for this message

Jouni Malinen (jkmaline) wrote on 2014-06-17:

#11

I agree with this not being an independent security issue. There is a (mostly theoretical) potential security impact based on how applications or users react to the case where session ticket unexpectedly cannot be used. That could, at least in theory, result in trying the authentication handshake again with reduced security (e.g., EAP-FAST anonymous provisioning) even when there would be a valid session ticket still available. I don't think this would really result in practical security issues, i.e., the impact is in previously working functionality not working anymore and connections not being established. That said, it is useful to get this regression addressed in a way that makes it more likely for devices to get the update since the regression was caused by a high priority security fix that was likely applied to most devices immediately.

Revision history for this message

Robert E. (resans) wrote on 2014-06-18:

#12

Thanks for the replies and clarification. That helps!

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Bug attachments

Add attachment

Remote bug watches

Bug watches keep track of this bug in other bug trackers.