Bug 1078679 (CVE-2017-15698)

Summary: VUL-1: CVE-2017-15698: libtcnative-1-0: tomcat-native: Mishandling of client certificates can allow for OCSP check bypass
Product: [Novell Products] SUSE Security Incidents Reporter: Marcus Meissner <meissner>
Component: IncidentsAssignee: Matei Albu <malbu>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Minor    
Priority: P4 - Low CC: karol, malbu, smash_bz
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/199259/
Whiteboard: CVSSv3:SUSE:CVE-2017-15698:5.4:(AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Marcus Meissner 2018-02-01 06:08:14 UTC
rh#1540824

When parsing the AIA-Extension field of a client certificate, Apache Tomcat
Native Connector 1.2.0 to 1.2.14 and 1.1.23 to 1.1.34 did not correctly handle
fields longer than 127 bytes. The result of the parsing error was to skip the
OCSP check. It was therefore possible for client certificates that should have
been rejected (if the OCSP check had been made) to be accepted. Users not using
OCSP checks are not affected by this vulnerability.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1540824
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15698
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15698
https://lists.apache.org/thread.html/6eb0a53e5827d97db1a05c736d01101fec21202a5b8fc77bb0eaaed8@%3Cannounce.tomcat.apache.org%3E
Comment 5 Karol Babioch 2018-12-21 10:09:31 UTC
Another ping, since the running update is still stopped and waiting for this fix.
Comment 7 Swamp Workflow Management 2019-04-09 13:10:51 UTC
SUSE-SU-2019:14014-1: An update that fixes three vulnerabilities is now available.

Category: security (important)
Bug References: 1078679,1103347,1103348
CVE References: CVE-2017-15698,CVE-2018-8019,CVE-2018-8020
Sources used:
SUSE Linux Enterprise Server 11-SP4-LTSS (src):    libtcnative-1-0-1.3.4-12.5.5.2
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    libtcnative-1-0-1.3.4-12.5.5.2
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    libtcnative-1-0-1.3.4-12.5.5.2
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    libtcnative-1-0-1.3.4-12.5.5.2

*** NOTE: This information is not intended to be used for external
    communication, because this may only be a partial fix.
    If you have questions please reach out to maintenance coordination.
Comment 8 Marcus Meissner 2019-06-06 11:45:14 UTC
done