Bug 1217277 (CVE-2023-5981)

Summary:	VUL-0: CVE-2023-5981: gnutls: side channel attack in RSA-PSK
Product:	[Novell Products] SUSE Security Incidents	Reporter:	SMASH SMASH <smash_bz>
Component:	Incidents	Assignee:	Pedro Monreal Gonzalez <pmonrealgonzalez>
Status:	IN_PROGRESS ---	QA Contact:	Security Team bot <security-team>
Severity:	Major
Priority:	P3 - Medium	CC:	meissner, otto.hollmann, pmonrealgonzalez
Version:	unspecified
Target Milestone:	---
Hardware:	Other
OS:	Other
URL:	https://smash.suse.de/issue/385552/
Whiteboard:	CVSSv3.1:SUSE:CVE-2023-5981:5.9:(AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
Found By:	Security Response Team	Services Priority:
Business Priority:		Blocker:	---
Marketing QA Status:	---	IT Deployment:	---

Description SMASH SMASH 2023-11-17 10:28:45 UTC

https://gitlab.com/gnutls/gnutls/-/commit/bc09ff9e5167586bbd6998591feef29973ea0ba1

* Version 3.8.2 (released 2023-11-14)

** libgnutls: Fix timing side-channel inside RSA-PSK key exchange.
   [GNUTLS-SA-2023-10-23, CVSS: medium] [CVE-2023-5981]

Comment 1 Marcus Meissner 2023-11-17 10:29:20 UTC

https://gnutls.org/security-new.html#GNUTLS-SA-2023-10-23

A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding. Only TLS ciphertext processing is affected. The issue was reported in the issue tracker as #1511.

Comment 2 Marcus Meissner 2023-11-17 10:31:11 UTC

https://gitlab.com/gnutls/gnutls/-/commit/29d6298d0b04cfff970b993915db71ba3f580b6d

Comment 3 Pedro Monreal Gonzalez 2023-11-17 11:46:11 UTC

Factory submission: https://build.opensuse.org/request/show/1127286

Comment 5 Maintenance Automation 2023-12-21 16:30:08 UTC

SUSE-SU-2023:4952-1: An update that solves two vulnerabilities can now be installed.

Category: security (moderate)
Bug References: 1208143, 1217277
CVE References: CVE-2023-0361, CVE-2023-5981
Sources used:
SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (src): gnutls-3.6.7-150000.6.50.1
SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (src): gnutls-3.6.7-150000.6.50.1
SUSE Linux Enterprise Server for SAP Applications 15 SP1 (src): gnutls-3.6.7-150000.6.50.1
SUSE CaaS Platform 4.0 (src): gnutls-3.6.7-150000.6.50.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 6 Maintenance Automation 2023-12-28 16:30:07 UTC

SUSE-SU-2023:4986-1: An update that solves one vulnerability can now be installed.

Category: security (moderate)
Bug References: 1217277
CVE References: CVE-2023-5981
Sources used:
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): gnutls-3.6.7-150200.14.28.1
SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (src): gnutls-3.6.7-150200.14.28.1
SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): gnutls-3.6.7-150200.14.28.1
SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): gnutls-3.6.7-150200.14.28.1
SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): gnutls-3.6.7-150200.14.28.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): gnutls-3.6.7-150200.14.28.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): gnutls-3.6.7-150200.14.28.1
SUSE Enterprise Storage 7.1 (src): gnutls-3.6.7-150200.14.28.1
SUSE Linux Enterprise Micro 5.1 (src): gnutls-3.6.7-150200.14.28.1
SUSE Linux Enterprise Micro 5.2 (src): gnutls-3.6.7-150200.14.28.1
SUSE Linux Enterprise Micro for Rancher 5.2 (src): gnutls-3.6.7-150200.14.28.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 7 Maintenance Automation 2023-12-28 16:30:13 UTC

SUSE-SU-2023:4983-1: An update that solves one vulnerability can now be installed.

Category: security (moderate)
Bug References: 1217277
CVE References: CVE-2023-5981
Sources used:
openSUSE Leap 15.4 (src): gnutls-3.7.3-150400.4.38.1
openSUSE Leap Micro 5.4 (src): gnutls-3.7.3-150400.4.38.1
openSUSE Leap 15.5 (src): gnutls-3.7.3-150400.4.38.1
SUSE Linux Enterprise Micro for Rancher 5.4 (src): gnutls-3.7.3-150400.4.38.1
SUSE Linux Enterprise Micro 5.4 (src): gnutls-3.7.3-150400.4.38.1
SUSE Linux Enterprise Micro 5.5 (src): gnutls-3.7.3-150400.4.38.1
Basesystem Module 15-SP4 (src): gnutls-3.7.3-150400.4.38.1
Basesystem Module 15-SP5 (src): gnutls-3.7.3-150400.4.38.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 12 Pedro Monreal Gonzalez 2024-02-21 08:45:46 UTC

To fix this potential side channel attack in older versions, we need to back port the function gnutls_privkey_decrypt_data2(), which was added in gnutls version 3.6.5, see [0]. This function requires also a libnettle that implements the function nettle_rsa_sec_decrypt() that was introduced in libnettle 3.4.1, see [1].

None of these functions are implemented in codestreams older than SLE-15 so a complete fix for SLE-12* codestreams would need to include several functions in both gnutls and libnettle.

Please, let me know if we want to do that in SLE-12-SP5 (gnutls 3.4.17 and libnettle 3.1) or if we opt for a wontfix here.

TIA

[0] https://gitlab.com/gnutls/gnutls/-/commit/4804febd
[1] https://gitlab.com/gnutls/nettle/-/commit/bfda54ee

Comment 13 Marcus Meissner 2024-02-22 08:55:50 UTC

The patchsize seems managable, so I would try for a backport of this new functionality.

Comment 14 Pedro Monreal Gonzalez 2024-04-05 14:12:41 UTC

(In reply to Marcus Meissner from comment #13)
> The patchsize seems managable, so I would try for a backport of this new
> functionality.

The required code changes in gnutls also require the side-channel functionality to be backported in nettle and gmp from newer version. I tried to list the minimal changes but I lost track of the large amount of changes. I could try adding the functionality to gnutls, nettle and gmp but that would require a lot of time/work. Those versions do not have much of the required side-channel protections.

Please, advise here. TIA

Comment 16 Maintenance Automation 2024-04-09 20:30:12 UTC

SUSE-SU-2024:1179-1: An update that solves four vulnerabilities, contains one feature and has eight security fixes can now be installed.

Category: security (important)
Bug References: 1202146, 1203299, 1203779, 1207183, 1207346, 1208143, 1208146, 1208237, 1209001, 1217277, 1218862, 1218865
CVE References: CVE-2023-0361, CVE-2023-5981, CVE-2024-0553, CVE-2024-0567
Jira References: PED-1562
Maintenance Incident: [SUSE:Maintenance:33235](https://smelt.suse.de/incident/33235/)
Sources used:
SUSE Linux Enterprise Micro for Rancher 5.3 (src):
 gnutls-3.7.3-150400.1.3.1
SUSE Linux Enterprise Micro 5.3 (src):
 gnutls-3.7.3-150400.1.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.