Bug 912296 (CVE-2014-3570)

Summary: VUL-0: CVE-2014-3570: openssl: Bignum squaring may produce incorrect results
Product: [Novell Products] SUSE Security Incidents Reporter: Marcus Meissner <meissner>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: vcizek
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard: maint:running:60183:moderate maint:released:sle10-sp3-manager:60259 maint:released:sle10-sp4:60258 maint:released:sle11-sp2:60186 maint:released:sle11-sp1:60185 maint:released:sle10-sp3:60344 maint:released:sle11-sp3:60187 maint:released:sle11-sp3:60193 maint:released:sle10-sp4:60346 maint:released:sle11-sp1:60343 maint:running:61113:important maint:released:sle11-sp2:61230
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Marcus Meissner 2015-01-08 15:48:48 UTC
commit e078642ddea29bbb6ba29788a6a513796387fbbb
Author: Andy Polyakov <appro@openssl.org>
Date:   Mon Jan 5 14:52:56 2015 +0100

    Fix for CVE-2014-3570.
    
    Reviewed-by: Emilia Kasper <emilia@openssl.org>
    (cherry picked from commit e793809ba50c1e90ab592fb640a856168e50f3de)
    (with 1.0.1-specific addendum)

(something with bignums, commit e793809ba50c1e90ab592fb640a856168e50f3de is not yet in repo.)
Comment 1 Marcus Meissner 2015-01-08 15:52:59 UTC
0.9.8 has

commit 4b4c0a19211bf73d81de52de697a1a9dc60aed82
Author: Andy Polyakov <appro@openssl.org>
Date:   Mon Jan 5 14:52:56 2015 +0100

    Fix for CVE-2014-3570.
    
    Reviewed-by: Emilia Kasper <emilia@openssl.org>
    (cherry picked from commit e793809ba50c1e90ab592fb640a856168e50f3de)
Comment 2 Marcus Meissner 2015-01-08 16:04:50 UTC
http://openssl.org/news/secadv_20150108.txt


Bignum squaring may produce incorrect results (CVE-2014-3570)
=============================================================

Severity: Low

Bignum squaring (BN_sqr) may produce incorrect results on some
platforms, including x86_64. This bug occurs at random with a very
low probability, and is not known to be exploitable in any way, though
its exact impact is difficult to determine. The following has been
determined:

*) The probability of BN_sqr producing an incorrect result at random
is very low: 1/2^64 on the single affected 32-bit platform (MIPS) and
1/2^128 on affected 64-bit platforms.
*) On most platforms, RSA follows a different code path and RSA
operations are not affected at all. For the remaining platforms
(e.g. OpenSSL built without assembly support), pre-existing
countermeasures thwart bug attacks [1].
*) Static ECDH is theoretically affected: it is possible to construct
elliptic curve points that would falsely appear to be on the given
curve. However, there is no known computationally feasible way to
construct such points with low order, and so the security of static
ECDH private keys is believed to be unaffected.
*) Other routines known to be theoretically affected are modular
exponentiation, primality testing, DSA, RSA blinding, JPAKE and
SRP. No exploits are known and straightforward bug attacks fail -
either the attacker cannot control when the bug triggers, or no
private key material is involved.

This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.

OpenSSL 1.0.1 users should upgrade to 1.0.1k.
OpenSSL 1.0.0 users should upgrade to 1.0.0p.
OpenSSL 0.9.8 users should upgrade to 0.9.8zd.

This issue was reported to OpenSSL on 2nd November 2014 by Pieter Wuille
(Blockstream) who also suggested an initial fix. Further analysis was
conducted by the OpenSSL development team and Adam Langley of
Google. The final fix was developed by Andy Polyakov of the OpenSSL
core team.

[1] http://css.csail.mit.edu/6.858/2013/readings/rsa-bug-attacks.pdf
Comment 3 Swamp Workflow Management 2015-01-08 23:01:16 UTC
bugbot adjusting priority
Comment 4 Bernhard Wiedemann 2015-01-09 12:00:32 UTC
This is an autogenerated message for OBS integration:
This bug (912296) was mentioned in
https://build.opensuse.org/request/show/280570 Factory / openssl
Comment 13 Swamp Workflow Management 2015-01-23 19:06:24 UTC
openSUSE-SU-2015:0130-1: An update that fixes 8 vulnerabilities is now available.

Category: security (important)
Bug References: 911399,912014,912015,912018,912292,912293,912294,912296
CVE References: CVE-2014-3569,CVE-2014-3570,CVE-2014-3571,CVE-2014-3572,CVE-2014-8275,CVE-2015-0204,CVE-2015-0205,CVE-2015-0206
Sources used:
openSUSE 13.2 (src):    openssl-1.0.1k-2.16.2
openSUSE 13.1 (src):    openssl-1.0.1k-11.64.2
Comment 15 Swamp Workflow Management 2015-01-29 00:07:21 UTC
SUSE-SU-2015:0166-1: An update that solves 6 vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 912014,912015,912018,912292,912293,912294,912296
CVE References: CVE-2014-3570,CVE-2014-3571,CVE-2014-3572,CVE-2014-8275,CVE-2015-0204,CVE-2015-0205
Sources used:
SLE CLIENT TOOLS 10 for x86_64 (src):    openssl-0.9.8a-18.88.1
SLE CLIENT TOOLS 10 for s390x (src):    openssl-0.9.8a-18.88.1
SLE CLIENT TOOLS 10 (src):    openssl-0.9.8a-18.88.1
Comment 16 Swamp Workflow Management 2015-01-29 06:06:29 UTC
SUSE-SU-2015:0172-1: An update that fixes 6 vulnerabilities is now available.

Category: security (moderate)
Bug References: 912014,912015,912018,912293,912294,912296
CVE References: CVE-2014-3570,CVE-2014-3571,CVE-2014-3572,CVE-2014-8275,CVE-2015-0204,CVE-2015-0205
Sources used:
SUSE Studio Onsite 1.3 (src):    openssl-0.9.8j-0.68.1
SUSE Manager 1.7 for SLE 11 SP2 (src):    openssl-0.9.8j-0.68.1
SUSE Linux Enterprise Server 10 SP4 LTSS (src):    openssl-0.9.8a-18.88.1
Comment 17 Swamp Workflow Management 2015-01-31 02:06:50 UTC
SUSE-SU-2015:0172-2: An update that fixes 6 vulnerabilities is now available.

Category: security (moderate)
Bug References: 912014,912015,912018,912293,912294,912296
CVE References: CVE-2014-3570,CVE-2014-3571,CVE-2014-3572,CVE-2014-8275,CVE-2015-0204,CVE-2015-0205
Sources used:
SUSE Linux Enterprise Software Development Kit 11 SP3 (src):    openssl-0.9.8j-0.68.1
SUSE Linux Enterprise Server 11 SP3 for VMware (src):    openssl-0.9.8j-0.68.1
SUSE Linux Enterprise Server 11 SP3 (src):    openssl-0.9.8j-0.68.1
SUSE Linux Enterprise Server 11 SP2 LTSS (src):    openssl-0.9.8j-0.68.1
SUSE Linux Enterprise Server 11 SP1 LTSS (src):    openssl-0.9.8j-0.68.1
SUSE Linux Enterprise Desktop 11 SP3 (src):    openssl-0.9.8j-0.68.1
Comment 18 Swamp Workflow Management 2015-01-31 05:07:14 UTC
SUSE-SU-2015:0181-1: An update that solves 7 vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 906878,912014,912015,912018,912292,912293,912294,912296
CVE References: CVE-2014-3570,CVE-2014-3571,CVE-2014-3572,CVE-2014-8275,CVE-2015-0204,CVE-2015-0205,CVE-2015-0206
Sources used:
SUSE Linux Enterprise Security Module 11 SP3 (src):    openssl1-1.0.1g-0.24.1
Comment 19 Swamp Workflow Management 2015-01-31 06:06:40 UTC
SUSE-SU-2015:0182-1: An update that fixes 5 vulnerabilities is now available.

Category: security (moderate)
Bug References: 912014,912015,912018,912293,912296
CVE References: CVE-2014-3570,CVE-2014-3572,CVE-2014-8275,CVE-2015-0204,CVE-2015-0205
Sources used:
SUSE Linux Enterprise Server 10 SP4 LTSS (src):    compat-openssl097g-0.9.7g-13.27.1
SUSE Linux Enterprise Desktop 11 SP3 (src):    compat-openssl097g-0.9.7g-146.22.27.1
SLES for SAP Applications (src):    compat-openssl097g-0.9.7g-146.22.27.1
Comment 20 Marcus Meissner 2015-02-03 16:38:09 UTC
released
Comment 21 Swamp Workflow Management 2015-02-03 17:12:04 UTC
SUSE-SU-2015:0205-1: An update that solves 7 vulnerabilities and has 6 fixes is now available.

Category: security (moderate)
Bug References: 855676,895129,901902,906878,908362,908372,912014,912015,912018,912292,912293,912294,912296
CVE References: CVE-2014-3570,CVE-2014-3571,CVE-2014-3572,CVE-2014-8275,CVE-2015-0204,CVE-2015-0205,CVE-2015-0206
Sources used:
SUSE Linux Enterprise Software Development Kit 12 (src):    openssl-1.0.1i-17.1
SUSE Linux Enterprise Server 12 (src):    openssl-1.0.1i-17.1
SUSE Linux Enterprise Desktop 12 (src):    openssl-1.0.1i-17.1
Comment 22 Swamp Workflow Management 2015-02-17 15:06:40 UTC
SUSE-SU-2015:0305-1: An update that fixes 7 vulnerabilities is now available.

Category: security (moderate)
Bug References: 892403,912014,912015,912018,912293,912294,912296
CVE References: CVE-2014-0224,CVE-2014-3570,CVE-2014-3571,CVE-2014-3572,CVE-2014-8275,CVE-2015-0204,CVE-2015-0205
Sources used:
SUSE Linux Enterprise Module for Legacy Software 12 (src):    compat-openssl098-0.9.8j-70.2
SUSE Linux Enterprise Desktop 12 (src):    compat-openssl098-0.9.8j-70.2
Comment 23 Swamp Workflow Management 2015-02-23 18:06:08 UTC
SUSE-SU-2015:0182-2: An update that fixes 5 vulnerabilities is now available.

Category: security (moderate)
Bug References: 912014,912015,912018,912293,912296
CVE References: CVE-2014-3570,CVE-2014-3572,CVE-2014-8275,CVE-2015-0204,CVE-2015-0205
Sources used:
SUSE Linux Enterprise for SAP Applications 11 SP1 (src):    compat-openssl097g-0.9.7g-146.22.27.1
Comment 24 Swamp Workflow Management 2015-03-23 23:07:20 UTC
SUSE-SU-2015:0578-1: An update that contains security fixes can now be installed.

Category: security (important)
Bug References: 802184,880891,890764,901223,901277,905106,912014,912015,912018,912293,912296,920236,922488,922496,922499,922500,922501
CVE References: 
Sources used:
SUSE Linux Enterprise for SAP Applications 11 SP2 (src):    compat-openssl097g-0.9.7g-146.22.29.1
Comment 25 Swamp Workflow Management 2015-07-22 13:08:37 UTC
openSUSE-SU-2015:1277-1: An update that solves 16 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 912015,912018,912292,912293,912296,919648,920236,922496,922499,922500,931600,934487,934489,934491,934493,934494,937891
CVE References: CVE-2014-3570,CVE-2014-3572,CVE-2014-8176,CVE-2014-8275,CVE-2015-0205,CVE-2015-0206,CVE-2015-0209,CVE-2015-0286,CVE-2015-0287,CVE-2015-0288,CVE-2015-0289,CVE-2015-1788,CVE-2015-1789,CVE-2015-1790,CVE-2015-1792,CVE-2015-4000
Sources used:
openSUSE 13.2 (src):    libressl-2.2.1-2.3.1
Comment 27 Swamp Workflow Management 2022-02-16 21:17:10 UTC
SUSE-FU-2022:0445-1: An update that solves 183 vulnerabilities, contains 21 features and has 299 fixes is now available.

Category: feature (moderate)
Bug References: 1000080,1000117,1000194,1000677,1000742,1001148,1001912,1002585,1002895,1003091,1005246,1009528,1010874,1010966,1011936,1015549,1019637,1021641,1022085,1022086,1022271,1027079,1027610,1027688,1027705,1027908,1028281,1028723,1029523,1029902,1030038,1032118,1032119,1035604,1039469,1040164,1040256,1041090,1042392,1042670,1044095,1044107,1044175,1049186,1049304,1050653,1050665,1055478,1055542,1055825,1056058,1056951,1057496,1062237,1065363,1066242,1066873,1068790,1070737,1070738,1070853,1071905,1071906,1071941,1073310,1073845,1073879,1074247,1076519,1077096,1077230,1078329,1079761,1080301,1081005,1081750,1081751,1082155,1082163,1082318,1083826,1084117,1084157,1085276,1085529,1085661,1087102,1087104,1088573,1089039,1090427,1090765,1090953,1093518,1093917,1094788,1094814,1094883,1095267,1096738,1096937,1097158,1097531,1097624,1098535,1098592,1099308,1099569,1100078,1101246,1101470,1102868,1104789,1106197,1108508,1109882,1109998,1110435,1110869,1110871,1111493,1111622,1111657,1112209,1112357,1113534,1113652,1113742,1113975,1115769,1117951,1118611,1119376,1119416,1119792,1121717,1121852,1122191,1123064,1123185,1123186,1123558,1124885,1125815,1126283,1126318,1127080,1127173,1128146,1128323,1128355,1129071,1129566,1130840,1131291,1132174,1132323,1132455,1132663,1132900,1135009,1136444,1138666,1138715,1138746,1139915,1140255,1141168,1142899,1143033,1143454,1143893,1144506,1149686,1149792,1150003,1150190,1150250,1150895,1153830,1155815,1156677,1156694,1156908,1157104,1157354,1158809,1159235,1159538,1160163,1161557,1161770,1162224,1162367,1162743,1163978,1164310,1165439,1165578,1165730,1165823,1165960,1166139,1166758,1167008,1167501,1167732,1167746,1168480,1168973,1169489,1170175,1170863,1171368,1171561,1172226,1172908,1172928,1173226,1173356,1174009,1174091,1174514,1175729,1176116,1176129,1176134,1176232,1176256,1176257,1176258,1176259,1176262,1176389,1176785,1176977,1177120,1177127,1177559,1178168,1178341,1178670,1179491,1179562,1179630,1179805,1180125,1180781,1181126,1181324,1181944,1182066,1182211,1182244,1182264,1182331,1182333,1182379,1182963,1183059,1183374,1183858,1184505,1185588,1185706,1185748,1186738,1187045,1189521,1190781,1193357,356549,381844,394317,408865,428177,430141,431945,437293,442740,459468,489641,504687,509031,526319,590833,610223,610642,629905,637176,651003,657698,658604,670526,673071,693027,715423,720601,743787,747125,748738,749210,749213,749735,750618,751718,751946,751977,754447,754677,761500,774710,784670,784994,787526,793420,799119,802184,803004,809831,811890,822642,825221,828513,831629,832833,834601,835687,839107,84331,849377,855666,855676,856687,857203,857850,858239,867887,869945,871152,872299,873351,876282,876710,876712,876748,880891,885662,885882,889013,889363,892477,892480,895129,898917,901223,901277,901902,902364,906878,907584,908362,908372,912014,912015,912018,912292,912293,912294,912296,912460,913229,915479,917607,917759,917815,919648,920236,922448,922488,922496,922499,922500,926597,929678,929736,930189,931698,931978,933898,933911,934487,934489,934491,934493,935856,937085,937212,937492,937634,937912,939456,940608,942385,942751,943421,944204,945455,946648,947104,947357,947679,948198,952871,954256,954486,954690,957812,957813,957815,958501,961334,962291,963415,963974,964204,964472,964474,965830,967128,968046,968047,968048,968050,968265,968270,968374,968601,975875,976942,977584,977614,977615,977616,977663,978224,981848,982268,982575,983249,984323,985054,988086,990207,990392,990419,990428,991193,991877,992120,992988,992989,992992,993130,993819,993825,993968,994749,994844,994910,995075,995324,995359,995377,995959,996255,997043,997614,998190,999665,999666,999668
CVE References: CVE-2006-2937,CVE-2006-2940,CVE-2006-3738,CVE-2006-4339,CVE-2006-4343,CVE-2006-7250,CVE-2007-3108,CVE-2007-4995,CVE-2007-5135,CVE-2008-0891,CVE-2008-1672,CVE-2008-5077,CVE-2009-0590,CVE-2009-0591,CVE-2009-0789,CVE-2009-1377,CVE-2009-1378,CVE-2009-1379,CVE-2009-1386,CVE-2009-1387,CVE-2010-0740,CVE-2010-0742,CVE-2010-1633,CVE-2010-2939,CVE-2010-3864,CVE-2010-5298,CVE-2011-0014,CVE-2011-3207,CVE-2011-3210,CVE-2011-3389,CVE-2011-4108,CVE-2011-4576,CVE-2011-4577,CVE-2011-4619,CVE-2011-4944,CVE-2012-0027,CVE-2012-0050,CVE-2012-0845,CVE-2012-0884,CVE-2012-1150,CVE-2012-1165,CVE-2012-2110,CVE-2012-2686,CVE-2012-4929,CVE-2013-0166,CVE-2013-0169,CVE-2013-1752,CVE-2013-4238,CVE-2013-4314,CVE-2013-4353,CVE-2013-6449,CVE-2013-6450,CVE-2014-0012,CVE-2014-0076,CVE-2014-0160,CVE-2014-0195,CVE-2014-0198,CVE-2014-0221,CVE-2014-0224,CVE-2014-1829,CVE-2014-1830,CVE-2014-2667,CVE-2014-3470,CVE-2014-3505,CVE-2014-3506,CVE-2014-3507,CVE-2014-3508,CVE-2014-3509,CVE-2014-3510,CVE-2014-3511,CVE-2014-3512,CVE-2014-3513,CVE-2014-3566,CVE-2014-3567,CVE-2014-3568,CVE-2014-3570,CVE-2014-3571,CVE-2014-3572,CVE-2014-4650,CVE-2014-5139,CVE-2014-7202,CVE-2014-7203,CVE-2014-8275,CVE-2014-9721,CVE-2015-0204,CVE-2015-0205,CVE-2015-0206,CVE-2015-0209,CVE-2015-0286,CVE-2015-0287,CVE-2015-0288,CVE-2015-0289,CVE-2015-0293,CVE-2015-1788,CVE-2015-1789,CVE-2015-1790,CVE-2015-1791,CVE-2015-1792,CVE-2015-2296,CVE-2015-3194,CVE-2015-3195,CVE-2015-3196,CVE-2015-3197,CVE-2015-3216,CVE-2015-4000,CVE-2016-0702,CVE-2016-0705,CVE-2016-0797,CVE-2016-0798,CVE-2016-0799,CVE-2016-0800,CVE-2016-10745,CVE-2016-2105,CVE-2016-2106,CVE-2016-2107,CVE-2016-2109,CVE-2016-2176,CVE-2016-2177,CVE-2016-2178,CVE-2016-2179,CVE-2016-2180,CVE-2016-2181,CVE-2016-2182,CVE-2016-2183,CVE-2016-6302,CVE-2016-6303,CVE-2016-6304,CVE-2016-6306,CVE-2016-7052,CVE-2016-7055,CVE-2016-9015,CVE-2017-18342,CVE-2017-3731,CVE-2017-3732,CVE-2017-3735,CVE-2017-3736,CVE-2017-3737,CVE-2017-3738,CVE-2018-0732,CVE-2018-0734,CVE-2018-0737,CVE-2018-0739,CVE-2018-18074,CVE-2018-20060,CVE-2018-5407,CVE-2018-7750,CVE-2019-10906,CVE-2019-11236,CVE-2019-11324,CVE-2019-13132,CVE-2019-1547,CVE-2019-1551,CVE-2019-1559,CVE-2019-1563,CVE-2019-20907,CVE-2019-20916,CVE-2019-5010,CVE-2019-6250,CVE-2019-8341,CVE-2019-9740,CVE-2019-9947,CVE-2020-14343,CVE-2020-15166,CVE-2020-15523,CVE-2020-15801,CVE-2020-1747,CVE-2020-1971,CVE-2020-25659,CVE-2020-26137,CVE-2020-27783,CVE-2020-28493,CVE-2020-29651,CVE-2020-36242,CVE-2020-8492,CVE-2021-23336,CVE-2021-23840,CVE-2021-23841,CVE-2021-28957,CVE-2021-29921,CVE-2021-3177,CVE-2021-33503,CVE-2021-3426,CVE-2021-3712
JIRA References: ECO-3105,SLE-11435,SLE-12684,SLE-12986,SLE-13688,SLE-14253,SLE-15159,SLE-15860,SLE-15861,SLE-16754,SLE-17532,SLE-17957,SLE-18260,SLE-18354,SLE-18446,SLE-19264,SLE-3887,SLE-4480,SLE-4577,SLE-7686,SLE-9135
Sources used:
SUSE Manager Tools 12-BETA (src):    venv-salt-minion-3002.2-3.3.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.