Bug 959888

Summary: VUL-0: CVE-2015-7575: mozilla-nss: TLS 1.2 RSA-MD5 downgrade attack (SLOTH)
Product: [Novell Products] SUSE Security Incidents Reporter: Marcus Meissner <meissner>
Component: IncidentsAssignee: Petr Cerny <pcerny>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: astieger, jsegitz, pcerny, smash_bz, wolfgang
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard: CVSSv2:SUSE:CVE-2015-7575:4.3:(AV:N/AC:M/Au:N/C:P/I:N/A:N) maint:released:sle10-sp3:62400 maint:running:62384:moderate
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Bug Depends on:    
Bug Blocks: 960996    
Deadline: 2016-01-06   
Attachments: CVE-2015-7575.patch

Comment 1 Swamp Workflow Management 2015-12-21 23:00:14 UTC 
bugbot adjusting priority
Comment 2 Andreas Stieger 2015-12-23 10:28:53 UTC 
Created attachment 660286 [details]
CVE-2015-7575.patch
Comment 4 Andreas Stieger 2015-12-23 10:33:30 UTC 
On openSUSE, affects all releases (3.20.1), target version is 3.20.2.
Comment 5 SMASH SMASH 2015-12-23 10:51:34 UTC 
An update workflow for this issue was started.

This issue was rated as "moderate".
Please submit fixed packages until "Jan. 6, 2016".

When done, reassign the bug to "security-team@suse.de".
/update/121199/.
Comment 6 SMASH SMASH 2015-12-23 10:52:57 UTC 
An update workflow for this issue was started.

This issue was rated as "moderate".
Please submit fixed packages until "Jan. 6, 2016".

When done, reassign the bug to "security-team@suse.de".
/update/121200/.
Comment 7 SMASH SMASH 2015-12-23 10:55:00 UTC 
An update workflow for this issue was started.

This issue was rated as "moderate".
Please submit fixed packages until "Jan. 6, 2016".

When done, reassign the bug to "security-team@suse.de".
/update/121201/.
Comment 8 Swamp Workflow Management 2015-12-23 10:55:45 UTC 
An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2016-01-06.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/62383
Comment 9 Swamp Workflow Management 2015-12-23 10:56:02 UTC 
An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2016-01-06.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/62384
Comment 10 Bernhard Wiedemann 2015-12-23 13:00:17 UTC 
This is an autogenerated message for OBS integration:
This bug (959888) was mentioned in
https://build.opensuse.org/request/show/350520 Factory / mozilla-nss
Comment 11 Wolfgang Rosenauer 2015-12-26 07:23:17 UTC 
I think this has been published now:
https://www.mozilla.org/en-US/security/advisories/mfsa2015-150/
Comment 12 Bernhard Wiedemann 2015-12-26 08:00:25 UTC 
This is an autogenerated message for OBS integration:
This bug (959888) was mentioned in
https://build.opensuse.org/request/show/350831 42.1 / mozilla-nss
https://build.opensuse.org/request/show/350832 13.2 / mozilla-nss
https://build.opensuse.org/request/show/350833 13.1 / mozilla-nss
Comment 13 Andreas Stieger 2015-12-26 09:30:17 UTC 
Security researcher Karthikeyan Bhargavan reported an issue in Network Security Services (NSS) where MD5 signatures in the server signature within the TLS 1.2 ServerKeyExchange message are still accepted. This is an issue since NSS has officially disallowed the accepting MD5 as a hash algorithm in signatures since 2011. This issues exposes NSS based clients such as Firefox to theoretical collision-based forgery attacks. This issue was fixed in NSS version 3.20.2. 

https://bugzilla.mozilla.org/show_bug.cgi?id=1158489
Comment 15 Andreas Stieger 2015-12-26 12:05:16 UTC 
While the MFSA has been retracted, it's text/subject and CVE number can be considered public (e.g. through Google cache). Also the upstream code release is released. We will handle accordingly in both SLE and openSUSE where we decide to release the full upstream version.
Comment 19 Swamp Workflow Management 2015-12-31 18:13:42 UTC 
openSUSE-SU-2015:2405-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 959888
CVE References: CVE-2015-7575
Sources used:
openSUSE Leap 42.1 (src):    mozilla-nss-3.20.2-6.1
openSUSE 13.2 (src):    mozilla-nss-3.20.2-22.1
openSUSE 13.1 (src):    mozilla-nss-3.20.2-65.1
Comment 20 Swamp Workflow Management 2016-01-03 21:49:16 UTC 
openSUSE-SU-2016:0007-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 959888
CVE References: CVE-2015-7575
Sources used:
openSUSE Leap 42.1 (src):    MozillaFirefox-43.0.3-9.2
openSUSE 13.2 (src):    MozillaFirefox-43.0.3-56.1
openSUSE 13.1 (src):    MozillaFirefox-43.0.3-100.1
Comment 21 Andreas Stieger 2016-01-06 17:33:19 UTC 
http://www.mitls.org/pages/attacks/SLOTH
SLOTH - Security Losses from Obsolete and Truncated Transcript Hashes

Technical Paper: Transcript Collision Attacks: Breaking Authentication in TLS, IKE, and SSH, Karthikeyan Bhargavan and Gaetan Leurent, Network and Distributed System Security Symposium (NDSS 2016)
http://www.mitls.org/downloads/transcript-collisions.pdf

CVE-2015-7575 "assigned protocol level CVE"
Comment 22 Johannes Segitz 2016-01-07 13:32:25 UTC 
Removed alias to use it on tracker bug for SLOTH
Comment 23 Swamp Workflow Management 2016-01-18 13:12:32 UTC 
SUSE-SU-2016:0149-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 959888
CVE References: CVE-2015-7575
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    mozilla-nss-3.19.2.2-32.1
SUSE Linux Enterprise Software Development Kit 12 (src):    mozilla-nss-3.19.2.2-32.1
SUSE Linux Enterprise Server 12-SP1 (src):    mozilla-nss-3.19.2.2-32.1
SUSE Linux Enterprise Server 12 (src):    mozilla-nss-3.19.2.2-32.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    mozilla-nss-3.19.2.2-32.1
SUSE Linux Enterprise Desktop 12 (src):    mozilla-nss-3.19.2.2-32.1
Comment 24 Swamp Workflow Management 2016-01-21 16:14:08 UTC 
SUSE-SU-2016:0189-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 959888
CVE References: CVE-2015-7575
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    mozilla-nss-3.19.2.2-22.1
SUSE Linux Enterprise Software Development Kit 11-SP3 (src):    mozilla-nss-3.19.2.2-22.1
SUSE Linux Enterprise Server for VMWare 11-SP3 (src):    mozilla-nss-3.19.2.2-22.1
SUSE Linux Enterprise Server 11-SP4 (src):    mozilla-nss-3.19.2.2-22.1
SUSE Linux Enterprise Server 11-SP3 (src):    mozilla-nss-3.19.2.2-22.1
SUSE Linux Enterprise Desktop 11-SP4 (src):    mozilla-nss-3.19.2.2-22.1
SUSE Linux Enterprise Desktop 11-SP3 (src):    mozilla-nss-3.19.2.2-22.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    mozilla-nss-3.19.2.2-22.1
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    mozilla-nss-3.19.2.2-22.1
Comment 25 Andreas Stieger 2016-01-21 16:19:25 UTC 
All done
Comment 26 Swamp Workflow Management 2016-02-25 19:13:30 UTC 
SUSE-SU-2016:0584-1: An update that solves 5 vulnerabilities and has two fixes is now available.

Category: security (moderate)
Bug References: 954447,959888,963520,963632,963635,963731,967087
CVE References: CVE-2015-7575,CVE-2016-1523,CVE-2016-1930,CVE-2016-1935,CVE-2016-1938
Sources used:
SUSE Linux Enterprise Server 11-SP2-LTSS (src):    MozillaFirefox-38.6.1esr-33.1, MozillaFirefox-branding-SLED-38-15.58, mozilla-nss-3.20.2-17.5
SUSE Linux Enterprise Debuginfo 11-SP2 (src):    MozillaFirefox-38.6.1esr-33.1, mozilla-nss-3.20.2-17.5