Bug 1087102 – VUL-0: CVE-2018-0739: openssl1,openssl,compat-openssl097g,compat-openssl098: Limit ASN.1 constructed types recursive definition depth

Bug 1087102 - (CVE-2018-0739) VUL-0: CVE-2018-0739: openssl1,openssl,compat-openssl097g,compat-openssl098: Limit ASN.1 constructed types recursive definition depth

(CVE-2018-0739)
Summary:	VUL-0: CVE-2018-0739: openssl1,openssl,compat-openssl097g,compat-openssl098: ...

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/202783/
Whiteboard:	CVSSv3:SUSE:CVE-2018-0732:5.3:(AV:N/...
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2018-03-27 14:10 UTC by Marcus Meissner
Modified:	2022-04-11 13:29 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marcus Meissner 2018-03-27 14:10:49 UTC

CVE-2018-0739


commit 9310d45087ae546e27e61ddf8f6367f29848220d                                                                                                                                              Author: Matt Caswell <matt@openssl.org>                                                                                                                                                      
Date:   Thu Mar 22 10:05:40 2018 +0000                                                                                                                                                       
                                                                                                                                                                                             
    Limit ASN.1 constructed types recursive definition depth                                                                                                                                 
                                                                                                                                                                                             
    Constructed types with a recursive definition (such as can be found in                                                                                                                   
    PKCS7) could eventually exceed the stack given malicious input with                                                                                                                      
    excessive recursion. Therefore we limit the stack depth.                                                                                                                                 
                                                                                                                                                                                             
    CVE-2018-0739                                                                                                                                                                            
                                                                                                                                                                                             
    Credit to OSSFuzz for finding this issue.                                                                                                                                                
                                                                                                                                                                                             
    Reviewed-by: Rich Salz <rsalz@openssl.org>                                                                                                                                               

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0739

Comment 1 Marcus Meissner 2018-03-27 14:12:55 UTC

https://www.openssl.org/news/secadv/20180327.txt


Constructed ASN.1 types with a recursive definition could exceed the stack (CVE-2018-0739)
==========================================================================================

Severity: Moderate

Constructed ASN.1 types with a recursive definition (such as can be found in
PKCS7) could eventually exceed the stack given malicious input with
excessive recursion. This could result in a Denial Of Service attack. There are
no such structures used within SSL/TLS that come from untrusted sources so this
is considered safe.

OpenSSL 1.1.0 users should upgrade to 1.1.0h
OpenSSL 1.0.2 users should upgrade to 1.0.2o

This issue was reported to OpenSSL on 4th January 2018 by the OSS-fuzz project.
The fix was developed by Matt Caswell of the OpenSSL development team.

Comment 6 Vítězslav Čížek 2018-03-28 15:58:43 UTC

All submitted.

Comment 7 Swamp Workflow Management 2018-04-09 01:08:56 UTC

SUSE-SU-2018:0902-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1087102
CVE References: CVE-2018-0739
Sources used:
SUSE OpenStack Cloud 6 (src):    openssl-1.0.1i-54.11.1
SUSE Linux Enterprise Server for SAP 12-SP1 (src):    openssl-1.0.1i-54.11.1
SUSE Linux Enterprise Server 12-SP1-LTSS (src):    openssl-1.0.1i-54.11.1

Comment 8 Swamp Workflow Management 2018-04-10 01:07:29 UTC

SUSE-SU-2018:0905-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1087102
CVE References: CVE-2018-0739
Sources used:
SUSE Linux Enterprise Server 11-SECURITY (src):    openssl1-1.0.1g-0.58.9.1

Comment 9 Swamp Workflow Management 2018-04-10 01:08:00 UTC

SUSE-SU-2018:0906-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1087102
CVE References: CVE-2018-0739
Sources used:
SUSE Linux Enterprise Server 12-LTSS (src):    openssl-1.0.1i-27.31.1

Comment 10 Swamp Workflow Management 2018-04-11 19:08:36 UTC

SUSE-SU-2018:0925-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1087102
CVE References: CVE-2018-0739
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    openssl-1.0.2j-60.24.1
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    openssl-1.0.2j-60.24.1
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    openssl-1.0.2j-60.24.1
SUSE Linux Enterprise Server 12-SP3 (src):    openssl-1.0.2j-60.24.1
SUSE Linux Enterprise Server 12-SP2 (src):    openssl-1.0.2j-60.24.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    openssl-1.0.2j-60.24.1
SUSE Linux Enterprise Desktop 12-SP2 (src):    openssl-1.0.2j-60.24.1
SUSE CaaS Platform ALL (src):    openssl-1.0.2j-60.24.1
OpenStack Cloud Magnum Orchestration 7 (src):    openssl-1.0.2j-60.24.1

Comment 11 Swamp Workflow Management 2018-04-12 22:08:37 UTC

openSUSE-SU-2018:0936-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1087102
CVE References: CVE-2018-0739
Sources used:
openSUSE Leap 42.3 (src):    openssl-1.0.2j-19.1

Comment 12 Swamp Workflow Management 2018-04-18 10:14:28 UTC

SUSE-SU-2018:0975-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1087102
CVE References: CVE-2018-0739
Sources used:
SUSE Studio Onsite 1.3 (src):    openssl-0.9.8j-0.106.9.1
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    openssl-0.9.8j-0.106.9.1
SUSE Linux Enterprise Server 11-SP4 (src):    openssl-0.9.8j-0.106.9.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    openssl-0.9.8j-0.106.9.1

Comment 13 Swamp Workflow Management 2018-05-02 10:00:24 UTC

An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2018-05-16.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/64026

Comment 17 Swamp Workflow Management 2018-07-31 20:40:07 UTC

This is an autogenerated message for OBS integration:
This bug (1087102) was mentioned in
https://build.opensuse.org/request/show/626778 42.3 / mysql-community-server

Comment 18 Swamp Workflow Management 2018-08-10 01:13:52 UTC

openSUSE-SU-2018:2293-1: An update that fixes 8 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1087102,1088681,1101676,1101678,1101679,1101680,1103342,1103344
CVE References: CVE-2018-0739,CVE-2018-2767,CVE-2018-3058,CVE-2018-3062,CVE-2018-3064,CVE-2018-3066,CVE-2018-3070,CVE-2018-3081
Sources used:
openSUSE Leap 42.3 (src):    mysql-community-server-5.6.41-39.1

Comment 21 Swamp Workflow Management 2018-08-15 07:26:21 UTC

An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2018-08-29.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/64102

Comment 23 Swamp Workflow Management 2018-08-28 13:08:29 UTC

SUSE-SU-2018:2534-1: An update that solves two vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1065363,1087102,1097158
CVE References: CVE-2018-0732,CVE-2018-0739
Sources used:
SUSE Linux Enterprise Server for SAP 11-SP4 (src):    compat-openssl097g-0.9.7g-146.22.51.5.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    compat-openssl097g-0.9.7g-146.22.51.5.1

Comment 24 Swamp Workflow Management 2018-09-10 19:14:39 UTC

SUSE-SU-2018:2683-1: An update that solves three vulnerabilities and has two fixes is now available.

Category: security (moderate)
Bug References: 1087102,1089039,1097158,1097624,1098592
CVE References: CVE-2018-0732,CVE-2018-0737,CVE-2018-0739
Sources used:
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    compat-openssl098-0.9.8j-106.6.1
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    compat-openssl098-0.9.8j-106.6.1
SUSE Linux Enterprise Server for SAP 12-SP1 (src):    compat-openssl098-0.9.8j-106.6.1
SUSE Linux Enterprise Module for Legacy Software 12 (src):    compat-openssl098-0.9.8j-106.6.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    compat-openssl098-0.9.8j-106.6.1

Comment 25 Swamp Workflow Management 2018-09-12 10:09:53 UTC

openSUSE-SU-2018:2695-1: An update that solves three vulnerabilities and has two fixes is now available.

Category: security (moderate)
Bug References: 1087102,1089039,1097158,1097624,1098592
CVE References: CVE-2018-0732,CVE-2018-0737,CVE-2018-0739
Sources used:
openSUSE Leap 42.3 (src):    compat-openssl098-0.9.8j-24.1

Comment 30 Swamp Workflow Management 2022-02-16 20:52:30 UTC

SUSE-FU-2022:0445-1: An update that solves 183 vulnerabilities, contains 21 features and has 299 fixes is now available.

Category: feature (moderate)
Bug References: 1000080,1000117,1000194,1000677,1000742,1001148,1001912,1002585,1002895,1003091,1005246,1009528,1010874,1010966,1011936,1015549,1019637,1021641,1022085,1022086,1022271,1027079,1027610,1027688,1027705,1027908,1028281,1028723,1029523,1029902,1030038,1032118,1032119,1035604,1039469,1040164,1040256,1041090,1042392,1042670,1044095,1044107,1044175,1049186,1049304,1050653,1050665,1055478,1055542,1055825,1056058,1056951,1057496,1062237,1065363,1066242,1066873,1068790,1070737,1070738,1070853,1071905,1071906,1071941,1073310,1073845,1073879,1074247,1076519,1077096,1077230,1078329,1079761,1080301,1081005,1081750,1081751,1082155,1082163,1082318,1083826,1084117,1084157,1085276,1085529,1085661,1087102,1087104,1088573,1089039,1090427,1090765,1090953,1093518,1093917,1094788,1094814,1094883,1095267,1096738,1096937,1097158,1097531,1097624,1098535,1098592,1099308,1099569,1100078,1101246,1101470,1102868,1104789,1106197,1108508,1109882,1109998,1110435,1110869,1110871,1111493,1111622,1111657,1112209,1112357,1113534,1113652,1113742,1113975,1115769,1117951,1118611,1119376,1119416,1119792,1121717,1121852,1122191,1123064,1123185,1123186,1123558,1124885,1125815,1126283,1126318,1127080,1127173,1128146,1128323,1128355,1129071,1129566,1130840,1131291,1132174,1132323,1132455,1132663,1132900,1135009,1136444,1138666,1138715,1138746,1139915,1140255,1141168,1142899,1143033,1143454,1143893,1144506,1149686,1149792,1150003,1150190,1150250,1150895,1153830,1155815,1156677,1156694,1156908,1157104,1157354,1158809,1159235,1159538,1160163,1161557,1161770,1162224,1162367,1162743,1163978,1164310,1165439,1165578,1165730,1165823,1165960,1166139,1166758,1167008,1167501,1167732,1167746,1168480,1168973,1169489,1170175,1170863,1171368,1171561,1172226,1172908,1172928,1173226,1173356,1174009,1174091,1174514,1175729,1176116,1176129,1176134,1176232,1176256,1176257,1176258,1176259,1176262,1176389,1176785,1176977,1177120,1177127,1177559,1178168,1178341,1178670,1179491,1179562,1179630,1179805,1180125,1180781,1181126,1181324,1181944,1182066,1182211,1182244,1182264,1182331,1182333,1182379,1182963,1183059,1183374,1183858,1184505,1185588,1185706,1185748,1186738,1187045,1189521,1190781,1193357,356549,381844,394317,408865,428177,430141,431945,437293,442740,459468,489641,504687,509031,526319,590833,610223,610642,629905,637176,651003,657698,658604,670526,673071,693027,715423,720601,743787,747125,748738,749210,749213,749735,750618,751718,751946,751977,754447,754677,761500,774710,784670,784994,787526,793420,799119,802184,803004,809831,811890,822642,825221,828513,831629,832833,834601,835687,839107,84331,849377,855666,855676,856687,857203,857850,858239,867887,869945,871152,872299,873351,876282,876710,876712,876748,880891,885662,885882,889013,889363,892477,892480,895129,898917,901223,901277,901902,902364,906878,907584,908362,908372,912014,912015,912018,912292,912293,912294,912296,912460,913229,915479,917607,917759,917815,919648,920236,922448,922488,922496,922499,922500,926597,929678,929736,930189,931698,931978,933898,933911,934487,934489,934491,934493,935856,937085,937212,937492,937634,937912,939456,940608,942385,942751,943421,944204,945455,946648,947104,947357,947679,948198,952871,954256,954486,954690,957812,957813,957815,958501,961334,962291,963415,963974,964204,964472,964474,965830,967128,968046,968047,968048,968050,968265,968270,968374,968601,975875,976942,977584,977614,977615,977616,977663,978224,981848,982268,982575,983249,984323,985054,988086,990207,990392,990419,990428,991193,991877,992120,992988,992989,992992,993130,993819,993825,993968,994749,994844,994910,995075,995324,995359,995377,995959,996255,997043,997614,998190,999665,999666,999668
CVE References: CVE-2006-2937,CVE-2006-2940,CVE-2006-3738,CVE-2006-4339,CVE-2006-4343,CVE-2006-7250,CVE-2007-3108,CVE-2007-4995,CVE-2007-5135,CVE-2008-0891,CVE-2008-1672,CVE-2008-5077,CVE-2009-0590,CVE-2009-0591,CVE-2009-0789,CVE-2009-1377,CVE-2009-1378,CVE-2009-1379,CVE-2009-1386,CVE-2009-1387,CVE-2010-0740,CVE-2010-0742,CVE-2010-1633,CVE-2010-2939,CVE-2010-3864,CVE-2010-5298,CVE-2011-0014,CVE-2011-3207,CVE-2011-3210,CVE-2011-3389,CVE-2011-4108,CVE-2011-4576,CVE-2011-4577,CVE-2011-4619,CVE-2011-4944,CVE-2012-0027,CVE-2012-0050,CVE-2012-0845,CVE-2012-0884,CVE-2012-1150,CVE-2012-1165,CVE-2012-2110,CVE-2012-2686,CVE-2012-4929,CVE-2013-0166,CVE-2013-0169,CVE-2013-1752,CVE-2013-4238,CVE-2013-4314,CVE-2013-4353,CVE-2013-6449,CVE-2013-6450,CVE-2014-0012,CVE-2014-0076,CVE-2014-0160,CVE-2014-0195,CVE-2014-0198,CVE-2014-0221,CVE-2014-0224,CVE-2014-1829,CVE-2014-1830,CVE-2014-2667,CVE-2014-3470,CVE-2014-3505,CVE-2014-3506,CVE-2014-3507,CVE-2014-3508,CVE-2014-3509,CVE-2014-3510,CVE-2014-3511,CVE-2014-3512,CVE-2014-3513,CVE-2014-3566,CVE-2014-3567,CVE-2014-3568,CVE-2014-3570,CVE-2014-3571,CVE-2014-3572,CVE-2014-4650,CVE-2014-5139,CVE-2014-7202,CVE-2014-7203,CVE-2014-8275,CVE-2014-9721,CVE-2015-0204,CVE-2015-0205,CVE-2015-0206,CVE-2015-0209,CVE-2015-0286,CVE-2015-0287,CVE-2015-0288,CVE-2015-0289,CVE-2015-0293,CVE-2015-1788,CVE-2015-1789,CVE-2015-1790,CVE-2015-1791,CVE-2015-1792,CVE-2015-2296,CVE-2015-3194,CVE-2015-3195,CVE-2015-3196,CVE-2015-3197,CVE-2015-3216,CVE-2015-4000,CVE-2016-0702,CVE-2016-0705,CVE-2016-0797,CVE-2016-0798,CVE-2016-0799,CVE-2016-0800,CVE-2016-10745,CVE-2016-2105,CVE-2016-2106,CVE-2016-2107,CVE-2016-2109,CVE-2016-2176,CVE-2016-2177,CVE-2016-2178,CVE-2016-2179,CVE-2016-2180,CVE-2016-2181,CVE-2016-2182,CVE-2016-2183,CVE-2016-6302,CVE-2016-6303,CVE-2016-6304,CVE-2016-6306,CVE-2016-7052,CVE-2016-7055,CVE-2016-9015,CVE-2017-18342,CVE-2017-3731,CVE-2017-3732,CVE-2017-3735,CVE-2017-3736,CVE-2017-3737,CVE-2017-3738,CVE-2018-0732,CVE-2018-0734,CVE-2018-0737,CVE-2018-0739,CVE-2018-18074,CVE-2018-20060,CVE-2018-5407,CVE-2018-7750,CVE-2019-10906,CVE-2019-11236,CVE-2019-11324,CVE-2019-13132,CVE-2019-1547,CVE-2019-1551,CVE-2019-1559,CVE-2019-1563,CVE-2019-20907,CVE-2019-20916,CVE-2019-5010,CVE-2019-6250,CVE-2019-8341,CVE-2019-9740,CVE-2019-9947,CVE-2020-14343,CVE-2020-15166,CVE-2020-15523,CVE-2020-15801,CVE-2020-1747,CVE-2020-1971,CVE-2020-25659,CVE-2020-26137,CVE-2020-27783,CVE-2020-28493,CVE-2020-29651,CVE-2020-36242,CVE-2020-8492,CVE-2021-23336,CVE-2021-23840,CVE-2021-23841,CVE-2021-28957,CVE-2021-29921,CVE-2021-3177,CVE-2021-33503,CVE-2021-3426,CVE-2021-3712
JIRA References: ECO-3105,SLE-11435,SLE-12684,SLE-12986,SLE-13688,SLE-14253,SLE-15159,SLE-15860,SLE-15861,SLE-16754,SLE-17532,SLE-17957,SLE-18260,SLE-18354,SLE-18446,SLE-19264,SLE-3887,SLE-4480,SLE-4577,SLE-7686,SLE-9135
Sources used:
SUSE Manager Tools 12-BETA (src):    venv-salt-minion-3002.2-3.3.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 31 Gabriele Sonnu 2022-04-11 13:29:43 UTC

Done.