Bug 1111634 - (CVE-2018-1000808) VUL-1: CVE-2018-1000808: python-pyOpenSSL: Failure to Release Memory Before Removing Last Reference vulnerability in PKCS #12 Store
(CVE-2018-1000808)
VUL-1: CVE-2018-1000808: python-pyOpenSSL: Failure to Release Memory Before R...
Status: IN_PROGRESS
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/216361/
CVSSv3:SUSE:CVE-2018-1000808:3.7:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-10-12 11:19 UTC by Karol Babioch
Modified: 2022-01-31 16:36 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Karol Babioch 2018-10-12 11:19:23 UTC
CVE-2018-1000808

Python Cryptographic Authority pyopenssl version Before 17.5.0 contains a
CWE - 401 : Failure to Release Memory Before Removing Last Reference
vulnerability in PKCS #12 Store that can result in Denial of service if
memory runs low or is exhausted. This attack appear to be exploitable via
Depends upon calling application, however it could be as simple as
initiating a TLS connection. Anything that would cause the calling
application to reload certificates from a PKCS #12 store.. This
vulnerability appears to have been fixed in 17.5.0.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1000808
http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1000808.html
Comment 1 Matej Cepl 2018-10-12 14:22:09 UTC
Fix should be in https://github.com/pyca/pyopenssl/pull/723
Comment 12 Swamp Workflow Management 2018-12-10 17:21:23 UTC
SUSE-SU-2018:4063-1: An update that solves two vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1021578,1111634,1111635
CVE References: CVE-2018-1000807,CVE-2018-1000808
Sources used:
SUSE OpenStack Cloud 7 (src):    python-cryptography-1.3.1-7.13.4, python-pyOpenSSL-16.0.0-4.11.3, python-setuptools-18.0.1-4.8.1
SUSE OpenStack Cloud 6-LTSS (src):    python-setuptools-18.0.1-4.8.1
SUSE Linux Enterprise Software Development Kit 12-SP4 (src):    python-setuptools-18.0.1-4.8.1
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    python-setuptools-18.0.1-4.8.1
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    python-cryptography-1.3.1-7.13.4, python-pyOpenSSL-16.0.0-4.11.3, python-setuptools-18.0.1-4.8.1
SUSE Linux Enterprise Server 12-SP4 (src):    python-cryptography-1.3.1-7.13.4, python-pyOpenSSL-16.0.0-4.11.3, python-setuptools-18.0.1-4.8.1
SUSE Linux Enterprise Server 12-SP3 (src):    python-cryptography-1.3.1-7.13.4, python-pyOpenSSL-16.0.0-4.11.3, python-setuptools-18.0.1-4.8.1
SUSE Linux Enterprise Server 12-SP2-LTSS (src):    python-cryptography-1.3.1-7.13.4, python-pyOpenSSL-16.0.0-4.11.3, python-setuptools-18.0.1-4.8.1
SUSE Linux Enterprise Server 12-SP2-BCL (src):    python-cryptography-1.3.1-7.13.4, python-pyOpenSSL-16.0.0-4.11.3, python-setuptools-18.0.1-4.8.1
SUSE Linux Enterprise Server 12-SP1-LTSS (src):    python-setuptools-18.0.1-4.8.1
SUSE Linux Enterprise Module for Public Cloud 12 (src):    python-setuptools-18.0.1-4.8.1
SUSE Linux Enterprise Module for Containers 12 (src):    python-setuptools-18.0.1-4.8.1
SUSE Linux Enterprise Desktop 12-SP4 (src):    python-cryptography-1.3.1-7.13.4, python-pyOpenSSL-16.0.0-4.11.3, python-setuptools-18.0.1-4.8.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    python-cryptography-1.3.1-7.13.4, python-pyOpenSSL-16.0.0-4.11.3, python-setuptools-18.0.1-4.8.1
SUSE Enterprise Storage 4 (src):    python-cryptography-1.3.1-7.13.4, python-pyOpenSSL-16.0.0-4.11.3, python-setuptools-18.0.1-4.8.1
SUSE CaaS Platform ALL (src):    python-cryptography-1.3.1-7.13.4, python-setuptools-18.0.1-4.8.1
SUSE CaaS Platform 3.0 (src):    python-cryptography-1.3.1-7.13.4, python-pyOpenSSL-16.0.0-4.11.3, python-setuptools-18.0.1-4.8.1
OpenStack Cloud Magnum Orchestration 7 (src):    python-cryptography-1.3.1-7.13.4, python-setuptools-18.0.1-4.8.1
Comment 15 Swamp Workflow Management 2019-04-02 16:26:44 UTC
openSUSE-SU-2019:1104-1: An update that solves two vulnerabilities and has three fixes is now available.

Category: security (important)
Bug References: 1021578,1052927,1111634,1111635,1119077
CVE References: CVE-2018-1000807,CVE-2018-1000808
Sources used:
openSUSE Leap 42.3 (src):    python-cryptography-1.3.1-5.3.1, python-pyOpenSSL-16.0.0-5.8.2

*** NOTE: This information is not intended to be used for external
    communication, because this may only be a partial fix.
    If you have questions please reach out to maintenance coordination.
Comment 17 Swamp Workflow Management 2019-05-06 16:15:40 UTC
SUSE-RU-2019:1161-1: An update that solves two vulnerabilities and has 18 fixes is now available.

Category: recommended (moderate)
Bug References: 1063535,1094690,1105822,1111634,1111635,1114632,1116501,1116686,1122053,1122237,1122875,1124017,1124022,1125180,1125216,1127752,1128479,1128928,1130414,127227
CVE References: CVE-2018-1000807,CVE-2018-1000808
Sources used:
SUSE OpenStack Cloud Crowbar 8 (src):    crowbar-5.0+git.1551088826.010c0399-3.12.2, crowbar-core-5.0+git.1552461227.43e65d269-3.20.2, crowbar-ha-5.0+git.1553248675.7e103ea-3.14.2, crowbar-openstack-5.0+git.1554709170.195ba0e26-4.22.2, documentation-suse-openstack-cloud-deployment-8.20190329-1.14.2, documentation-suse-openstack-cloud-supplement-8.20190329-1.14.2, documentation-suse-openstack-cloud-upstream-admin-8.20190329-1.14.2, documentation-suse-openstack-cloud-upstream-user-8.20190329-1.14.2, galera-python-clustercheck-0.0+git.1506329536.8f5878c-4.3.2, openstack-dashboard-12.0.4~dev5-3.17.3, openstack-ec2-api-5.0.1~dev10-4.6.2, openstack-heat-9.0.6~dev17-3.15.3, openstack-heat-doc-9.0.6~dev17-3.15.2, openstack-heat-templates-0.0.0+git.1553459627.948e8cc-3.9.2, openstack-horizon-plugin-ironic-ui-3.0.4~dev3-3.6.2, openstack-horizon-plugin-magnum-ui-3.0.1~dev9-3.6.2, openstack-horizon-plugin-sahara-ui-7.0.4~dev1-3.6.2, openstack-ironic-9.1.7~dev7-3.15.3, openstack-ironic-doc-9.1.7~dev7-3.15.2, openstack-keystone-12.0.3~dev1-5.16.3, openstack-keystone-doc-12.0.3~dev1-5.16.2, openstack-magnum-5.0.2~dev31-4.12.3, openstack-magnum-doc-5.0.2~dev31-4.12.2, openstack-manila-5.0.4~dev17-3.15.3, openstack-manila-doc-5.0.4~dev17-3.15.2, openstack-monasca-api-2.2.1~dev25-3.9.3, openstack-monasca-notification-1.10.2~dev2-3.6.3, openstack-monasca-persister-1.7.1~dev8-3.6.3, openstack-murano-4.0.1~dev5-3.6.2, openstack-murano-doc-4.0.1~dev5-3.6.2, openstack-neutron-11.0.7~dev100-3.15.3, openstack-neutron-doc-11.0.7~dev100-3.15.2, openstack-neutron-fwaas-11.0.2~dev8-3.11.2, openstack-neutron-fwaas-doc-11.0.2~dev8-3.11.2, openstack-nova-16.1.8~dev53-3.20.3, openstack-nova-doc-16.1.8~dev53-3.20.2, openstack-octavia-1.0.5~dev1-4.15.2, openstack-sahara-7.0.4~dev1-3.9.3, openstack-sahara-doc-7.0.4~dev1-3.9.2, openstack-swift-2.15.2~dev32-3.6.2, openstack-swift-doc-2.15.2~dev32-3.6.2, openstack-tempest-17.0.0-4.6.2, python-cinderclient-3.1.1-3.3.2, python-cryptography-2.0.3-3.7.2, python-monasca-common-2.3.1~dev4-4.6.2, python-os-brick-1.15.8-3.3.2
SUSE OpenStack Cloud 8 (src):    ardana-ansible-8.0+git.1553878455.7439e04-3.58.2, ardana-cobbler-8.0+git.1550694449.df88054-3.35.2, ardana-db-8.0+git.1550589454.df2e733-3.22.2, ardana-heat-8.0+git.1552935705.e9a92b3-3.9.2, ardana-manila-8.0+git.1551748668.7427826-1.15.2, ardana-neutron-8.0+git.1551113207.9f1db17-3.27.2, ardana-nova-8.0+git.1551718533.227cb9e-3.26.2, ardana-octavia-8.0+git.1553890679.8a50307-3.14.2, ardana-osconfig-8.0+git.1552503158.6b6b195-3.33.2, ardana-service-8.0+git.1551382173.a81d5e1-3.23.2, ardana-ses-8.0+git.1554145115.63a4cf2-1.17.2, ardana-swift-8.0+git.1551502730.f4d219d-3.24.2, ardana-tempest-8.0+git.1554307220.ed24e63-3.18.2, documentation-suse-openstack-cloud-installation-8.20190329-1.14.2, documentation-suse-openstack-cloud-operations-8.20190329-1.14.2, documentation-suse-openstack-cloud-opsconsole-8.20190329-1.14.2, documentation-suse-openstack-cloud-planning-8.20190329-1.14.2, documentation-suse-openstack-cloud-security-8.20190329-1.14.2, documentation-suse-openstack-cloud-supplement-8.20190329-1.14.2, documentation-suse-openstack-cloud-upstream-admin-8.20190329-1.14.2, documentation-suse-openstack-cloud-upstream-user-8.20190329-1.14.2, documentation-suse-openstack-cloud-user-8.20190329-1.14.2, galera-python-clustercheck-0.0+git.1506329536.8f5878c-4.3.2, openstack-dashboard-12.0.4~dev5-3.17.3, openstack-ec2-api-5.0.1~dev10-4.6.2, openstack-heat-9.0.6~dev17-3.15.3, openstack-heat-doc-9.0.6~dev17-3.15.2, openstack-heat-templates-0.0.0+git.1553459627.948e8cc-3.9.2, openstack-horizon-plugin-ironic-ui-3.0.4~dev3-3.6.2, openstack-horizon-plugin-magnum-ui-3.0.1~dev9-3.6.2, openstack-horizon-plugin-sahara-ui-7.0.4~dev1-3.6.2, openstack-ironic-9.1.7~dev7-3.15.3, openstack-ironic-doc-9.1.7~dev7-3.15.2, openstack-keystone-12.0.3~dev1-5.16.3, openstack-keystone-doc-12.0.3~dev1-5.16.2, openstack-magnum-5.0.2~dev31-4.12.3, openstack-magnum-doc-5.0.2~dev31-4.12.2, openstack-manila-5.0.4~dev17-3.15.3, openstack-manila-doc-5.0.4~dev17-3.15.2, openstack-monasca-api-2.2.1~dev25-3.9.3, openstack-monasca-notification-1.10.2~dev2-3.6.3, openstack-monasca-persister-1.7.1~dev8-3.6.3, openstack-murano-4.0.1~dev5-3.6.2, openstack-murano-doc-4.0.1~dev5-3.6.2, openstack-neutron-11.0.7~dev100-3.15.3, openstack-neutron-doc-11.0.7~dev100-3.15.2, openstack-neutron-fwaas-11.0.2~dev8-3.11.2, openstack-neutron-fwaas-doc-11.0.2~dev8-3.11.2, openstack-nova-16.1.8~dev53-3.20.3, openstack-nova-doc-16.1.8~dev53-3.20.2, openstack-octavia-1.0.5~dev1-4.15.2, openstack-sahara-7.0.4~dev1-3.9.3, openstack-sahara-doc-7.0.4~dev1-3.9.2, openstack-swift-2.15.2~dev32-3.6.2, openstack-swift-doc-2.15.2~dev32-3.6.2, openstack-tempest-17.0.0-4.6.2, python-cinderclient-3.1.1-3.3.2, python-cryptography-2.0.3-3.7.2, python-monasca-common-2.3.1~dev4-4.6.2, python-os-brick-1.15.8-3.3.2, venv-openstack-aodh-5.1.1~dev6-12.14.3, venv-openstack-barbican-5.0.2~dev2-12.15.3, venv-openstack-ceilometer-9.0.7~dev2-12.12.3, venv-openstack-cinder-11.1.2~dev58-14.15.3, venv-openstack-designate-5.0.3~dev6-12.13.3, venv-openstack-freezer-5.0.0.0~xrc2~dev2-10.10.3, venv-openstack-glance-15.0.2~dev9-12.13.3, venv-openstack-heat-9.0.6~dev17-12.15.3, venv-openstack-horizon-12.0.4~dev5-14.20.3, venv-openstack-ironic-9.1.7~dev7-12.15.3, venv-openstack-keystone-12.0.3~dev1-11.15.3, venv-openstack-magnum-5.0.2-11.13.1, venv-openstack-manila-5.0.4~dev17-12.17.3, venv-openstack-monasca-2.2.1-11.11.1, venv-openstack-monasca-ceilometer-1.5.1-8.9.1, venv-openstack-murano-4.0.1-12.9.1, venv-openstack-neutron-11.0.2-13.17.1, venv-openstack-nova-16.1.8~dev53-11.16.3, venv-openstack-octavia-1.0.5~dev1-12.15.3, venv-openstack-sahara-7.0.4~dev1-11.14.3, venv-openstack-swift-2.15.2-11.9.1, venv-openstack-trove-8.0.1~dev12-11.14.3
HPE Helion Openstack 8 (src):    ardana-ansible-8.0+git.1553878455.7439e04-3.58.2, ardana-cobbler-8.0+git.1550694449.df88054-3.35.2, ardana-db-8.0+git.1550589454.df2e733-3.22.2, ardana-heat-8.0+git.1552935705.e9a92b3-3.9.2, ardana-manila-8.0+git.1551748668.7427826-1.15.2, ardana-neutron-8.0+git.1551113207.9f1db17-3.27.2, ardana-nova-8.0+git.1551718533.227cb9e-3.26.2, ardana-octavia-8.0+git.1553890679.8a50307-3.14.2, ardana-osconfig-8.0+git.1552503158.6b6b195-3.33.2, ardana-service-8.0+git.1551382173.a81d5e1-3.23.2, ardana-ses-8.0+git.1554145115.63a4cf2-1.17.2, ardana-swift-8.0+git.1551502730.f4d219d-3.24.2, ardana-tempest-8.0+git.1554307220.ed24e63-3.18.2, documentation-hpe-helion-openstack-installation-8.20190329-1.14.2, documentation-hpe-helion-openstack-operations-8.20190329-1.14.2, documentation-hpe-helion-openstack-opsconsole-8.20190329-1.14.2, documentation-hpe-helion-openstack-planning-8.20190329-1.14.2, documentation-hpe-helion-openstack-security-8.20190329-1.14.2, documentation-hpe-helion-openstack-user-8.20190329-1.14.2, galera-python-clustercheck-0.0+git.1506329536.8f5878c-4.3.2, openstack-dashboard-12.0.4~dev5-3.17.3, openstack-ec2-api-5.0.1~dev10-4.6.2, openstack-heat-9.0.6~dev17-3.15.3, openstack-heat-doc-9.0.6~dev17-3.15.2, openstack-heat-templates-0.0.0+git.1553459627.948e8cc-3.9.2, openstack-horizon-plugin-ironic-ui-3.0.4~dev3-3.6.2, openstack-horizon-plugin-magnum-ui-3.0.1~dev9-3.6.2, openstack-horizon-plugin-sahara-ui-7.0.4~dev1-3.6.2, openstack-ironic-9.1.7~dev7-3.15.3, openstack-ironic-doc-9.1.7~dev7-3.15.2, openstack-keystone-12.0.3~dev1-5.16.3, openstack-keystone-doc-12.0.3~dev1-5.16.2, openstack-magnum-5.0.2~dev31-4.12.3, openstack-magnum-doc-5.0.2~dev31-4.12.2, openstack-manila-5.0.4~dev17-3.15.3, openstack-manila-doc-5.0.4~dev17-3.15.2, openstack-monasca-api-2.2.1~dev25-3.9.3, openstack-monasca-notification-1.10.2~dev2-3.6.3, openstack-monasca-persister-1.7.1~dev8-3.6.3, openstack-murano-4.0.1~dev5-3.6.2, openstack-murano-doc-4.0.1~dev5-3.6.2, openstack-neutron-11.0.7~dev100-3.15.3, openstack-neutron-doc-11.0.7~dev100-3.15.2, openstack-neutron-fwaas-11.0.2~dev8-3.11.2, openstack-neutron-fwaas-doc-11.0.2~dev8-3.11.2, openstack-nova-16.1.8~dev53-3.20.3, openstack-nova-doc-16.1.8~dev53-3.20.2, openstack-octavia-1.0.5~dev1-4.15.2, openstack-sahara-7.0.4~dev1-3.9.3, openstack-sahara-doc-7.0.4~dev1-3.9.2, openstack-swift-2.15.2~dev32-3.6.2, openstack-swift-doc-2.15.2~dev32-3.6.2, openstack-tempest-17.0.0-4.6.2, python-cinderclient-3.1.1-3.3.2, python-cryptography-2.0.3-3.7.2, python-monasca-common-2.3.1~dev4-4.6.2, python-os-brick-1.15.8-3.3.2, venv-openstack-aodh-5.1.1~dev6-12.14.3, venv-openstack-barbican-5.0.2~dev2-12.15.3, venv-openstack-ceilometer-9.0.7~dev2-12.12.3, venv-openstack-cinder-11.1.2~dev58-14.15.3, venv-openstack-designate-5.0.3~dev6-12.13.3, venv-openstack-freezer-5.0.0.0~xrc2~dev2-10.10.3, venv-openstack-glance-15.0.2~dev9-12.13.3, venv-openstack-heat-9.0.6~dev17-12.15.3, venv-openstack-horizon-hpe-12.0.4~dev5-14.20.3, venv-openstack-ironic-9.1.7~dev7-12.15.3, venv-openstack-keystone-12.0.3~dev1-11.15.3, venv-openstack-magnum-5.0.2-11.13.1, venv-openstack-manila-5.0.4~dev17-12.17.3, venv-openstack-monasca-2.2.1-11.11.1, venv-openstack-monasca-ceilometer-1.5.1-8.9.1, venv-openstack-murano-4.0.1-12.9.1, venv-openstack-neutron-11.0.2-13.17.1, venv-openstack-nova-16.1.8~dev53-11.16.3, venv-openstack-octavia-1.0.5~dev1-12.15.3, venv-openstack-sahara-7.0.4~dev1-11.14.3, venv-openstack-swift-2.15.2-11.9.1, venv-openstack-trove-8.0.1~dev12-11.14.3

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.