Bugzilla – Bug 1220262
VUL-0: CVE-2023-50782: openssl: consider backporting implicit rejection in PKCS#1 v1.5
Last modified: 2024-03-19 07:59:10 UTC
+++ This bug was initially created as a clone of Bug #1218043 +++ Description: The fix for CVE-2020-25659 is not addressing the leakage in the RSA decryption. Because of the API design, the fix is generally not believed to be possible to be fully addressed. The issue can be mitigated by using a cryptographic backed that implements implicit rejection (Marvin workaround). Only applications that use RSA decryption with PKCS#1 v1.5 padding are affected. Implicit rejection in RHEL has shipped in 9.3.0. Will ship in 9.2.eus, 8.6.eus, 8.8.eus, and 8.9.z. No other releases are planned References: https://github.com/pyca/cryptography/issues/9785 https://people.redhat.com/~hkario/marvin/ https://github.com/openssl/openssl/pull/13817 References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-50782
Newest openssl we have is 3.1.4 in Factory, we should consider backporting PKCS#1 v1.5 implicit rejection from 3.2.0
This was reworked later in [0], then partially reverted in [1] and then more rework in [2] in the context of CVE-2022-4304. So, just porting the commits in the pull request [3] might not be enough. Do we need this in SP6 and ALP? In Factory, we are planning to move to openssl version 3.2.1. I'm assigning this to Otto. [0] github.com/openssl/openssl/commit/b1892d21 [1] github.com/openssl/openssl/commit/4209ce68 [2] github.com/openssl/openssl/commit/f06ef165 [3] github.com/openssl/openssl/pull/13817