Bug 934789 – VUL-0: mariadb/mysql: Logjam Attack: mysql uses 512 bit dh groups in SSL

Bug 934789 - VUL-0: mariadb/mysql: Logjam Attack: mysql uses 512 bit dh groups in SSL


Summary:	VUL-0: mariadb/mysql: Logjam Attack: mysql uses 512 bit dh groups in SSL

Status:	RESOLVED FIXED
Duplicates:	936888 (view as bug list)

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Major
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	Security Team bot

URL:
Whiteboard:	maint:released:sle11-sp3:62153 maint:...
Keywords:

Depends on:	CVE-2015-4000
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2015-06-15 18:23 UTC by Marcus Meissner
Modified:	2016-06-17 18:08 UTC (History)
CC List:	17 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
patch for mysql 5.5.43 in SLE11SP3 (4.89 KB, patch) 2015-06-30 09:31 UTC, Kristyna Streitova	Details \| Diff
patch for mysql 5.0.96 in SLE11SP1 (4.57 KB, patch) 2015-06-30 09:33 UTC, Kristyna Streitova	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marcus Meissner 2015-06-15 18:23:30 UTC

+++ This bug was initially created as a clone of Bug #931600 +++

SUSE:SLE-12:Update/mariadb/mariadb-10.0.16

grep -r SSL_CTX_set_tmp_dh .
./extra/yassl/src/yassl.cpp:    SSL_CTX_set_tmp_dh(base.ctx_, base.dh_);
      uses fixed 512 bit group - BAD

./extra/yassl/src/ssl.cpp:long SSL_CTX_set_tmp_dh(SSL_CTX* ctx, DH* dh)


./extra/yassl/testsuite/test.hpp:    SSL_CTX_set_tmp_dh(ctx, dh);

      fixed 1024bit group - OK

./extra/yassl/include/openssl/ssl.h:long SSL_CTX_set_tmp_dh(SSL_CTX*, DH*);

./extra/yassl/include/openssl/prefix_ssl.h:#define SSL_CTX_set_tmp_dh yaSSL_CTX_set_tmp_dh


./vio/viosslfactories.c:  SSL_CTX_set_tmp_dh(ssl_fd->ssl_context, dh);


  /* DH stuff */
  dh=get_dh512();
  SSL_CTX_set_tmp_dh(ssl_fd->ssl_context, dh);

  - BAD

Comment 1 Marcus Meissner 2015-06-15 18:24:48 UTC

mysql 5.5 has the same code.

Comment 2 Marcus Meissner 2015-06-15 18:26:10 UTC

after our current openssl update, accessing mysql with our tools will probably no longer work.

Comment 3 Swamp Workflow Management 2015-06-15 22:00:37 UTC

bugbot adjusting priority

Comment 4 Marcus Meissner 2015-06-26 08:59:26 UTC

https://github.com/mysql/mysql-server/commit/866b988a76e8e7e217017a7883a52a12ec5024b9

https://mariadb.atlassian.net/browse/MDEV-7695

Comment 5 Swamp Workflow Management 2015-06-26 09:02:34 UTC

An update workflow for this issue was started.
This issue was rated as important.
Please submit fixed packages until 2015-07-03.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/62129

Comment 6 Marcus Meissner 2015-06-26 09:03:42 UTC

Krystina, can you submit fixed mariadb for SLES 12
and mysql for SLES 11 SP3, and also backport the patch to SLES 11 SP1?

Comment 7 Marcus Meissner 2015-06-26 09:06:56 UTC

also for openSUSE please

Comment 10 Kristyna Streitova 2015-06-30 09:31:26 UTC

Created attachment 639632 [details]
patch for mysql 5.5.43 in SLE11SP3

Adding patch for mysql 5.5.43 in SLE11SP3

Comment 11 Kristyna Streitova 2015-06-30 09:33:58 UTC

Created attachment 639633 [details]
patch for mysql 5.0.96 in SLE11SP1

Adding patch for mysql 5.0.96 in SLE11SP1

Comment 12 Kristyna Streitova 2015-06-30 09:44:35 UTC

Patches for mysql submitted:

SLE11SP1: https://build.suse.de/request/show/61286
SLE11SP3: https://build.suse.de/request/show/61288

Comment 13 Bernhard Wiedemann 2015-06-30 12:00:11 UTC

This is an autogenerated message for OBS integration:
This bug (934789) was mentioned in
https://build.opensuse.org/request/show/314500 13.2+13.1 / mariadb

Comment 14 Bernhard Wiedemann 2015-06-30 14:00:09 UTC

This is an autogenerated message for OBS integration:
This bug (934789) was mentioned in
https://build.opensuse.org/request/show/314519 13.2+13.1 / mysql-community-server

Comment 15 Kristyna Streitova 2015-06-30 17:29:01 UTC

MariaDB 10.0.20 submitted to SLE12.

-----

Submission overview:

MySQL
|    Product    | Affected |  Request  |
|---------------|----------|-----------|
| SLE11SP1      | yes      | mr#61286  |
| SLE11SP3      | yes      | mr#61288  |
| openSUSE 13.1 | yes      | mr#314519 |
| openSUSE 13.2 | yes      | mr#314519 |
| devel/Factory | yes      | sr#314497 |


MariaDB
|    Product    | Affected |  Request  |
|---------------|----------|-----------|
| SLE12         | yes      | mr#61330  |
| openSUSE 13.1 | yes      | mr#314500 |
| openSUSE 13.2 | yes      | mr#314500 |
| devel/Factory | no*      | ---       |

* 10.0.20 already present here


Reassigning to security team.

Comment 18 Andreas Stieger 2015-07-02 14:05:31 UTC

*** Bug 936888 has been marked as a duplicate of this bug. ***

Comment 19 Peter Szaban 2015-07-02 15:00:29 UTC

Hello,
    I originally opened bug #936888, which was marked as a duplicate.  I installed mariadb and libmysql 5.5.44-4.1 as suggested from http://download.opensuse.org/update/13.1-test/x86_64/ and after restarting the mysqld process, the problem has been resolved for me.
               THANK YOU!!

Comment 20 Swamp Workflow Management 2015-07-02 19:05:29 UTC

SUSE-SU-2015:1177-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 934789
CVE References: CVE-2015-4000
Sources used:
SUSE Linux Enterprise Software Development Kit 11 SP3 (src):    mysql-5.0.96-0.8.8.1, mysql-5.5.43-0.9.1
SUSE Linux Enterprise Server 11 SP3 for VMware (src):    mysql-5.0.96-0.8.8.1, mysql-5.5.43-0.9.1
SUSE Linux Enterprise Server 11 SP3 (src):    mysql-5.0.96-0.8.8.1, mysql-5.5.43-0.9.1
SUSE Linux Enterprise Desktop 11 SP3 (src):    mysql-5.0.96-0.8.8.1, mysql-5.5.43-0.9.1

Comment 21 Swamp Workflow Management 2015-07-08 16:08:49 UTC

openSUSE-SU-2015:1209-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 934789
CVE References: CVE-2015-4000
Sources used:
openSUSE 13.2 (src):    mysql-community-server-5.6.25-2.3.1
openSUSE 13.1 (src):    mysql-community-server-5.6.25-7.4.1

Comment 22 Swamp Workflow Management 2015-07-09 15:08:50 UTC

openSUSE-SU-2015:1216-1: An update that fixes 28 vulnerabilities is now available.

Category: security (important)
Bug References: 859345,914370,924663,934789,936407,936408,936409
CVE References: CVE-2014-6464,CVE-2014-6469,CVE-2014-6491,CVE-2014-6494,CVE-2014-6496,CVE-2014-6500,CVE-2014-6507,CVE-2014-6555,CVE-2014-6559,CVE-2014-6568,CVE-2014-8964,CVE-2015-0374,CVE-2015-0381,CVE-2015-0382,CVE-2015-0411,CVE-2015-0432,CVE-2015-0433,CVE-2015-0441,CVE-2015-0499,CVE-2015-0501,CVE-2015-0505,CVE-2015-2325,CVE-2015-2326,CVE-2015-2568,CVE-2015-2571,CVE-2015-2573,CVE-2015-3152,CVE-2015-4000
Sources used:
openSUSE 13.2 (src):    mariadb-10.0.20-2.9.1
openSUSE 13.1 (src):    mariadb-5.5.44-4.1

Comment 23 Swamp Workflow Management 2015-07-10 17:08:07 UTC

SUSE-SU-2015:1177-2: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 934789
CVE References: CVE-2015-4000
Sources used:
SUSE Linux Enterprise Server 11 SP2 LTSS (src):    mysql-5.0.96-0.8.8.2
SUSE Linux Enterprise Server 11 SP1 LTSS (src):    mysql-5.0.96-0.8.8.2

Comment 24 Olivier Nicolas 2015-07-12 11:11:06 UTC

After updating to "mysql-community-server-client-5.6.25-7.4.1.i586" on "openSUSE 13.1 (Bottle) (i586)"

The mysql server keeps restarting every minute 

Jul  9 19:00:11 blackened systemd[1]: Reloaded System Logging Service.
Jul  9 19:00:57 blackened mysql-systemd-helper[337]: MySQL is still dead
Jul  9 19:00:57 blackened systemd[1]: mysql.service: control process exited, code=exited status=1
Jul  9 19:00:57 blackened systemd[1]: Failed to start MySQL server.
Jul  9 19:00:57 blackened systemd[1]: Unit mysql.service entered failed state.
Jul  9 19:00:57 blackened mysql-systemd-helper[335]: 2015-07-09 19:00:57 351 [Note] /usr/sbin/mysqld: Normal shutdown
Jul  9 19:00:57 blackened mysql-systemd-helper[335]: 2015-07-09 19:00:57 351 [Note] Giving 2 client threads a chance to die gracefully
Jul  9 19:00:57 blackened mysql-systemd-helper[335]: 2015-07-09 19:00:57 351 [Note] Event Scheduler: Purging the queue. 0 events
Jul  9 19:00:57 blackened mysql-systemd-helper[335]: 2015-07-09 19:00:57 351 [Note] Shutting down slave threads
Jul  9 19:00:57 blackened systemd[1]: mysql.service holdoff time over, scheduling restart.
Jul  9 19:00:57 blackened systemd[1]: Stopping MySQL server...
Jul  9 19:00:57 blackened systemd[1]: Starting MySQL server...
Jul  9 19:00:57 blackened mysql-systemd-helper[1042]: /usr/bin/my_print_defaults: unknown option '--mysqld'
Jul  9 19:00:57 blackened mysql-systemd-helper[1051]: /usr/bin/my_print_defaults: unknown option '--mysqld'
Jul  9 19:00:57 blackened mysql-systemd-helper[1059]: /usr/bin/my_print_defaults: unknown option '--mysqld'
Jul  9 19:00:57 blackened mysql-systemd-helper[1060]: /usr/bin/my_print_defaults: unknown option '--mysqld'
Jul  9 19:00:57 blackened mysql-systemd-helper[1060]: Waiting for MySQL to start


I had to modify the /usr/lib/mysql/mysql-systemd-helper to successfully start the mysql server 


--- /usr/lib/mysql/mysql-systemd-helper.orig	2015-07-12 11:46:47.071715464 +0200
+++ /usr/lib/mysql/mysql-systemd-helper	2015-07-12 11:47:22.631715464 +0200
@@ -20,10 +20,10 @@
 
 	# Read options - important for multi setup
 	if [[ -n "$INSTANCE" && "x$INSTANCE" != "xdefault" ]]; then
-		opts="$(/usr/bin/my_print_defaults --mysqld mysqld_multi "$INSTANCE")"
+		opts="$(/usr/bin/my_print_defaults mysqld mysqld_multi "$INSTANCE")"
 		tmp_opts="$opts"
 	else
-		opts="$(/usr/bin/my_print_defaults --mysqld)"
+		opts="$(/usr/bin/my_print_defaults mysqld)"
 		tmp_opts="$opts"
 	fi

Comment 25 Andreas Stieger 2015-07-12 20:07:39 UTC

(In reply to Olivier Nicolas from comment #24)
> After updating to "mysql-community-server-client-5.6.25-7.4.1.i586" on
> "openSUSE 13.1 (Bottle) (i586)"
> 
> The mysql server keeps restarting every minute 

Copied to bug 937767, handling there.

Comment 26 Marcus Meissner 2015-07-21 10:54:37 UTC

sle12 mariadb is still in qa.

Comment 27 Andreas Stieger 2015-07-21 12:07:23 UTC

Releasing MariaDB for SLE 12

Comment 28 Swamp Workflow Management 2015-07-21 14:09:59 UTC

SUSE-SU-2015:1273-1: An update that solves 12 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 906574,919053,919062,920865,920896,921333,924663,924960,924961,934789,936407,936408,936409
CVE References: CVE-2014-8964,CVE-2015-0433,CVE-2015-0441,CVE-2015-0499,CVE-2015-0501,CVE-2015-0505,CVE-2015-2325,CVE-2015-2326,CVE-2015-2568,CVE-2015-2571,CVE-2015-2573,CVE-2015-3152
Sources used:
SUSE Linux Enterprise Workstation Extension 12 (src):    mariadb-10.0.20-18.1
SUSE Linux Enterprise Software Development Kit 12 (src):    mariadb-10.0.20-18.1
SUSE Linux Enterprise Server 12 (src):    mariadb-10.0.20-18.1
SUSE Linux Enterprise Desktop 12 (src):    mariadb-10.0.20-18.1

Comment 30 Swamp Workflow Management 2016-06-17 18:08:16 UTC

SUSE-SU-2016:1618-1: An update that solves one vulnerability and has one errata is now available.

Category: security (moderate)
Bug References: 934789,959724
CVE References: CVE-2015-4000
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    mysql-5.0.96-0.8.10.3
SUSE Linux Enterprise Server 11-SP4 (src):    mysql-5.0.96-0.8.10.3