Bug 1086778 - (CVE-2018-8970) VUL-0: CVE-2018-8970: libressl: The int_x509_param_set_hosts function in lib/libcrypto/x509/x509_vpm.c inLibreSSL 2.7.0 before 2.7.1 does not support a certain special case of a zeroname length, which causes silent omission of hostname verification
(CVE-2018-8970)
VUL-0: CVE-2018-8970: libressl: The int_x509_param_set_hosts function in lib/...
Status: RESOLVED FIXED
Classification: openSUSE
Product: openSUSE Distribution
Classification: openSUSE
Component: Basesystem
Leap 42.3
Other Other
: P3 - Medium : Normal (vote)
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/202623/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-03-26 06:07 UTC by Marcus Meissner
Modified: 2022-05-16 22:40 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2018-03-26 06:07:40 UTC
CVE-2018-8970

The int_x509_param_set_hosts function in lib/libcrypto/x509/x509_vpm.c in
LibreSSL 2.7.0 before 2.7.1 does not support a certain special case of a zero
name length, which causes silent omission of hostname verification, and
consequently allows man-in-the-middle attackers to spoof servers and obtain
sensitive information via a crafted certificate. NOTE: the LibreSSL
documentation indicates that this special case is supported, but the BoringSSL
documentation does not.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-8970
http://www.cvedetails.com/cve/CVE-2018-8970/
https://boringssl.googlesource.com/boringssl/+/e759a9cd84198613199259dbed401f4951747cff
https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.7.1-relnotes.txt
https://github.com/libressl-portable/openbsd/commit/0654414afcce51a16d35d05060190a3ec4618d42
Comment 1 Swamp Workflow Management 2018-08-24 08:10:05 UTC
This is an autogenerated message for OBS integration:
This bug (1086778) was mentioned in
https://build.opensuse.org/request/show/631238 42.3 / libressl
Comment 2 Swamp Workflow Management 2018-09-03 22:08:02 UTC
openSUSE-SU-2018:2597-1: An update that solves two vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1065363,1086778,1097779
CVE References: CVE-2018-12434,CVE-2018-8970
Sources used:
openSUSE Leap 42.3 (src):    libressl-2.8.0-11.1
Comment 3 Marcus Meissner 2018-09-07 12:34:28 UTC
released
Comment 4 OBSbugzilla Bot 2022-05-16 22:40:06 UTC
This is an autogenerated message for OBS integration:
This bug (1086778) was mentioned in
https://build.opensuse.org/request/show/977615 Backports:SLE-15-SP3 / libressl
https://build.opensuse.org/request/show/977616 Backports:SLE-15-SP4 / libressl