Bug 1201099 - (CVE-2022-2097) VUL-0: CVE-2022-2097: openssl-1_1,openssl-3: AES OCB fails to encrypt some bytes
(CVE-2022-2097)
VUL-0: CVE-2022-2097: openssl-1_1,openssl-3: AES OCB fails to encrypt some bytes
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/336072/
CVSSv3.1:SUSE:CVE-2022-2097:7.5:(AV:N...
:
Depends on:
Blocks: 1201100 1201332
  Show dependency treegraph
 
Reported: 2022-07-01 13:08 UTC by Marcus Meissner
Modified: 2022-09-01 13:50 UTC (History)
3 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
openssl-3-0001-Fix-AES-OCB-encrypt-decrypt-for-x86-AES-NI.patch (2.82 KB, patch)
2022-07-01 13:17 UTC, Marcus Meissner
Details | Diff
openssl-3-0002-AES-OCB-test-vectors.patch (6.43 KB, patch)
2022-07-01 13:17 UTC, Marcus Meissner
Details | Diff
openssl-1_1-0001-Fix-AES-OCB-encrypt-decrypt-for-x86-AES-NI.patch (2.82 KB, patch)
2022-07-01 13:17 UTC, Marcus Meissner
Details | Diff
openssl-1_1-0002-AES-OCB-test-vectors.patch (6.28 KB, patch)
2022-07-01 13:17 UTC, Marcus Meissner
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Marcus Meissner 2022-07-01 13:17:03 UTC
Created attachment 859958 [details]
openssl-3-0001-Fix-AES-OCB-encrypt-decrypt-for-x86-AES-NI.patch

openssl-3-0001-Fix-AES-OCB-encrypt-decrypt-for-x86-AES-NI.patch
Comment 2 Marcus Meissner 2022-07-01 13:17:19 UTC
Created attachment 859959 [details]
openssl-3-0002-AES-OCB-test-vectors.patch

openssl-3-0002-AES-OCB-test-vectors.patch
Comment 3 Marcus Meissner 2022-07-01 13:17:35 UTC
Created attachment 859960 [details]
openssl-1_1-0001-Fix-AES-OCB-encrypt-decrypt-for-x86-AES-NI.patch

openssl-1_1-0001-Fix-AES-OCB-encrypt-decrypt-for-x86-AES-NI.patch
Comment 4 Marcus Meissner 2022-07-01 13:17:50 UTC
Created attachment 859961 [details]
openssl-1_1-0002-AES-OCB-test-vectors.patch
Comment 5 Marcus Meissner 2022-07-01 13:24:16 UTC
openssl 1.0.2 and older do not implement AES OCB in assembler and are so not affected.
Comment 6 Jason Sikes 2022-07-04 08:04:42 UTC
Submitted:

| STREAM                 | PACKAGE     | STATUS                    |
|------------------------+-------------+---------------------------|
| SUSE_SLE-15-SP4_Update | openssl-3   | created request id 275076 |
| SUSE_SLE-15-SP4_Update | openssl-1_1 | created request id 275077 |
| SUSE_SLE-15-SP2_Update | openssl-1_1 | created request id 275078 |
| SUSE_SLE-12-SP4_Update | openssl-1_1 | created request id 275080 |
| SUSE_SLE-15_Update     | openssl-1_1 | created request id 275081 |
| SUSE_SLE-15-SP1_Update | openssl-1_1 | created request id 275082 |

Factory will be updated when embargo is lifted.
Comment 8 Jason Sikes 2022-07-05 01:32:42 UTC
request id 275078 is having problems so I revoked it

created request id 275124 for SUSE_SLE-15-SP2_Update / openssl-1_1
Comment 10 Marcus Meissner 2022-07-05 11:08:05 UTC
was published

AES OCB fails to encrypt some bytes (CVE-2022-2097)
===================================================

Severity: MODERATE

AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised
implementation will not encrypt the entirety of the data under some
circumstances.  This could reveal sixteen bytes of data that was
preexisting in the memory that wasn't written.  In the special case of
"in place" encryption, sixteen bytes of the plaintext would be revealed.

Since OpenSSL does not support OCB based cipher suites for TLS and DTLS,
they are both unaffected.

This issue affects versions 1.1.1 and 3.0.  It was addressed in the
releases of 1.1.1q and 3.0.5 on the 5th July 2022.

OpenSSL 1.1.1 users should upgrade to 1.1.1q
OpenSSL 3.0 users should upgrade to 3.0.5

This issue was reported to OpenSSL on the 15th June 2022 by Alex
Chernyakhovsky from Google. The fix was developed by Alex Chernyakhovsky,
David Benjamin and Alejandro Sedeño from Google.
Comment 11 Swamp Workflow Management 2022-07-06 16:19:06 UTC
SUSE-SU-2022:2308-1: An update that solves three vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1185637,1199166,1200550,1201099
CVE References: CVE-2022-1292,CVE-2022-2068,CVE-2022-2097
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    openssl-1_1-1.1.1l-150400.7.7.1
SUSE Linux Enterprise Module for Basesystem 15-SP4 (src):    openssl-1_1-1.1.1l-150400.7.7.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 12 Swamp Workflow Management 2022-07-06 16:22:14 UTC
SUSE-SU-2022:2312-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1201099
CVE References: CVE-2022-2097
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    openssl-1_1-1.1.1d-2.69.1
SUSE OpenStack Cloud 9 (src):    openssl-1_1-1.1.1d-2.69.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    openssl-1_1-1.1.1d-2.69.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    openssl-1_1-1.1.1d-2.69.1
SUSE Linux Enterprise Server 12-SP5 (src):    openssl-1_1-1.1.1d-2.69.1
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    openssl-1_1-1.1.1d-2.69.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 13 Swamp Workflow Management 2022-07-06 16:23:29 UTC
SUSE-SU-2022:2311-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1201099
CVE References: CVE-2022-2097
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    openssl-1_1-1.1.0i-150100.14.36.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    openssl-1_1-1.1.0i-150100.14.36.1
SUSE Linux Enterprise Server 15-SP1-BCL (src):    openssl-1_1-1.1.0i-150100.14.36.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    openssl-1_1-1.1.0i-150100.14.36.1
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    openssl-1_1-1.1.0i-150100.14.36.1
SUSE Enterprise Storage 6 (src):    openssl-1_1-1.1.0i-150100.14.36.1
SUSE CaaS Platform 4.0 (src):    openssl-1_1-1.1.0i-150100.14.36.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 14 Swamp Workflow Management 2022-07-06 16:33:13 UTC
SUSE-SU-2022:2306-1: An update that solves 6 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1185637,1199166,1199167,1199168,1199169,1200550,1201099
CVE References: CVE-2022-1292,CVE-2022-1343,CVE-2022-1434,CVE-2022-1473,CVE-2022-2068,CVE-2022-2097
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    openssl-3-3.0.1-150400.4.7.1
SUSE Linux Enterprise Module for Basesystem 15-SP4 (src):    openssl-3-3.0.1-150400.4.7.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 15 Swamp Workflow Management 2022-07-06 16:33:55 UTC
SUSE-SU-2022:2309-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1200550,1201099
CVE References: CVE-2022-2068,CVE-2022-2097
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15 (src):    openssl-1_1-1.1.0i-150000.4.74.1
SUSE Linux Enterprise Server 15-LTSS (src):    openssl-1_1-1.1.0i-150000.4.74.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    openssl-1_1-1.1.0i-150000.4.74.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    openssl-1_1-1.1.0i-150000.4.74.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 16 Swamp Workflow Management 2022-07-07 16:17:42 UTC
SUSE-SU-2022:2328-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1201099
CVE References: CVE-2022-2097
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    openssl-1_1-1.1.1d-150200.11.51.1
SUSE Manager Server 4.1 (src):    openssl-1_1-1.1.1d-150200.11.51.1
SUSE Manager Retail Branch Server 4.1 (src):    openssl-1_1-1.1.1d-150200.11.51.1
SUSE Manager Proxy 4.1 (src):    openssl-1_1-1.1.1d-150200.11.51.1
SUSE Linux Enterprise Server for SAP 15-SP2 (src):    openssl-1_1-1.1.1d-150200.11.51.1
SUSE Linux Enterprise Server 15-SP2-LTSS (src):    openssl-1_1-1.1.1d-150200.11.51.1
SUSE Linux Enterprise Server 15-SP2-BCL (src):    openssl-1_1-1.1.1d-150200.11.51.1
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    openssl-1_1-1.1.1d-150200.11.51.1
SUSE Linux Enterprise Micro 5.2 (src):    openssl-1_1-1.1.1d-150200.11.51.1
SUSE Linux Enterprise Micro 5.1 (src):    openssl-1_1-1.1.1d-150200.11.51.1
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src):    openssl-1_1-1.1.1d-150200.11.51.1
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src):    openssl-1_1-1.1.1d-150200.11.51.1
SUSE Enterprise Storage 7 (src):    openssl-1_1-1.1.1d-150200.11.51.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 17 Jason Sikes 2022-07-11 10:50:07 UTC
Completed. Reassigning to Security Team
Comment 19 Swamp Workflow Management 2022-07-15 19:22:40 UTC
SUSE-SU-2022:2417-1: An update that fixes 5 vulnerabilities is now available.

Category: security (important)
Bug References: 1201099,1201325,1201326,1201327,1201328
CVE References: CVE-2022-2097,CVE-2022-32212,CVE-2022-32213,CVE-2022-32214,CVE-2022-32215
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Web Scripting 12 (src):    nodejs12-12.22.12-1.51.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 20 Pedro Monreal Gonzalez 2022-07-25 10:28:15 UTC
Update to OpenSSL 3.0.5, accepted Factory submission:
 * https://build.opensuse.org/request/show/990536
Comment 21 Gabriele Sonnu 2022-07-29 14:57:35 UTC
Done.
Comment 22 Swamp Workflow Management 2022-09-01 13:50:14 UTC
openSUSE-SU-2022:2328-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1201099
CVE References: CVE-2022-2097
JIRA References: 
Sources used:
openSUSE Leap Micro 5.2 (src):    openssl-1_1-1.1.1d-150200.11.51.1