Ubuntu
nss package

Firefox and Chromium still vulnerable against LOGJAM

Bug #1465014 reported by LAZA on 2015-06-14

272

This bug affects 4 people

Affects		Status	Importance	Assigned to
	NSS	Fix Released	Medium	mozilla-bugs #1138554
	firefox (Ubuntu)	Fix Released	Critical	Unassigned
Nominated for Vivid by Alberto Salvia Novella
	nss (Ubuntu)	Fix Released	Critical	Unassigned
Nominated for Vivid by Alberto Salvia Novella

Bug Description

Hint: http://www.ubuntu.com/usn/usn-2639-1/

" As a security improvement, this update also modifies OpenSSL behaviour to reject DH key sizes below 768 bits, preventing a possible downgrade attack. "

I installed the update but the test site says, i'm still vulnerable (see attachted screen shot).
Site: https://weakdh.org/

- Xubuntu 15.04 -- up-to-date

- openSSL 1.0.1f-1ubuntu11.4 -- up-to-date

- Firefox 38.0+build3-0ubuntu0.15.04.1 -- up-to-date (even there are the versions 38.0.5 and 38.0.6 on the mozilla server available)
- Chromium 43.0.2357.81-0ubuntu0.15.04.1.1170 -- up-to-date

--------------------------------------------------------------------------------

ProblemType: Bug
DistroRelease: Ubuntu 15.04
Package: openssl 1.0.1f-1ubuntu11.4
ProcVersionSignature: Ubuntu 3.19.0-20.20-generic 3.19.8
Uname: Linux 3.19.0-20-generic x86_64
ApportVersion: 2.17.2-0ubuntu1.1
Architecture: amd64
Date: Sun Jun 14 15:34:46 2015
InstallationDate: Installed on 2015-05-28 (16 days ago)
InstallationMedia: Xubuntu 15.04 "Vivid Vervet" - Release amd64 (20150422.1)
SourcePackage: openssl
UpgradeStatus: No upgrade log present (probably fresh install)

See original description

Tags:

CVE References

Revision history for this message

LAZA (laza74) wrote on 2015-06-14:

Bildschirmfoto_2015-06-14_15-34-26.png Edit (105.8 KiB, image/png)
Dependencies.txt Edit (899 bytes, text/plain; charset="utf-8")
JournalErrors.txt Edit (44.4 KiB, text/plain; charset="utf-8")
ProcEnviron.txt Edit (297 bytes, text/plain; charset="utf-8")

description:	updated
summary:	- after update still vunerable against LOGJAM + after update still vulnerable against LOGJAM
description:	updated

LAZA (laza74) on 2015-06-15

description:	updated
description:	updated

Revision history for this message

Marc Deslauriers (mdeslaur) wrote on 2015-06-15: Re: after update still vulnerable against LOGJAM

I think that site is simply printing the warning based on the browser user agent, and not actually testing for the vulnerability.

logjam is planned to be officially addressed in Firefox 39, so it will probably change once firefox 39 gets pushed out.

affects:

openssl (Ubuntu) → firefox (Ubuntu)

Revision history for this message

Haw Loeung (hloeung) wrote on 2015-06-15:

Chrome and Firefox both uses NSS. NSS 3.19.1 contains fixes to mitigate logjam by increasing the minimum modulus size for Diffie-Hellman keys to 1023 bits[1].

Maybe we can look into backporting that.

[1]https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.1_release_notes

Revision history for this message

Haw Loeung (hloeung) wrote on 2015-06-15:

https://hg.mozilla.org/projects/nss/rev/ae72d76f8d24

Revision history for this message

Launchpad Janitor (janitor) wrote on 2015-06-16:

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in firefox (Ubuntu):
status:	New → Confirmed
Changed in nss (Ubuntu):
status:	New → Confirmed

Alberto Salvia Novella (es20490446e) on 2015-06-18

Changed in firefox (Ubuntu):
importance:	Undecided → Critical
Changed in nss (Ubuntu):
importance:	Undecided → Critical
information type:	Public → Public Security

Revision history for this message

Haw Loeung (hloeung) wrote on 2015-06-21:

3.19.2 was just released[1] with:

"""
Notable Changes in NSS 3.19.2
Bug 1172128 - In NSS 3.19.1, the minimum key sizes that the freebl cryptographic implementation (part of the softoken cryptographic module used by default by NSS) was willing to generate or use was increased - for RSA keys, to 512 bits, and for DH keys, 1023 bits. This was done as part of a security fix for Bug 1138554 / CVE-2015-4000. Applications that requested or attempted to use keys smaller then the minimum size would fail. However, this change in behaviour unintentionally broke existing NSS applications that need to generate or use such keys, via APIs such as SECKEY_CreateRSAPrivateKey or SECKEY_CreateDHPrivateKey.

In NSS 3.19.2, this change in freebl behaviour has been reverted. The fix for Bug 1138554 has been moved to libssl, and will now only affect the minimum keystrengths used in SSL/TLS.

Note: Future versions of NSS may increase the minimum keysizes required by the freebl module. Consumers of NSS are strongly encouraged to migrate to stronger cryptographic strengths as soon as possible.
"""

[1]https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2_release_notes

Alberto Salvia Novella (es20490446e) on 2015-06-25

Changed in nss (Ubuntu):
status:	Confirmed → Triaged
Changed in firefox (Ubuntu):
status:	Confirmed → Triaged
no longer affects:	firefox (Ubuntu)

Marc Deslauriers (mdeslaur) on 2015-06-25

Changed in firefox (Ubuntu):
status:	New → Confirmed

Alberto Salvia Novella (es20490446e) on 2015-06-27

Changed in firefox (Ubuntu):
status:	Confirmed → Triaged
importance:	Undecided → Critical

Bug Watch Updater (bug-watch-updater) on 2015-07-05

Changed in nss:
importance:	Unknown → Medium
status:	Unknown → Fix Released

Mathew Hodson (mhodson) on 2015-07-08

summary:

- after update still vulnerable against LOGJAM
+ Firefox and Chromium still vulnerable against LOGJAM

Revision history for this message

Mathew Hodson (mhodson) wrote on 2015-07-09:

This bug was fixed in the package firefox 39.0+build5-0ubuntu0.15.04.1

---
firefox (39.0+build5-0ubuntu0.15.04.1) vivid-security; urgency=medium

* New upstream stable release (FIREFOX_39_0_BUILD5)
- see USN-2656-1

  * Refresh patches
    - update debian/patches/unity-menubar.patch
    - update debian/patches/ubuntu-ua-string-changes.patch
  * Bundle our checkout of compare-locales in a different location, given
    that the Mozilla repo now contains a different version of it in the
    location we used previously
    - update debian/build/rules.mk
    - update debian/build/create-tarball.py

-- Chris Coulson <email address hidden> Mon, 29 Jun 2015 11:47:44 +0100

Changed in firefox (Ubuntu):
status:	Triaged → Fix Released

Revision history for this message

Mathew Hodson (mhodson) wrote on 2015-07-09:

This bug was fixed in the package nss 2:3.19.2-0ubuntu15.04.1

---
nss (2:3.19.2-0ubuntu15.04.1) vivid-security; urgency=medium

  * SECURITY UPDATE: update to upstream 3.19.2 to fix multiple security
    issues and get a new CA certificate bundle.
    - CVE-2015-2721
    - CVE-2015-2730
  * debian/libnss3.symbols: updated for new version.
  * debian/patches/relax_dh_size.patch: relax minimum DH size to 768 bits
    for compatibility reasons. This patch will get reverted in the future
    once servers have upgraded to longer DH sizes.

-- Marc Deslauriers <email address hidden> Wed, 08 Jul 2015 11:27:56 -0400

Changed in nss (Ubuntu):
status:	Triaged → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Bug attachments

Add attachment

Remote bug watches

mozilla-bugs #1138554
[RESOLVED FIXED] Edit

Bug watches keep track of this bug in other bug trackers.

Ubuntunss package

Firefox and Chromium still vulnerable against LOGJAM

Bug Description

CVE References

Other bug subscribers

Bug attachments

Remote bug watches

Ubuntu
nss package