[SRU] revert security-regression in Focal's libcrypto++
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| libcrypto++ (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
| Focal |
Incomplete
|
Undecided
|
Unassigned | ||
Bug Description
[ Impact ]
Focal's libcrypto++ 5.6.4-9 regresses elliptic curve generation. Uploading
this version from Debian appears to have been a mistake.
This is a security regression, but was not published through the security
pocket.
As far as I am aware, Debian only packaged 5.6.4-9 in sid. Buster's latest
version is 5.6.4-8: the version immediately before the regression.
This version includes an _incomplete_ security patch for CVE-2019-14318
which breaks elliptic curve arithmetic.
- https:/
security patch is incomplete.
- https:/
states that the 2019 patch (which 5.6 and 8.3.0 received) has a
regression.
See https:/
deeper exploration of this Ubuntu Focal issue.
The root cause of LP#1893934 appears to be caused by this regression.
- As reported on the urbackup forums, rolling back to the previous
version solves this crash.
- https:/
[ Test Plan ]
1. To test the regression:
Compile and use @ekera[
```
$ g++ main.cpp -lcryptopp -o test
$ ./test
```
The PoC will report `X is *NOT* as expected.` on miscomputations.
See https:/
Both Bionic 18.04.06 (libcrypto++ version 5.6.4-8) and Jammy 22.04.04
(libcrypto++ version 8.6.0-2ubuntu1) had the expected result. Focal fails
with 5.6.4-8. Rolling back the version allows the PoC test to past. Using
a version built with the attached debdiff also passes the PoC.
2. Package tests:
All package build tests pass regardless of the regression. Checking that
new failures do not occur is a sanity test.
To test builtin tests run: `cd /usr/share/crypto++ && cryptest v`
X. Note:
Unfortunately there are no autopkgtests.
`reverse-depends -r focal src:libcrypto++` includes five, possibly minor,
reverse dependencies.
libcrypto++ is mostly used as a dependency outside of the Ubuntu Archive.
i.e., we have low visibility on how this package is used.
I am hoping that the PoC and built in tests are enough to prove the sanity
of this security regression SRU.
[ Other Info ]
A big thank you to Martin Ekerå (@ekera[
issue and writing a thorough bug report and PoC on GitHub \o/
This is my first SRU. I need a sponsor and help tagging on LP.
I have performed the Test Plan.
The fix solely involves on removing a d/patch file.
Removing the patch causes the following (expected) symbol changes in
./usr/lib/
```
+CryptoPP:
+std::vector<
+void std::vector<
```
[ Where problems could occur ]
Two systems both using software based on the regressed version of Crypto++
*could possibly* communicate through incorrectly generated keys together.
This seems unlikely and, if it is even possible, we should discourage or
even break the use of miscalculated elliptic curves.
A regression in reverting the regressed patch is possible.
CVE References
| Mark Esler (eslerm) wrote | #1 |
| Mark Esler (eslerm) wrote | #2 |
| description: | updated |
| description: | updated |
| Ubuntu Foundations Team Bug Bot (crichton) wrote | #3 |
| tags: | added: patch |
| Mark Esler (eslerm) wrote | #4 |
| affects: | libcrypto++ (Ubuntu) → ubuntu |
| Changed in ubuntu: | |
| status: | New → Invalid |
| Mark Esler (eslerm) wrote | #5 |
| affects: | ubuntu → libcrypto++ (Ubuntu) |
| Dan Bungert (dbungert) wrote | #6 |
| Changed in libcrypto++ (Ubuntu Focal): | |
| assignee: | Dan Bungert (dbungert) → nobody |
| status: | New → Fix Committed |
| Andreas Hasenack (ahasenack) wrote | #7 |
| Changed in libcrypto++ (Ubuntu Focal): | |
| status: | Fix Committed → Incomplete |
| Robie Basak (racb) wrote | #8 |
The attachment "libcrypto+
[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issue please contact him.]