CVE-2019-1559

Priority
Description
If an application encounters a fatal protocol error and then calls
SSL_shutdown() twice (once to send a close_notify, and once to receive one)
then OpenSSL can respond differently to the calling application if a 0 byte
record is received with invalid padding compared to if a 0 byte record is
received with an invalid MAC. If the application then behaves differently
based on that in a way that is detectable to the remote peer, then this
amounts to a padding oracle that could be used to decrypt data. In order
for this to be exploitable "non-stitched" ciphersuites must be in use.
Stitched ciphersuites are optimised implementations of certain commonly
used ciphersuites. Also the application must call SSL_shutdown() twice even
if a protocol error has occurred (applications should not do this but some
do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).
Notes
 mdeslaur> doesn't affect 1.1.x
 mdeslaur>
 mdeslaur> this fix is a workaround for applications that call
 mdeslaur> SSL_shutdown() twice even if a protocol error has occurred
 mdeslaur>
 mdeslaur> upstream fix uses error handling mechanism introduced in 1.0.2,
 mdeslaur> which isn't available in 1.0.1f. While we are unlikely to fix
 mdeslaur> this issue in Ubuntu 14.04 LTS, marking as deferred for now
 mdeslaur> in case the vulnerable applications are identified.
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (uses system openssl)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (uses system openssl)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (uses system openssl1.0)
Ubuntu 18.10 (Cosmic Cuttlefish):not-affected (uses system openssl1.0)
Ubuntu 19.04 (Disco Dingo):needs-triage
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):needed
Ubuntu 14.04 LTS (Trusty Tahr):deferred (2019-03-11)
Ubuntu 16.04 LTS (Xenial Xerus):released (1.0.2g-1ubuntu4.15)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (1.1.0g-2ubuntu4.3)
Ubuntu 18.10 (Cosmic Cuttlefish):not-affected (1.1.1-1ubuntu2.1)
Ubuntu 19.04 (Disco Dingo):not-affected (1.1.1a-1ubuntu2)
Patches:
Upstream:https://github.com/openssl/openssl/commit/e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):needs-triage
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):released (1.0.2n-1ubuntu5.3)
Ubuntu 18.10 (Cosmic Cuttlefish):released (1.0.2n-1ubuntu6.2)
Ubuntu 19.04 (Disco Dingo):DNE
More Information

Updated: 2019-03-19 11:32:17 UTC (commit 15472795df7e9de45b82f2d36b8b419b939f97b2)