Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2019-1559

Published: 26 February 2019

If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).

Notes

AuthorNote
mdeslaur
doesn't affect 1.1.x

this fix is a workaround for applications that call
SSL_shutdown() twice even if a protocol error has occurred

upstream fix uses error handling mechanism introduced in 1.0.2,
which isn't available in 1.0.1f. While we are unlikely to fix
this issue in Ubuntu 14.04 LTS, marking as deferred for now
in case the vulnerable applications are identified.

Priority

Medium

Cvss 3 Severity Score

5.9

Score breakdown

Status

Package Release Status
openssl1.0
Launchpad, Ubuntu, Debian
xenial Does not exist

bionic
Released (1.0.2n-1ubuntu5.3)
cosmic
Released (1.0.2n-1ubuntu6.2)
disco Does not exist

eoan Does not exist

focal Does not exist

trusty Does not exist

upstream Needs triage

nodejs
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(uses system openssl1.0)
cosmic Not vulnerable
(uses system openssl1.0)
disco Not vulnerable
(uses system openssl1.1)
eoan Not vulnerable
(uses system openssl1.1)
focal Not vulnerable
(uses system openssl1.1)
trusty Not vulnerable
(uses system openssl)
upstream Needs triage

xenial Not vulnerable
(uses system openssl)
openssl
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(1.1.0g-2ubuntu4.3)
cosmic Not vulnerable
(1.1.1-1ubuntu2.1)
disco Not vulnerable
(1.1.1a-1ubuntu2)
eoan Not vulnerable
(1.1.1a-1ubuntu2)
focal Not vulnerable
(1.1.1a-1ubuntu2)
trusty
Released (1.0.1f-1ubuntu2.27+esm1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only)
upstream Needs triage

xenial
Released (1.0.2g-1ubuntu4.15)
Patches:
upstream: https://github.com/openssl/openssl/commit/e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e
openssl098
Launchpad, Ubuntu, Debian
bionic Does not exist

cosmic Does not exist

disco Does not exist

eoan Does not exist

focal Does not exist

trusty Does not exist
(trusty was needs-triage)
upstream Needs triage

xenial Does not exist

Severity score breakdown

Parameter Value
Base score 5.9
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Scope Unchanged
Confidentiality High
Integrity impact None
Availability impact None
Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N