Monthly Archives: January 2017

Redhat

Deprecation of Insecure Algorithms and Protocols in RHEL 6.9

Cryptographic protocols and algorithms have a limited lifetime—much like everything else in technology. Algorithms that provide cryptographic hashes and encryption as well as cryptographic protocols have a lifetime after which they are considered either too risky to use or plain insecure. In this post, we will describe the changes planned for the 6.9 release of Red Hat Enterprise Linux 6, which is already on Production Phase 2.

Balancing Legacy Use Cases and Modern Threats

For the RHEL operating system, which has its useful lifetime measured in decades, in addition to adding new features, it is necessary to periodically revisit default settings and phase out (or completely deprecate) protocols and algorithms the use of which—accidental or intentional—could cause irreparable damage. At the same time we must ensure that the vast majority of existing and legacy applications continues to operate without changes, as well as provide mechanisms for the administrator to revert any changes, when necessary, to the previous defaults.

What Are the Threats?

Given that any change in application or library default settings cannot be without side-effects, it is important to provide the context under which such changes are necessary. In the past few years, we’ve identified several protocol attacks with real-world impact that relied on obsolete and legacy algorithm and protocol configurations. A few prominent attacks are briefly described below:

  • DROWN in 2016; it relied on servers enabling the SSL 2.0 protocol, allowing the attackers to obtain sufficient information to decrypt other, unrelated TLS sessions.
  • SLOTH in 2016; it relied on clients enabling the MD5 algorithm, broken since 2004; it allowed attackers to decrypt TLS sessions.
  • LOGJAM and FREAK in 2015. While the details of the attacks differ, both of these attacks relied on export cryptography being enabled in the server, allowing an attacker to decrypt TLS sessions.

Why Would Insecure Configuration Remain Enabled?

While all of the exploited protocols and algorithms were known to be obsolete or insecure for more than a decade, the impact of these attacks was still high. That indicates that these obsolete protocols and algorithms were enabled on Internet servers possibly due to:

  • misconfiguration,
  • administrators’ hope of improving compatibility with legacy clients,
  • re-use of old configuration files.

Traditionally, we have not been very keen on deprecating algorithms and protocols throughout the RHEL timeline to avoid breaking existing and legacy applications. This was because of our belief that for an operating system, keeping operations going on is more important than addressing flaws that may not be applicable on every operating system setup.

Solution for RHEL 6.9

However, after considering these attacks and the fact that it is unrealistic to expect all administrators to keep up with cryptographic advances, we have decided to provide a protection net, which will prevent future cryptographic attacks due to accidental misconfiguration with legacy algorithms and protocols in default RHEL 6.9 installations.

No Export Ciphersuites and SSL 2.0

In particular, we will take steps that will ensure that the TLS ciphersuites marked as export, as well as the SSL 2.0 protocol, are completely removed from the operating system. These two points involve algorithms with no real-world use and a protocol that has been considered deprecated for more than 20 years. We will not provide a way to re-enable these options because we are convinced that these are primarily used to attack misconfigured systems rather than for real-world use cases.

Limited MD5, RC4, and DH

In addition, we will ensure that no application can be used with insecure signature-verification algorithms such as MD5, and that TLS client applications refuse to communicate with servers that advertise less than 1024-bit Diffie-Hellman parameters. The latter would ensure that LOGJAM-style of attacks are prevented. Furthermore, we will disable the usage of RC4 in contexts where this will not introduce compatibility issues.

All-around Application Support for TLS 1.2

While deprecating insecure algorithms and protocols protects applications running in RHEL from future attacks taking advantage of them, it is also important, given that RHEL 6.9 entered Production Phase 2, to provide a solid cryptographic base for the remaining lifetime of the product. For that we will ensure that all the back-end cryptographic components support TLS 1.2, allowing new applications to be deployed and used during its lifetime.

Summary of Changes to Cryptographic Back-ends in RHEL 6.9

Introduced change Description Revertable
TLS 1.2 protocol The protocol is made available to all shipped cryptographic libraries and enabled by default. N/A
SSL 2.0 protocol The shipped TLS libraries will no longer include support for the SSL 2.0 protocol. No
Export TLS ciphersuites The shipped TLS libraries will no longer include support for Export TLS ciphersuites. No
TLS Diffie-Hellman key exchange Only parameters larger than 1024-bits will be accepted by default.1 Yes. Administrators can revert this setting system-wide (information will provided in the release notes).
MD5 algorithm for digital signatures The algorithm will not be enabled by default for TLS sessions or certificate verification on any of the TLS libraries we ship. Yes. Administrators can revert this setting system-wide (information will provided in the release notes).
RC4 algorithm The algorithm will no longer be enabled by default for OpenSSH sessions. Yes. Administrators can revert this setting system-wide (information will provided in the release notes).

  1. This, exceptionally, applies only to OpenSSL, GnuTLS, and NSS cryptographic back-ends, not to Java/OpenJDK. 

Product

Red Hat Enterprise Linux

Security

Red Hat Security Advisory 2017-0004-01

Red Hat Security Advisory 2017-0004-01 – The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A flaw was found in the way the Linux kernel’s networking subsystem handled offloaded packets with multiple layers of encapsulation in the GRO code path. A remote attacker could use this flaw to trigger unbounded recursion in the kernel that could lead to stack corruption, resulting in a system crash.

Security

Red Hat Security Advisory 2017-0003-01

Red Hat Security Advisory 2017-0003-01 – The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups.

Panda Security

Five Takeaways from the Security Crisis of 2016

This year we have witnessed Yahoo acknowledge the greatest data breach in history. In September, the Internet giant admitted to the theft of at least 500 million email addresses, passwords, usernames, dates of birth, phone numbers, and, in some cases, security questions with their corresponding responses. Shortly thereafter, in December, the company announced that up to 1 billion accounts may have been compromised in a different breach.

This wasn’t the only major security crisis of 2016. The personal data of Snapchat employees (names, Social Security numbers, salaries…) fell in the wrong hands because of a con known as “whaling”. Cyber criminals impersonated Evan Spiegel, the company’s CEO, in order to obtain the data in question.

The credentials of 117 million LinkedIn users, 68 million Dropbox users, and 1.5 million Verizon customers also fell into the hands of cybercriminals, some of which went up for sale on the dark web. There are a few lessons we can learn from this and other unsettling news items we’ve seen in 2016.

1- No Password is Safe

At this point, following the theft of such an enormous quantity of information, one can assume that any password that is a couple years old is compromised. There is no service that is significantly safer to use than others, and none that we should trust blindly. It follows that the most sensible thing to do is to change all passwords that have been in use for a period of time. Reusing passwords unnecessarily puts the user at risk.

2- Security Questions Are Part of the Problem

As soon as they learned about their data breach, Yahoo disabled security questions like “when is your mother’s birthday?” and “what color was your first car?”. It’s no longer only a matter of whether the answers can be found by digging into potential victims’ profiles on social networks, but also of the fact that many answers have been directly stolen. Unlike passwords, this kind of data does not change. Substituting it for false data would be tantamount to creating a second password. In other words, the risk of forgetting it is still there, which obviously defeats its purpose as a means of password recovery. The remedy becomes worse than the original problem.

3- Delete Registration Emails

Cybercriminals place increasingly more value on web users’ emails and passwords. This comes as no surprise, since emails can be the door to many other things. If your password is stolen from one service, and you use the same one for email, intruders will have access to whatever recovery email they need for any other service you have an account at. What’s more, they can look through old messages for registration emails to find out where you’ve been signed up before. This is easily avoided by deleting registration emails as soon as you receive them.

4- Bigger Fish to Fry?

If you’re running a company, however small, don’t make the mistake of thinking that data theft only affects the giants. In fact, it’s easier and more profitable for cybercriminals to target small business. Not only have attacks on small businesses been on the rise, but also their consequences are much more severe. The smaller the company, the greater the risk of a security crisis wiping it out.

5- Be Transparent and React Quickly

If the worst should happen, notifying your customers or users that their confidential information has been stolen should not be taken lightly. It’s important to let them know right away, with as much detail as possible and without downplaying the potential risks. Hiding or disguising the truth can only make things worse. For starters, those who have been affected will not be able to change their passwords as quickly as they should. Finally, your credibility is at stake. The damages done to it will grow the more time that passes between the breach and your announcement of it.

 

The post Five Takeaways from the Security Crisis of 2016 appeared first on Panda Security Mediacenter.

Fedora

subversion-1.9.5-1.fc25

This update includes the latest stable release of _Apache Subversion_, version **1.9.5**.

#### Client-side bugfixes:
* fix accessing non-existent paths during reintegrate merge
* fix handling of newly secured subdirectories in working copy
* info: remove trailing whitespace in –show-item=revision ([issue 4660](http://subversion.tigris.org/issues/show_bug.cgi?id=4660))
* fix recording wrong revisions for tree conflicts
* gpg-agent: improve discovery of gpg-agent sockets
* gpg-agent: fix file descriptor leak
* resolve: fix –accept=mine-full for binary files ([issue 4647](http://subversion.tigris.org/issues/show_bug.cgi?id=4647))
* merge: fix possible crash ([issue 4652](http://subversion.tigris.org/issues/show_bug.cgi?id=4652))
* resolve: fix possible crash
* fix potential crash in Win32 crash reporter
#### Server-side bugfixes:
* fsfs: fix “offset too large” error during pack ([issue 4657](http://subversion.tigris.org/issues/show_bug.cgi?id=4657))
* svnserve: enable hook script environments
* fsfs: fix possible data reconstruction error ([issue 4658](http://subversion.tigris.org/issues/show_bug.cgi?id=4658))
* fix source of spurious ‘incoming edit’ tree conflicts
* fsfs: improve caching for large directories
* fsfs: fix crash when encountering all-zero checksums
* fsfs: fix potential source of repository corruptions
* mod_dav_svn: fix excessive memory usage with mod_headers/mod_deflate
([issue 3084](http://subversion.tigris.org/issues/show_bug.cgi?id=3084))
* mod_dav_svn: reduce memory usage during GET requests
* fsfs: fix unexpected “database is locked” errors
* fsfs: fix opening old repositories without db/format files
#### Client-side and server-side bugfixes:
* fix possible crash when reading invalid configuration files
#### Bindings bugfixes:
* swig-pl: do not corrupt “{DATE}” revision variable
* javahl: fix temporary accepting SSL server certificates
* swig-pl: fix possible stack corruption

Typo3

Remote Code Execution in third party library swiftmailer

Component Type: TYPO3 CMS

Release Date: January 3, 2017

 

Vulnerability Type: Remote Code Execution

Affected Versions: 6.2.0 to 6.2.29, 7.6.0 to 7.6.14 and 8.0.0 to 8.5.0

Severity: Low

Suggested CVSS v2.0: AV:N/AC:L/Au:S/C:N/I:P/A:N/E:F/RL:O/RC:C

CVE: not assigned yet

Problem Description: TYPO3 uses the package swiftmailer/swiftmailer for mail actions. This package is known to be vulnerable to Remote Code Execution.

Solution: Update to TYPO3 versions 6.2.30, 7.6.15 or 8.5.1 that ship an updated package.

Additional Information: The swiftmailer package has deprecated its support for mail()-Transport. To prevent a possible exploit we recommend to configure the TYPO3 MAIL settings to use any other transport method than mail. Further information about the swiftmailer vulnerability can be found at https://legalhackers.com/advisories/SwiftMailer-Exploit-Remote-Code-Exec-CVE-2016-10074-Vuln.html.

 

General Advice: Follow the recommendations that are given in the TYPO3 Security Guide. Please subscribe to the typo3-announce mailing list.

General Note: All security related code changes are tagged so that you can easily look them up on our review system.