Bug 1111634 (CVE-2018-1000808) - VUL-1: CVE-2018-1000808: python-pyOpenSSL: Failure to Release Memory Before Removing Last Reference vulnerability in PKCS #12 Store
Summary: VUL-1: CVE-2018-1000808: python-pyOpenSSL: Failure to Release Memory Before R...
Status: RESOLVED FIXED
Alias: CVE-2018-1000808
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/216361/
Whiteboard: CVSSv3:SUSE:CVE-2018-1000808:3.7:(AV:...
Keywords:
Depends on:
Blocks:
 
Reported: 2018-10-12 11:19 UTC by Karol Babioch
Modified: 2024-05-13 17:00 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Karol Babioch 2018-10-12 11:19:23 UTC 
CVE-2018-1000808

Python Cryptographic Authority pyopenssl version Before 17.5.0 contains a
CWE - 401 : Failure to Release Memory Before Removing Last Reference
vulnerability in PKCS #12 Store that can result in Denial of service if
memory runs low or is exhausted. This attack appear to be exploitable via
Depends upon calling application, however it could be as simple as
initiating a TLS connection. Anything that would cause the calling
application to reload certificates from a PKCS #12 store.. This
vulnerability appears to have been fixed in 17.5.0.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1000808
http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1000808.html
Comment 1 Matej Cepl 2018-10-12 14:22:09 UTC 
Fix should be in https://github.com/pyca/pyopenssl/pull/723
Comment 12 Swamp Workflow Management 2018-12-10 17:21:23 UTC 
SUSE-SU-2018:4063-1: An update that solves two vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1021578,1111634,1111635
CVE References: CVE-2018-1000807,CVE-2018-1000808
Sources used:
SUSE OpenStack Cloud 7 (src):    python-cryptography-1.3.1-7.13.4, python-pyOpenSSL-16.0.0-4.11.3, python-setuptools-18.0.1-4.8.1
SUSE OpenStack Cloud 6-LTSS (src):    python-setuptools-18.0.1-4.8.1
SUSE Linux Enterprise Software Development Kit 12-SP4 (src):    python-setuptools-18.0.1-4.8.1
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    python-setuptools-18.0.1-4.8.1
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    python-cryptography-1.3.1-7.13.4, python-pyOpenSSL-16.0.0-4.11.3, python-setuptools-18.0.1-4.8.1
SUSE Linux Enterprise Server 12-SP4 (src):    python-cryptography-1.3.1-7.13.4, python-pyOpenSSL-16.0.0-4.11.3, python-setuptools-18.0.1-4.8.1
SUSE Linux Enterprise Server 12-SP3 (src):    python-cryptography-1.3.1-7.13.4, python-pyOpenSSL-16.0.0-4.11.3, python-setuptools-18.0.1-4.8.1
SUSE Linux Enterprise Server 12-SP2-LTSS (src):    python-cryptography-1.3.1-7.13.4, python-pyOpenSSL-16.0.0-4.11.3, python-setuptools-18.0.1-4.8.1
SUSE Linux Enterprise Server 12-SP2-BCL (src):    python-cryptography-1.3.1-7.13.4, python-pyOpenSSL-16.0.0-4.11.3, python-setuptools-18.0.1-4.8.1
SUSE Linux Enterprise Server 12-SP1-LTSS (src):    python-setuptools-18.0.1-4.8.1
SUSE Linux Enterprise Module for Public Cloud 12 (src):    python-setuptools-18.0.1-4.8.1
SUSE Linux Enterprise Module for Containers 12 (src):    python-setuptools-18.0.1-4.8.1
SUSE Linux Enterprise Desktop 12-SP4 (src):    python-cryptography-1.3.1-7.13.4, python-pyOpenSSL-16.0.0-4.11.3, python-setuptools-18.0.1-4.8.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    python-cryptography-1.3.1-7.13.4, python-pyOpenSSL-16.0.0-4.11.3, python-setuptools-18.0.1-4.8.1
SUSE Enterprise Storage 4 (src):    python-cryptography-1.3.1-7.13.4, python-pyOpenSSL-16.0.0-4.11.3, python-setuptools-18.0.1-4.8.1
SUSE CaaS Platform ALL (src):    python-cryptography-1.3.1-7.13.4, python-setuptools-18.0.1-4.8.1
SUSE CaaS Platform 3.0 (src):    python-cryptography-1.3.1-7.13.4, python-pyOpenSSL-16.0.0-4.11.3, python-setuptools-18.0.1-4.8.1
OpenStack Cloud Magnum Orchestration 7 (src):    python-cryptography-1.3.1-7.13.4, python-setuptools-18.0.1-4.8.1
Comment 15 Swamp Workflow Management 2019-04-02 16:26:44 UTC 
openSUSE-SU-2019:1104-1: An update that solves two vulnerabilities and has three fixes is now available.

Category: security (important)
Bug References: 1021578,1052927,1111634,1111635,1119077
CVE References: CVE-2018-1000807,CVE-2018-1000808
Sources used:
openSUSE Leap 42.3 (src):    python-cryptography-1.3.1-5.3.1, python-pyOpenSSL-16.0.0-5.8.2

*** NOTE: This information is not intended to be used for external
    communication, because this may only be a partial fix.
    If you have questions please reach out to maintenance coordination.
Comment 17 Swamp Workflow Management 2019-05-06 16:15:40 UTC 
SUSE-RU-2019:1161-1: An update that solves two vulnerabilities and has 18 fixes is now available.

Category: recommended (moderate)
Bug References: 1063535,1094690,1105822,1111634,1111635,1114632,1116501,1116686,1122053,1122237,1122875,1124017,1124022,1125180,1125216,1127752,1128479,1128928,1130414,127227
CVE References: CVE-2018-1000807,CVE-2018-1000808
Sources used:
SUSE OpenStack Cloud Crowbar 8 (src):    crowbar-5.0+git.1551088826.010c0399-3.12.2, crowbar-core-5.0+git.1552461227.43e65d269-3.20.2, crowbar-ha-5.0+git.1553248675.7e103ea-3.14.2, crowbar-openstack-5.0+git.1554709170.195ba0e26-4.22.2, documentation-suse-openstack-cloud-deployment-8.20190329-1.14.2, documentation-suse-openstack-cloud-supplement-8.20190329-1.14.2, documentation-suse-openstack-cloud-upstream-admin-8.20190329-1.14.2, documentation-suse-openstack-cloud-upstream-user-8.20190329-1.14.2, galera-python-clustercheck-0.0+git.1506329536.8f5878c-4.3.2, openstack-dashboard-12.0.4~dev5-3.17.3, openstack-ec2-api-5.0.1~dev10-4.6.2, openstack-heat-9.0.6~dev17-3.15.3, openstack-heat-doc-9.0.6~dev17-3.15.2, openstack-heat-templates-0.0.0+git.1553459627.948e8cc-3.9.2, openstack-horizon-plugin-ironic-ui-3.0.4~dev3-3.6.2, openstack-horizon-plugin-magnum-ui-3.0.1~dev9-3.6.2, openstack-horizon-plugin-sahara-ui-7.0.4~dev1-3.6.2, openstack-ironic-9.1.7~dev7-3.15.3, openstack-ironic-doc-9.1.7~dev7-3.15.2, openstack-keystone-12.0.3~dev1-5.16.3, openstack-keystone-doc-12.0.3~dev1-5.16.2, openstack-magnum-5.0.2~dev31-4.12.3, openstack-magnum-doc-5.0.2~dev31-4.12.2, openstack-manila-5.0.4~dev17-3.15.3, openstack-manila-doc-5.0.4~dev17-3.15.2, openstack-monasca-api-2.2.1~dev25-3.9.3, openstack-monasca-notification-1.10.2~dev2-3.6.3, openstack-monasca-persister-1.7.1~dev8-3.6.3, openstack-murano-4.0.1~dev5-3.6.2, openstack-murano-doc-4.0.1~dev5-3.6.2, openstack-neutron-11.0.7~dev100-3.15.3, openstack-neutron-doc-11.0.7~dev100-3.15.2, openstack-neutron-fwaas-11.0.2~dev8-3.11.2, openstack-neutron-fwaas-doc-11.0.2~dev8-3.11.2, openstack-nova-16.1.8~dev53-3.20.3, openstack-nova-doc-16.1.8~dev53-3.20.2, openstack-octavia-1.0.5~dev1-4.15.2, openstack-sahara-7.0.4~dev1-3.9.3, openstack-sahara-doc-7.0.4~dev1-3.9.2, openstack-swift-2.15.2~dev32-3.6.2, openstack-swift-doc-2.15.2~dev32-3.6.2, openstack-tempest-17.0.0-4.6.2, python-cinderclient-3.1.1-3.3.2, python-cryptography-2.0.3-3.7.2, python-monasca-common-2.3.1~dev4-4.6.2, python-os-brick-1.15.8-3.3.2
SUSE OpenStack Cloud 8 (src):    ardana-ansible-8.0+git.1553878455.7439e04-3.58.2, ardana-cobbler-8.0+git.1550694449.df88054-3.35.2, ardana-db-8.0+git.1550589454.df2e733-3.22.2, ardana-heat-8.0+git.1552935705.e9a92b3-3.9.2, ardana-manila-8.0+git.1551748668.7427826-1.15.2, ardana-neutron-8.0+git.1551113207.9f1db17-3.27.2, ardana-nova-8.0+git.1551718533.227cb9e-3.26.2, ardana-octavia-8.0+git.1553890679.8a50307-3.14.2, ardana-osconfig-8.0+git.1552503158.6b6b195-3.33.2, ardana-service-8.0+git.1551382173.a81d5e1-3.23.2, ardana-ses-8.0+git.1554145115.63a4cf2-1.17.2, ardana-swift-8.0+git.1551502730.f4d219d-3.24.2, ardana-tempest-8.0+git.1554307220.ed24e63-3.18.2, documentation-suse-openstack-cloud-installation-8.20190329-1.14.2, documentation-suse-openstack-cloud-operations-8.20190329-1.14.2, documentation-suse-openstack-cloud-opsconsole-8.20190329-1.14.2, documentation-suse-openstack-cloud-planning-8.20190329-1.14.2, documentation-suse-openstack-cloud-security-8.20190329-1.14.2, documentation-suse-openstack-cloud-supplement-8.20190329-1.14.2, documentation-suse-openstack-cloud-upstream-admin-8.20190329-1.14.2, documentation-suse-openstack-cloud-upstream-user-8.20190329-1.14.2, documentation-suse-openstack-cloud-user-8.20190329-1.14.2, galera-python-clustercheck-0.0+git.1506329536.8f5878c-4.3.2, openstack-dashboard-12.0.4~dev5-3.17.3, openstack-ec2-api-5.0.1~dev10-4.6.2, openstack-heat-9.0.6~dev17-3.15.3, openstack-heat-doc-9.0.6~dev17-3.15.2, openstack-heat-templates-0.0.0+git.1553459627.948e8cc-3.9.2, openstack-horizon-plugin-ironic-ui-3.0.4~dev3-3.6.2, openstack-horizon-plugin-magnum-ui-3.0.1~dev9-3.6.2, openstack-horizon-plugin-sahara-ui-7.0.4~dev1-3.6.2, openstack-ironic-9.1.7~dev7-3.15.3, openstack-ironic-doc-9.1.7~dev7-3.15.2, openstack-keystone-12.0.3~dev1-5.16.3, openstack-keystone-doc-12.0.3~dev1-5.16.2, openstack-magnum-5.0.2~dev31-4.12.3, openstack-magnum-doc-5.0.2~dev31-4.12.2, openstack-manila-5.0.4~dev17-3.15.3, openstack-manila-doc-5.0.4~dev17-3.15.2, openstack-monasca-api-2.2.1~dev25-3.9.3, openstack-monasca-notification-1.10.2~dev2-3.6.3, openstack-monasca-persister-1.7.1~dev8-3.6.3, openstack-murano-4.0.1~dev5-3.6.2, openstack-murano-doc-4.0.1~dev5-3.6.2, openstack-neutron-11.0.7~dev100-3.15.3, openstack-neutron-doc-11.0.7~dev100-3.15.2, openstack-neutron-fwaas-11.0.2~dev8-3.11.2, openstack-neutron-fwaas-doc-11.0.2~dev8-3.11.2, openstack-nova-16.1.8~dev53-3.20.3, openstack-nova-doc-16.1.8~dev53-3.20.2, openstack-octavia-1.0.5~dev1-4.15.2, openstack-sahara-7.0.4~dev1-3.9.3, openstack-sahara-doc-7.0.4~dev1-3.9.2, openstack-swift-2.15.2~dev32-3.6.2, openstack-swift-doc-2.15.2~dev32-3.6.2, openstack-tempest-17.0.0-4.6.2, python-cinderclient-3.1.1-3.3.2, python-cryptography-2.0.3-3.7.2, python-monasca-common-2.3.1~dev4-4.6.2, python-os-brick-1.15.8-3.3.2, venv-openstack-aodh-5.1.1~dev6-12.14.3, venv-openstack-barbican-5.0.2~dev2-12.15.3, venv-openstack-ceilometer-9.0.7~dev2-12.12.3, venv-openstack-cinder-11.1.2~dev58-14.15.3, venv-openstack-designate-5.0.3~dev6-12.13.3, venv-openstack-freezer-5.0.0.0~xrc2~dev2-10.10.3, venv-openstack-glance-15.0.2~dev9-12.13.3, venv-openstack-heat-9.0.6~dev17-12.15.3, venv-openstack-horizon-12.0.4~dev5-14.20.3, venv-openstack-ironic-9.1.7~dev7-12.15.3, venv-openstack-keystone-12.0.3~dev1-11.15.3, venv-openstack-magnum-5.0.2-11.13.1, venv-openstack-manila-5.0.4~dev17-12.17.3, venv-openstack-monasca-2.2.1-11.11.1, venv-openstack-monasca-ceilometer-1.5.1-8.9.1, venv-openstack-murano-4.0.1-12.9.1, venv-openstack-neutron-11.0.2-13.17.1, venv-openstack-nova-16.1.8~dev53-11.16.3, venv-openstack-octavia-1.0.5~dev1-12.15.3, venv-openstack-sahara-7.0.4~dev1-11.14.3, venv-openstack-swift-2.15.2-11.9.1, venv-openstack-trove-8.0.1~dev12-11.14.3
HPE Helion Openstack 8 (src):    ardana-ansible-8.0+git.1553878455.7439e04-3.58.2, ardana-cobbler-8.0+git.1550694449.df88054-3.35.2, ardana-db-8.0+git.1550589454.df2e733-3.22.2, ardana-heat-8.0+git.1552935705.e9a92b3-3.9.2, ardana-manila-8.0+git.1551748668.7427826-1.15.2, ardana-neutron-8.0+git.1551113207.9f1db17-3.27.2, ardana-nova-8.0+git.1551718533.227cb9e-3.26.2, ardana-octavia-8.0+git.1553890679.8a50307-3.14.2, ardana-osconfig-8.0+git.1552503158.6b6b195-3.33.2, ardana-service-8.0+git.1551382173.a81d5e1-3.23.2, ardana-ses-8.0+git.1554145115.63a4cf2-1.17.2, ardana-swift-8.0+git.1551502730.f4d219d-3.24.2, ardana-tempest-8.0+git.1554307220.ed24e63-3.18.2, documentation-hpe-helion-openstack-installation-8.20190329-1.14.2, documentation-hpe-helion-openstack-operations-8.20190329-1.14.2, documentation-hpe-helion-openstack-opsconsole-8.20190329-1.14.2, documentation-hpe-helion-openstack-planning-8.20190329-1.14.2, documentation-hpe-helion-openstack-security-8.20190329-1.14.2, documentation-hpe-helion-openstack-user-8.20190329-1.14.2, galera-python-clustercheck-0.0+git.1506329536.8f5878c-4.3.2, openstack-dashboard-12.0.4~dev5-3.17.3, openstack-ec2-api-5.0.1~dev10-4.6.2, openstack-heat-9.0.6~dev17-3.15.3, openstack-heat-doc-9.0.6~dev17-3.15.2, openstack-heat-templates-0.0.0+git.1553459627.948e8cc-3.9.2, openstack-horizon-plugin-ironic-ui-3.0.4~dev3-3.6.2, openstack-horizon-plugin-magnum-ui-3.0.1~dev9-3.6.2, openstack-horizon-plugin-sahara-ui-7.0.4~dev1-3.6.2, openstack-ironic-9.1.7~dev7-3.15.3, openstack-ironic-doc-9.1.7~dev7-3.15.2, openstack-keystone-12.0.3~dev1-5.16.3, openstack-keystone-doc-12.0.3~dev1-5.16.2, openstack-magnum-5.0.2~dev31-4.12.3, openstack-magnum-doc-5.0.2~dev31-4.12.2, openstack-manila-5.0.4~dev17-3.15.3, openstack-manila-doc-5.0.4~dev17-3.15.2, openstack-monasca-api-2.2.1~dev25-3.9.3, openstack-monasca-notification-1.10.2~dev2-3.6.3, openstack-monasca-persister-1.7.1~dev8-3.6.3, openstack-murano-4.0.1~dev5-3.6.2, openstack-murano-doc-4.0.1~dev5-3.6.2, openstack-neutron-11.0.7~dev100-3.15.3, openstack-neutron-doc-11.0.7~dev100-3.15.2, openstack-neutron-fwaas-11.0.2~dev8-3.11.2, openstack-neutron-fwaas-doc-11.0.2~dev8-3.11.2, openstack-nova-16.1.8~dev53-3.20.3, openstack-nova-doc-16.1.8~dev53-3.20.2, openstack-octavia-1.0.5~dev1-4.15.2, openstack-sahara-7.0.4~dev1-3.9.3, openstack-sahara-doc-7.0.4~dev1-3.9.2, openstack-swift-2.15.2~dev32-3.6.2, openstack-swift-doc-2.15.2~dev32-3.6.2, openstack-tempest-17.0.0-4.6.2, python-cinderclient-3.1.1-3.3.2, python-cryptography-2.0.3-3.7.2, python-monasca-common-2.3.1~dev4-4.6.2, python-os-brick-1.15.8-3.3.2, venv-openstack-aodh-5.1.1~dev6-12.14.3, venv-openstack-barbican-5.0.2~dev2-12.15.3, venv-openstack-ceilometer-9.0.7~dev2-12.12.3, venv-openstack-cinder-11.1.2~dev58-14.15.3, venv-openstack-designate-5.0.3~dev6-12.13.3, venv-openstack-freezer-5.0.0.0~xrc2~dev2-10.10.3, venv-openstack-glance-15.0.2~dev9-12.13.3, venv-openstack-heat-9.0.6~dev17-12.15.3, venv-openstack-horizon-hpe-12.0.4~dev5-14.20.3, venv-openstack-ironic-9.1.7~dev7-12.15.3, venv-openstack-keystone-12.0.3~dev1-11.15.3, venv-openstack-magnum-5.0.2-11.13.1, venv-openstack-manila-5.0.4~dev17-12.17.3, venv-openstack-monasca-2.2.1-11.11.1, venv-openstack-monasca-ceilometer-1.5.1-8.9.1, venv-openstack-murano-4.0.1-12.9.1, venv-openstack-neutron-11.0.2-13.17.1, venv-openstack-nova-16.1.8~dev53-11.16.3, venv-openstack-octavia-1.0.5~dev1-12.15.3, venv-openstack-sahara-7.0.4~dev1-11.14.3, venv-openstack-swift-2.15.2-11.9.1, venv-openstack-trove-8.0.1~dev12-11.14.3

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 26 Maintenance Automation 2024-05-13 16:30:03 UTC 
SUSE-SU-2024:1626-1: An update that solves two vulnerabilities and has one security fix can now be installed.

Category: security (important)
Bug References: 1021578, 1111634, 1111635
CVE References: CVE-2018-1000807, CVE-2018-1000808
Maintenance Incident: [SUSE:Maintenance:33804](https://smelt.suse.de/incident/33804/)
Sources used:
SUSE Linux Enterprise High Performance Computing 12 SP5 (src):
 python-pyOpenSSL-17.1.0-4.26.1
SUSE Linux Enterprise Server 12 SP5 (src):
 python-pyOpenSSL-17.1.0-4.26.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src):
 python-pyOpenSSL-17.1.0-4.26.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.