Arch Linux 804 Published by

The following two security updates has been released for Arch Linux:

ASA-201809-3: zsh: insufficient validation
ASA-201809-4: strongswan: authentication bypass



ASA-201809-3: zsh: insufficient validation

Arch Linux Security Advisory ASA-201809-3
=========================================

Severity: Low
Date : 2018-09-24
CVE-ID : CVE-2018-0502 CVE-2018-13259
Package : zsh
Type : insufficient validation
Remote : No
Link : https://security.archlinux.org/AVG-764

Summary
=======

The package zsh before version 5.6-1 is vulnerable to insufficient
validation.

Resolution
==========

Upgrade to 5.6-1.

# pacman -Syu "zsh>=5.6-1"

The problems have been fixed upstream in version 5.6.

Workaround
==========

None.

Description
===========

- CVE-2018-0502 (insufficient validation)

An issue was discovered in zsh before 5.6. The beginning of a #! script
file was mishandled, potentially leading to an execve call to a program
named on the second line.

- CVE-2018-13259 (insufficient validation)

An issue was discovered in zsh before 5.6. Shebang lines exceeding 64
characters were truncated, potentially leading to an execve call to a
program name that is a substring of the intended one.

Impact
======

A local attacker is able to execute arbitrary commands via a specially
crafted shell script.

References
==========

https://www.zsh.org/mla/zsh-announce/136
https://bugs.debian.org/908000
https://sourceforge.net/p/zsh/code/ci/1c4c7b6a4d17294df028322b70c53803a402233d
https://security.archlinux.org/CVE-2018-0502
https://security.archlinux.org/CVE-2018-13259


ASA-201809-4: strongswan: authentication bypass

Arch Linux Security Advisory ASA-201809-4
=========================================

Severity: High
Date : 2018-09-24
CVE-ID : CVE-2018-16151 CVE-2018-16152
Package : strongswan
Type : authentication bypass
Remote : Yes
Link : https://security.archlinux.org/AVG-769

Summary
=======

The package strongswan before version 5.7.0-1 is vulnerable to
authentication bypass.

Resolution
==========

Upgrade to 5.7.0-1.

# pacman -Syu "strongswan>=5.7.0-1"

The problems have been fixed upstream in version 5.7.0.

Workaround
==========

If the gmp plugin is loaded, make sure that none of the employed keys
and certificates (including those of CAs) use keys with e = 3.
Strongswan's tool to generate keys (pki --gen) always used e = 65537
(0x10001), which is not vulnerable, so certificates and keys generated
with this tool are fine for use even with an unpatched gmp plugin.

Description
===========

- CVE-2018-16151 (authentication bypass)

The OID parser allows any number of random bytes after a valid OID for
a PKCS#1.5 signature. The asn1_known_oid() function just parses until
it finds a leaf in the tree of known OIDs, any further data that
follows is simply ignored. And the function that parses ASN.1
algorithmIdentifier structures doesn't care if the full OID data was
parsed as it usually doesn't really matter. A missing check to reject
junk and random key parameters allows attackers to carry out a
Bleichenbacher-style attack on low-exponent keys and create forged
signatures.

- CVE-2018-16152 (authentication bypass)

The algorithmIdentifier structure on a PKCS#1.5 signature contains an
optional parameters field. While none of the algorithms used with
PKCS#1 use parameters, i.e. the field should always be encoded as ASN.1
NULL value, the strongswan decoder doesn't enforce this and simply
skips over the parameters. This allows an attacker to fill the field
with random data which allows to carry out a Bleichenbacher-style
attack on low-exponent keys and forge signatures or create arbitrary CA
certificates.

Impact
======

An attacker is able to use non-validated fields on a maliciously-
crafted file to forge a signature or a CA certificate.

References
==========

https://wiki.strongswan.org/versions/70
https://github.com/strongswan/strongswan/commit/5955db5b124a1ee5f44c0845b6e00c86fddae67c
https://security.archlinux.org/CVE-2018-16151
https://security.archlinux.org/CVE-2018-16152