Security
Backporting network security enhancements from Python 3.4
Maintenance of Python 2.7 has continued for longer than originally envisioned—much longer than some Python developers would like—and it is set to continue for quite a bit longer still. While that helps smooth the transition to Python 3, there are enhancements that have gone into the next-generation Python that would be nice to have in 2.7. In many cases, the answer has been that any who want those features should move to Python 3, but there is a class of enhancements that warrant different treatment: those that affect network security. Changes of that sort are likely to require different handling, which is just what the project has done.
The idea was motivated by the aging state of SSL support in Python 2.7, though more than just SSL was eventually addressed. As noted in a Python Enhancement Proposal (PEP 466) that was accepted back in April, there are certain types of deficiencies that affect far more than just a particular Python application. In fact, they can affect the security of the network itself:
So PEP 466 codifies a plan for backporting a handful of features from 3.4 to 2.7. Since the PEP's acceptance, some features have been completed and released in Python 2.7.7 or 2.7.8, while others are still being worked on for future releases.
Of the two fixes that were made for Python 2.7.7, one simply updates the version of OpenSSL that ships with Python for Windows. The second backports the Python 3.4 version of hmac.compare_digest(). The idea is to provide a constant-time comparison function for hash-based message authentication code (HMAC) digests. That will avoid some potential timing attacks against programs that do their own digest comparison (using == or the like). Those programs can be changed to call compare_digest() from the hmac module instead.
For 2.7.8, another of the PEP 466 changes was backported. A new pbkdf2_hmac() function was added to the hashlib module. While the function name is kind of a mouthful, the first part stands for "password-based key derivation function #2" (PBKDF2), which is part of the public-key cryptography standard (PKCS) (i.e. PKCS #5). The idea is to take a password, add some salt, and repeatedly apply a cryptographic function (hash, HMAC, ...) to turn it into a much stronger key. It is way of doing key stretching to make password cracking much harder.
The change to the os.urandom() function seems to be a bit controversial. The change is fairly straightforward: open a file descriptor for /dev/urandom the first time urandom() is called and leave it open until there is an error or the interpreter exits. That would save an open() and close() system call each time urandom() is called, which might alleviate some performance issues reported for the call. As Alex Gaynor pointed out in the PEP 466 bug, that might stop people from working around urandom() by using a (presumably faster) non-cryptographic random number generator and compromising their application security.
The argument is a bit weak, overall, since calling for so many random numbers that urandom() opening and closing a file becomes a bottleneck is almost certainly an indication that the application is doing something wrong. Several were asking that the change not be backported, and it hasn't happened yet, but it does still appear in PEP 466.
There is another fairly minor change coming. The hashlib module in Python 2.7 will eventually also get the algorithms_guaranteed and algorithms_available sets from Python 3. These sets contain the names of hash algorithms that are either guaranteed to be present on all platforms or the names of those that are available in the currently running interpreter.
By far the biggest change to Python 2.7 would be in synchronizing the
ssl
module with the version from 3.4. That brings along a huge number of
changes, including (from the PEP) "TLSv1.x settings, SSLContext
manipulation, Server Name Indication, access to platform certificate
stores, standard library support for peer hostname validation and
more
". Essentially, it will bring Python 2.7 support for SSL
up to par with that of most other languages and frameworks. It will also
provide a path for doing certificate validation using the standard
library for 2.7, which has been a major, longstanding hole in Python's
SSL support.
But the SSL backport has turned out to be more work than Gaynor anticipated. In a status report at the beginning of July, he noted that the ssl module had two separate code versions, one for Python 2 and another for Python 3. That meant a direct backport could not be done, so Gaynor tried a variety of approaches without much success. But his plan to automatically cherry-pick ssl commits from the 3.4 branch of the Mercurial tree back into the 2.7 branch was not particularly well-received.
More recently, Gaynor noted some other
snags in adding the SSL features, so he must have (mostly) gotten past the
problem
of actually porting the pieces needed. According to another message, things are progressing, with only a
few tests that are not passing, "so this will hopefully be ready to upload
any day now for review
".
Given the longevity of Python 2.7, and the popularity of the language for networking applications, it is not really surprising that some security-oriented fixes would need to be backported. In addition, the recent scrutiny of SSL implementations has made it imperative that mainstream implementations are up to snuff. Once Gaynor finishes his work, Python 2.7 will be in an even better position to continue handling network traffic right up to its end of life—currently scheduled for 2020.
Brief items
Security quotes of the week
But when sites outright lie to you about things you care about, and that you have expected those sites to provide to you honestly, that's a wholly different story, indeed -- and that applies whether or not you're paying fees for the services involved, and whether or not users are ever informed later about these shenanigans. Nor do "research use of data" clauses buried in voluminous Terms of Service text constitute informed consent or some sort of ethical exception.
Android crypto blunder exposes users to highly privileged malware (ars technica)
Ars technica reports on a newly disclosed Android vulnerability. It seems that some apps are hard-coded into the system as having special privileges. "According to Jeff Forristal, CTO of Bluebox Security, Android fails to verify the chain of certificates used to certify an app belongs to this elite class of super privileged programs. As a result, a maliciously developed app can include an invalid certificate claiming it's Flash, Wallet, or any other app hard coded into Android. The OS, in turn, will give the rogue app the same special privileges assigned to the legitimate app without ever taking the time to detect the certificate forgery."
New vulnerabilities
avidemux: undisclosed vulnerabilities
| Package(s): | avidemux | CVE #(s): | |||||
| Created: | July 28, 2014 | Updated: | July 30, 2014 | ||||
| Description: | From the Mageia advisory:
Avidemux built with a bundled set of FFmpeg libraries. The bundled FFmpeg versions have been updated to 0.9.4 in Mageia 3 and 1.2.7 in Mageia 4 to fix several security issues and other bugs fixed upstream in FFmpeg. | ||||||
| Alerts: |
| ||||||
cobbler: path traversal
| Package(s): | cobbler | CVE #(s): | CVE-2014-3225 | ||||||||
| Created: | July 28, 2014 | Updated: | July 30, 2014 | ||||||||
| Description: | From the CVE entry:
Absolute path traversal vulnerability in the web interface in Cobbler 2.4.x through 2.6.x allows remote authenticated users to read arbitrary files via the Kickstart field in a profile. | ||||||||||
| Alerts: |
| ||||||||||
cups: privilege escalation
| Package(s): | cups | CVE #(s): | CVE-2014-5029 CVE-2014-5030 CVE-2014-5031 | ||||||||||||||||||||||||||||||||||||
| Created: | July 28, 2014 | Updated: | September 8, 2014 | ||||||||||||||||||||||||||||||||||||
| Description: | From the Debian advisory:
It was discovered that the web interface in CUPS, the Common UNIX Printing System, incorrectly validated permissions on rss files and directory index files. A local attacker could possibly use this issue to bypass file permissions and read arbitrary files, possibly leading to a privilege escalation. | ||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||
ipython: code execution
| Package(s): | ipython | CVE #(s): | CVE-2014-3429 | ||||||||||||||||||||||||
| Created: | July 25, 2014 | Updated: | July 30, 2015 | ||||||||||||||||||||||||
| Description: | From the Red Hat bugzilla entry:
It was reported [1],[2] that IPython's Notebook server suffered from a flaw where it did not verify the origin of websocket requests. An attacker with knowledge of the IPython kernel ID could run arbitrary code on a user's machine with the privileges of the user running the IPython Notebook server, if the client visited a crafted malicious page. This was corrected upstream in the 2.0.0 release. Further details on the flaw were also published. | ||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||
kernel: privilege escalation
| Package(s): | kernel | CVE #(s): | CVE-2014-3534 | ||||||||||||||||||||||||||||||||||||
| Created: | July 29, 2014 | Updated: | August 1, 2014 | ||||||||||||||||||||||||||||||||||||
| Description: | From the Debian advisory:
Martin Schwidefsky of IBM discovered that the ptrace subsystem does not properly sanitize the psw mask value. On s390 systems, an unprivileged local user could use this flaw to set address space control bits to kernel space combination and thus gain read/write access to kernel memory. | ||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||
moodle: multiple vulnerabilities
| Package(s): | moodle | CVE #(s): | CVE-2014-3541 CVE-2014-3542 CVE-2014-3543 CVE-2014-3544 CVE-2014-3545 CVE-2014-3546 CVE-2014-3547 CVE-2014-3548 CVE-2014-3549 CVE-2014-3550 CVE-2014-3551 CVE-2014-3552 CVE-2014-3553 | ||||||||||||||||
| Created: | July 30, 2014 | Updated: | August 6, 2014 | ||||||||||||||||
| Description: | From the Moodle announcement:
Moodle 2.7.1, 2.6.4, 2.5.7, and 2.4.11 are now available In addition to a number of bug fixes and small improvements, security vulnerabilities have been discovered and fixed. We highly recommend that you upgrade your sites as soon as possible. Upgrading should be very straightforward. As per our usual policy, admins of all registered Moodle sites will be notified of security issue details directly via email and we'll publish details more widely in a week. Additional information may be found in the oss-sec report. | ||||||||||||||||||
| Alerts: |
| ||||||||||||||||||
openstack-nova: information disclosure
| Package(s): | openstack-nova | CVE #(s): | CVE-2014-3517 | ||||||||||||
| Created: | July 25, 2014 | Updated: | August 22, 2014 | ||||||||||||
| Description: | From the Red Hat advisory:
A side-channel timing attack flaw was found in Nova. An attacker could possibly use this flaw to guess valid instance ID signatures, giving them access to details of another instance, by analyzing the response times of requests for instance metadata. This issue only affected configurations that proxy metadata requests via Neutron. (CVE-2014-3517) | ||||||||||||||
| Alerts: |
| ||||||||||||||
oxide-qt: three vulnerabilities
| Package(s): | oxide-qt | CVE #(s): | CVE-2014-3162 CVE-2014-3160 CVE-2014-3803 | ||||||||||||||||
| Created: | July 24, 2014 | Updated: | August 11, 2014 | ||||||||||||||||
| Description: | From the Ubuntu advisory:
Multiple security issues including memory safety bugs were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking the program. (CVE-2014-3162) It was discovered that Blink did not enforce security rules for subresource loading in SVG images. If a user opened a site that embedded a specially crafted image, an attacker could exploit this to log page views. (CVE-2014-3160) It was discovered that the SpeechInput feature in Blink could be activated without consent or any visible indication. If a user were tricked in to opening a specially crafted website, an attacker could exploit this to eavesdrop on the user. (CVE-2014-3803) | ||||||||||||||||||
| Alerts: |
| ||||||||||||||||||
phpmyadmin: multiple vulnerabilities
| Package(s): | phpmyadmin | CVE #(s): | CVE-2014-4954 CVE-2014-4955 CVE-2014-4986 CVE-2014-4987 | ||||||||||||||||
| Created: | July 30, 2014 | Updated: | August 6, 2014 | ||||||||||||||||
| Description: | From the CVE entries:
Cross-site scripting (XSS) vulnerability in the PMA_getHtmlForActionLinks function in libraries/structure.lib.php in phpMyAdmin 4.2.x before 4.2.6 allows remote authenticated users to inject arbitrary web script or HTML via a crafted table comment that is improperly handled during construction of a database structure page. (CVE-2014-4954) Cross-site scripting (XSS) vulnerability in the PMA_TRI_getRowForList function in libraries/rte/rte_list.lib.php in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allows remote authenticated users to inject arbitrary web script or HTML via a crafted trigger name that is improperly handled on the database triggers page. (CVE-2014-4955) Multiple cross-site scripting (XSS) vulnerabilities in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) table name or (2) column name that is improperly handled during construction of an AJAX confirmation message. (CVE-2014-4986) server_user_groups.php in phpMyAdmin 4.1.x before 4.1.14.2 and 4.2.x before 4.2.6 allows remote authenticated users to bypass intended access restrictions and read the MySQL user list via a viewUsers request. (CVE-2014-4987) | ||||||||||||||||||
| Alerts: |
| ||||||||||||||||||
ppc64-diag: two vulnerabilities
| Package(s): | ppc64-diag | CVE #(s): | CVE-2014-4038 CVE-2014-4039 | ||||||||||||||||||||
| Created: | July 24, 2014 | Updated: | July 22, 2015 | ||||||||||||||||||||
| Description: | From the SUSE advisory:
ppc64-diag has been updated to prevent the usage of predictable filenames in /tmp in various scripts and daemons (CVE-2014-4038) Also the snapshot tarball was previously generated world readable, which could have leaked sensible information, which is only visible to root, to all users. It is now readable for root only (CVE-2014-4039). | ||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||
pulseaudio: denial of service
| Package(s): | pulseaudio | CVE #(s): | CVE-2014-3970 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Created: | July 28, 2014 | Updated: | March 29, 2015 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description: | From the CVE entry:
The pa_rtp_recv function in modules/rtp/rtp.c in the module-rtp-recv module in PulseAudio 5.0 and earlier allows remote attackers to cause a denial of service (assertion failure and abort) via an empty UDP packet. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
python-django-horizon: three vulnerabilities
| Package(s): | python-django-horizon | CVE #(s): | CVE-2014-3473 CVE-2014-3474 CVE-2014-3475 | ||||||||||||||||||||
| Created: | July 25, 2014 | Updated: | September 10, 2014 | ||||||||||||||||||||
| Description: | From the Red Hat advisory:
A cross-site scripting (XSS) flaw was found in the way orchestration templates were handled. An owner of such a template could use this flaw to perform XSS attacks against other Horizon users. (CVE-2014-3473) It was found that network names were not sanitized. A malicious user could use this flaw to perform XSS attacks against other Horizon users by creating a network with a specially crafted name. (CVE-2014-3474) It was found that certain email addresses were not sanitized. An administrator could use this flaw to perform XSS attacks against other Horizon users by storing an email address that has a specially crafted name. (CVE-2014-3475) | ||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||
zarafa: information disclosure
| Package(s): | zarafa | CVE #(s): | CVE-2014-0103 | ||||||||||||||||
| Created: | July 28, 2014 | Updated: | July 30, 2014 | ||||||||||||||||
| Description: | From the Red Hat bugzilla:
Robert Scheck reported that Zarafa's WebAccess stored session information, including login credentials, on-disk in PHP session files. This session file would contain a user's username and password to the Zarafa IMAP server. If Zarafa WebAccess was run on a shared hosting site (multiple web sites on the same server), and an administrator of another server, with the ability to upload arbitrary scripts to the server, they could use this to obtain these IMAP credentials due to both sites being run by the same Apache user, and the PHP session files being owned by the same. In a non-shared hosting environment, or one using something like SuEXEC, where the PHP session files are owned by individual users on a per-site basis, this would not be an issue. In that case, only a local user able to read these files (either as root or as the user running the Apache web server) would be able to view the credentials. | ||||||||||||||||||
| Alerts: |
| ||||||||||||||||||
Page editor: Jake Edge
Next page:
Kernel development>>