MGASA-2020-0053 - Updated mbedtls packages fix security vulnerabilities

Publication date: 28 Jan 2020
URL: https://advisories.mageia.org/MGASA-2020-0053.html
Type: security
Affected Mageia releases: 7
CVE: CVE-2019-16910,
     CVE-2019-18222

This update from mbedTLS 2.16.2 to mbedTLS 2.16.4 fixes several security
vulnerabilities, among which:

The deterministic ECDSA calculation reused the scheme's HMAC-DRBG to
implement blinding. Because of this for the same key and message the
same blinding value was generated. This reduced the effectiveness of the
countermeasure and leaked information about the private key through side
channels (CVE-2019-16910).

Fix side channel vulnerability in ECDSA. Our bignum implementation is not
constant time/constant trace, so side channel attacks can retrieve the blinded
value, factor it (as it is smaller than RSA keys and not guaranteed to have
only large prime factors), and then, by brute force, recover the key
(CVE-2019-18222).

See release notes for details.

References:
- https://bugs.mageia.org/show_bug.cgi?id=25952
- https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.3-and-2.7.12-released
- https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.4-and-2.7.13-released
- https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2019-10
- https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2019-12
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16910
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18222

SRPMS:
- 7/core/mbedtls-2.16.4-1.mga7