From d0072a11debc576b5fd970841117a89bdfe8549a Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 8 Oct 2018 15:43:22 +0200 Subject: [PATCH] Releasing 1.0.35 and 1.1pre17. --- docs.mdwn | 2 +- download.mdwn | 42 +++++++++++++++++++-------- index.mdwn | 4 +-- news/release-1.0.35-and-1.1pre17.mdwn | 19 ++++++++++++ security.mdwn | 28 ++++++++++++++++-- 5 files changed, 78 insertions(+), 17 deletions(-) create mode 100644 news/release-1.0.35-and-1.1pre17.mdwn diff --git a/docs.mdwn b/docs.mdwn index 5c7929e..91c18b0 100644 --- a/docs.mdwn +++ b/docs.mdwn @@ -15,7 +15,7 @@ something else than the documentation says, please tell us! The main source of information is the manual. This text describes how to set up a VPN using tinc. It also contains a chapter with more technical details, which you may want to read, as well as the ideas behind tinc. This manual is -currently up to date with version 1.0.34. +currently up to date with version 1.0.35. - [manual (HTML)](/documentation/) - [manual (PDF)](/documentation/tinc.pdf) diff --git a/download.mdwn b/download.mdwn index 6220c0d..3e136ad 100644 --- a/download.mdwn +++ b/download.mdwn @@ -12,28 +12,28 @@ packages you should contact its maintainer. ### Latest stable release -[[!inline pages="news/release-1.0.34" template=newsitemnoheader feeds="no"]] +[[!inline pages="news/release-1.0.35" template=newsitemnoheader feeds="no"]] - -
**Version**1.0.34 + +
**Version**1.0.35
**Source** -[tinc-1.0.34.tar.gz](/packages/tinc-1.0.34.tar.gz) -([sig](/packages/tinc-1.0.34.tar.gz.sig)) +[tinc-1.0.35.tar.gz](/packages/tinc-1.0.35.tar.gz) +([sig](/packages/tinc-1.0.35.tar.gz.sig))
**Packages** -[Windows XP/Vista/7/8/10](/packages/windows/tinc-1.0.34-install.exe) +[Windows XP/Vista/7/8/10](/packages/windows/tinc-1.0.35-install.exe)
### Latest pre-release from the 1.1 branch -[[!inline pages="news/release-1.1pre16" template=newsitemnoheader feeds="no"]] +[[!inline pages="news/release-1.1pre17" template=newsitemnoheader feeds="no"]] - -
**Version**1.1pre16 + +
**Version**1.1pre17
**Source** -[tinc-1.1pre16.tar.gz](/packages/tinc-1.1pre16.tar.gz) -([sig](/packages/tinc-1.1pre16.tar.gz.sig)) +[tinc-1.1pre17.tar.gz](/packages/tinc-1.1pre17.tar.gz) +([sig](/packages/tinc-1.1pre17.tar.gz.sig))
**Packages** -[Windows XP/Vista/7/8/10](/packages/windows/tinc-1.1pre16-install.exe) +[Windows XP/Vista/7/8/10](/packages/windows/tinc-1.1pre17-install.exe)
### Distributions providing tinc @@ -68,6 +68,24 @@ using one of these packages. ### Older versions + +
**Version**1.0.34 +
**Source** +[tinc-1.0.34.tar.gz](/packages/tinc-1.0.34.tar.gz) +([sig](/packages/tinc-1.0.34.tar.gz.sig)) +
**Packages** +[Windows XP/Vista/7/8/10](/packages/windows/tinc-1.0.34-install.exe) +
+ + +
**Version**1.1pre16 +
**Source** +[tinc-1.1pre16.tar.gz](/packages/tinc-1.1pre16.tar.gz) +([sig](/packages/tinc-1.1pre16.tar.gz.sig)) +
**Packages** +[Windows XP/Vista/7/8/10](/packages/windows/tinc-1.1pre16-install.exe) +
+
**Version**1.0.33
**Source** diff --git a/index.mdwn b/index.mdwn index 0f95fa6..8e55d89 100644 --- a/index.mdwn +++ b/index.mdwn @@ -1,8 +1,8 @@ # Welcome to tinc! -### Latest stable version: [[1.0.34|download]] +### Latest stable version: [[1.0.35|download]] -Latest prerelease from the 1.1 branch: [[1.1pre16|download]] +Latest prerelease from the 1.1 branch: [[1.1pre17|download]] ### Latest news: diff --git a/news/release-1.0.35-and-1.1pre17.mdwn b/news/release-1.0.35-and-1.1pre17.mdwn new file mode 100644 index 0000000..b363543 --- /dev/null +++ b/news/release-1.0.35-and-1.1pre17.mdwn @@ -0,0 +1,19 @@ +[[!meta author="guus"]] +[[!meta date="October 8th 2018"]] + +Versions 1.0.35 and 1.1pre17 released. + +* Prevent oracle attacks (CVE-2018-16737, CVE-2018-16738). +* Prevent a MITM from forcing a NULL cipher for UDP (CVE-2018-16758). + +Thanks to Michael Yonli for auditing tinc and reporting these vulnerabilities. + +[[!toggle id="fulltext" text="Show full text."]] + +[[!toggleable id="fulltext" text=""" +Michael Yonli discovered two security flaws. The first is an issue with the implementation of the authentication protocol used in tinc 1.0, which allows a remote attacker to establish an authenticated connection with a node in the VPN, and send messages one-way. In tinc 1.0.29 and earlier, this is unfortunately trivial to exploit. In tinc 1.0.30 to 1.0.34, the mitigations implemented for the Sweet32 attack also make this attack much harder, but in principle still possible. This is fixed in tinc 1.0.35. + +The second issue allows a man-in-the-middle that has intercepted the TCP connection between two nodes, to potentially force one of the nodes to start sending unencrypted UDP packets. This is also fixed in tinc 1.0.35. + +The new protocol used in tinc 1.1 is not affected by these vulnerabilities. However, since it is backwards compatible with tinc 1.0, it uses the legacy protocol when communicating with tinc 1.0 nodes. Tinc 1.1pre17 fixes the first issue, and it wasn't vulnerable to the second issue to begin with. +"""]] diff --git a/security.mdwn b/security.mdwn index aa05ea3..ce4a416 100644 --- a/security.mdwn +++ b/security.mdwn @@ -8,16 +8,40 @@ We will then try to get a CVE number assigned, and coordinate a bugfix release w The following list contains advisories for security issues in tinc in old versions: +- [CVE-2018-16758](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16758): + Tinc 1.0.34 and earlier allow a [man-in-the-middle attack](https://en.wikipedia.org/wiki/Man-in-the-middle_attack) + that, even if the MITM cannot decrypt the traffic sent between the two + endpoints, when the MITM can correctly predict when an ephemeral key exchange + message is sent in a TCP connection between two nodes, allows the MITM to + force one node to send UDP packets in plaintext. + The tinc 1.1pre versions are not affected by this. + +- [CVE-2018-16738](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16738): + Tinc versions 1.0.30 to 1.0.34 allow an [oracle attack](https://en.wikipedia.org/wiki/Oracle_attack), + similar to CVE-2018-16737, but due to the mitigations put in place for the Sweet32 + attack in tinc 1.0.30, it now requires a [timing attack](https://en.wikipedia.org/wiki/Timing_attack) + that has only a limited time to complete. + Tinc 1.1pre16 and earlier are also affected if there are nodes on the same + VPN that still use the legacy protocol from tinc version 1.0.x. + +- [CVE-2018-16737](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16737): + Tinc 1.0.29 and earlier allow an [oracle attack](https://en.wikipedia.org/wiki/Oracle_attack) + that could allow a remote attacker to establish one-way communication with a + tinc node, allowing it to send fake control messages and inject packets into + the VPN. The attack takes only a few seconds to complete. + Tinc 1.1pre14 and earlier allow the same attack if they are configured to allow connections + from nodes using the legacy 1.0.x protocol. + - [CVE-2013-1428](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1428), [DSA-2663](https://www.debian.org/security/2013/dsa-2663), [Sitsec advisory](http://sitsec.net/blog/2013/04/22/stack-based-buffer-overflow-in-the-vpn-software-tinc-for-authenticated-peers): stack based buffer overflow - [CVE-2002-1755](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1755): - tinc 1.0pre3 and 1.0pre4 VPN do not authenticate forwarded packets, which allows remote attackers to inject data into user sessions without detection, and possibly control the data contents via cut-and-paste attacks on CBC. + Tinc 1.0pre3 and 1.0pre4 VPN do not authenticate forwarded packets, which allows remote attackers to inject data into user sessions without detection, and possibly control the data contents via cut-and-paste attacks on CBC. - [CVE-2001-1505](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1505): - tinc 1.0pre3 and 1.0pre4 allow remote attackers to inject data into user sessions by sniffing and replaying packets. + Tinc 1.0pre3 and 1.0pre4 allow remote attackers to inject data into user sessions by sniffing and replaying packets. ## Possible weak keys generated by tinc on Debian (and derivates) due to a security bug in Debian's OpenSSL packages -- 2.20.1