[security-announce] OpenSSL: Security update

Sona Sarmadi sona.sarmadi at enea.com
Mon Jun 15 21:13:53 CEST 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

		Enea Linux Security Advisory

=========================================================
Product/package: openssl 1.0.1
CVE Names: CVE-2015-4000, CVE-2015-1788, CVE-2015-1789
CVE-2015-1790, CVE-2015-1791, CVE-2015-1792
=========================================================
This security update upgrades openssl 1.0.1m to openssl 1.0.1o.

Upgrade from 1.0.1m to 1.0.1n addresses following vulnerabilities:

CVE-2015-4000, DHE man-in-the-middle protection (Logjam)
CVE-2015-1788, Malformed ECParameters causes infinite loop
CVE-2015-1789, Exploitable out-of-bounds read in X509_cmp_time
CVE-2015-1790, PKCS7 crash with missing EnvelopedContent
CVE-2015-1791, Race condition handling NewSessionTicket
CVE-2015-1792, CMS verify infinite loop with unknown hash function

Upgrade from 1.0.1n to 1.0.1o fixes ABI compatibility issues:

Fix HMAC ABI incompatibility. The previous version introduced an ABI
incompatibility in the handling of HMAC. The previous ABI has now been
restored.

e loop with unknown hash function

The patch and README files are gpg signed by ESRT (Enea Security
Response Team) for verification of origin.
To verify the integrity of patches download the ESRT public Key from:
https://pgp.mit.edu/pks/lookup?op=vindex&search=0x773EF6EF68716A14

For detailed info refer to https://linux.enea.com/4.0/patches/README.asc

Signed patch and README files
================================
0081-openssl-Upgrade-to-1.0.1o-to-address-some-CVEs.README.asc
0081-openssl-Upgrade-to-1.0.1o-to-address-some-CVEs.patch.asc

Descriptions
============

DHE man-in-the-middle protection (Logjam)
====================================================================
A vulnerability in the TLS protocol allows a man-in-the-middle
attacker to downgrade vulnerable TLS connections using ephemeral
Diffie-Hellman key exchange to 512-bit export-grade cryptography. This
vulnerability is known as Logjam (CVE-2015-4000).

OpenSSL has added protection for TLS clients by rejecting handshakes
with DH parameters shorter than 768 bits. This limit will be increased
to 1024 bits in a future release.


Malformed ECParameters causes infinite loop (CVE-2015-1788)
===========================================================
Severity: Moderate

When processing an ECParameters structure OpenSSL enters an infinite
loop if the curve specified is over a specially malformed binary
polynomial field.

This can be used to perform denial of service against any
system which processes public keys, certificate requests or
certificates.  This includes TLS clients and TLS servers with
client authentication enabled.


Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789)
=========================s=====================================
Severity: Moderate

X509_cmp_time does not properly check the length of the ASN1_TIME
string and can read a few bytes out of bounds. In addition,
X509_cmp_time accepts an arbitrary number of fractional seconds in the
time string.

An attacker can use this to craft malformed certificates and CRLs of
various sizes and potentially cause a segmentation fault, resulting in
a DoS on applications that verify certificates or CRLs. TLS clients
that verify CRLs are affected. TLS clients and servers with client
authentication enabled may be affected if they use custom verification
callbacks.


PKCS7 crash with missing EnvelopedContent (CVE-2015-1790)
=========================================================
Severity: Moderate

The PKCS#7 parsing code does not handle missing inner EncryptedContent
correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs
with missing content and trigger a NULL pointer dereference on parsing.

Applications that decrypt PKCS#7 data or otherwise parse PKCS#7
structures from untrusted sources are affected. OpenSSL clients and
servers are not affected.


CMS verify infinite loop with unknown hash function (CVE-2015-1792)
===================================================================
Severity: Moderate

When verifying a signedData message the CMS code can enter an infinite
loop if presented with an unknown hash function OID.

This can be used to perform denial of service against any system which
verifies signedData messages using the CMS code.


Race condition handling NewSessionTicket (CVE-2015-1791)
========================================================
Severity: Low

If a NewSessionTicket is received by a multi-threaded client when
attempting to reuse a previous ticket then a race condition can occur
potentially leading to a double free of the ticket data.


Invalid free in DTLS (CVE-2014-8176)
====================================
Severity: Moderate

This vulnerability does not affect current versions of OpenSSL. It
existed in previous OpenSSL versions and was fixed in June 2014.

If a DTLS peer receives application data between the ChangeCipherSpec
and Finished messages, buffering of such data may cause an invalid
free, resulting in a segmentation fault or potentially, memory
corruption.

References:
http://openssl.org/news/secadv_20150611.txt
https://github.com/openssl/openssl/blob/OpenSSL_1_0_1-stable/CHANGES

How to apply the patches
=======================
 - Preparation
Make sure that you have an installation of Enea Linux and have
applied the existing patches in the right order.

wget https://linux.enea.com/4.0/Enea-Linux-4.0.tar.gz
tar zxf Enea-Linux-4.0.tar.gz
cd Enea-Linux-4.0/poky/
<Fetch and apply the existing patches >

 - Fetch and apply the new patch
wget
https://linux.enea.com/4.0/patches/0081-openssl-Upgrade-to-1.0.1o-to-add
ress-some-CVEs.patch.asc
patch -p1 <
./0081-openssl-Upgrade-to-1.0.1o-to-address-some-CVEs.patch.asc

If you have any questions regarding the security patches and security
updates please contact security at enea.com.

Enea Security Team
Sona Sarmadi
Mobile: +46 70 971 4475
www.enea.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJVfyPxAAoJEHc+9u9ocWoUCAsP/1bZpaTf0wHfr+lBbACZ3Ve6
jBMsJVU1geul8GlyPN93FQcs0zID2cAkwqMRoagrEGAADqUEH6fGf58qkWMMiMgD
b7+kQiXpg4a2w96V0jdIOZEQZGexWyH8HlIlEsF5j3qmbUXtA5BHFw6VhZCzV21F
DzuPPhJG39oLhPKGBRqXHTMqOwT7NvSUwK6u6gJYxBSRm/Cf1W7f6RqGspqCfAo0
cB8Y+IrKWr0Jv1e2ppjR2DpRszuPgeDHCN2weBC1PFWqDxwdGW2viUsCEIcvKLQv
x4K2ybn1ki/lHTqppEh+7wPeaGdjcDoqVhNqYpWmL6a60fbNM8WoWPF8TKli0LUM
C47d1/CRgBJ+sK7pLEzzCGI/AQCiURRlLZWOS9uRBQD5UtSAobSynIuO6yjYBmv0
KyjM39N0iUn0bUsqksO+VKxkg5weMtK4FfYXJLA40KURWM2z4uX507fU+fe6cbs3
K8szENgtXmmfGYf3Yeu1Ab8Sz0UQlGH1QFlFf4V+c4mr3+D9Jx3J9ZeFXGcN7lz4
tylL4SJRvk87e+fdpXkPXOUJ6bPz/VZZI9ZJ6epvtRzeYKJINf8Y0cxloMMB/753
Y3GSRM65qjRQhShIHSxuLFfKSUsDDoCXSR8gRu2sGcCdoEdAlOym1E1wTVF2CxcB
CAEHl2JEAavc43xV5Fzw
=LE2M
-----END PGP SIGNATURE-----



More information about the security-announce mailing list