[security-announce] OpenSSL: Security update

Sona Sarmadi sona.sarmadi at enea.com
Mon Jun 15 21:13:53 CEST 2015

Hash: SHA256

		Enea Linux Security Advisory

Product/package: openssl 1.0.1
CVE Names: CVE-2015-4000, CVE-2015-1788, CVE-2015-1789
CVE-2015-1790, CVE-2015-1791, CVE-2015-1792
This security update upgrades openssl 1.0.1m to openssl 1.0.1o.

Upgrade from 1.0.1m to 1.0.1n addresses following vulnerabilities:

CVE-2015-4000, DHE man-in-the-middle protection (Logjam)
CVE-2015-1788, Malformed ECParameters causes infinite loop
CVE-2015-1789, Exploitable out-of-bounds read in X509_cmp_time
CVE-2015-1790, PKCS7 crash with missing EnvelopedContent
CVE-2015-1791, Race condition handling NewSessionTicket
CVE-2015-1792, CMS verify infinite loop with unknown hash function

Upgrade from 1.0.1n to 1.0.1o fixes ABI compatibility issues:

Fix HMAC ABI incompatibility. The previous version introduced an ABI
incompatibility in the handling of HMAC. The previous ABI has now been

e loop with unknown hash function

The patch and README files are gpg signed by ESRT (Enea Security
Response Team) for verification of origin.
To verify the integrity of patches download the ESRT public Key from:

For detailed info refer to https://linux.enea.com/4.0/patches/README.asc

Signed patch and README files


DHE man-in-the-middle protection (Logjam)
A vulnerability in the TLS protocol allows a man-in-the-middle
attacker to downgrade vulnerable TLS connections using ephemeral
Diffie-Hellman key exchange to 512-bit export-grade cryptography. This
vulnerability is known as Logjam (CVE-2015-4000).

OpenSSL has added protection for TLS clients by rejecting handshakes
with DH parameters shorter than 768 bits. This limit will be increased
to 1024 bits in a future release.

Malformed ECParameters causes infinite loop (CVE-2015-1788)
Severity: Moderate

When processing an ECParameters structure OpenSSL enters an infinite
loop if the curve specified is over a specially malformed binary
polynomial field.

This can be used to perform denial of service against any
system which processes public keys, certificate requests or
certificates.  This includes TLS clients and TLS servers with
client authentication enabled.

Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789)
Severity: Moderate

X509_cmp_time does not properly check the length of the ASN1_TIME
string and can read a few bytes out of bounds. In addition,
X509_cmp_time accepts an arbitrary number of fractional seconds in the
time string.

An attacker can use this to craft malformed certificates and CRLs of
various sizes and potentially cause a segmentation fault, resulting in
a DoS on applications that verify certificates or CRLs. TLS clients
that verify CRLs are affected. TLS clients and servers with client
authentication enabled may be affected if they use custom verification

PKCS7 crash with missing EnvelopedContent (CVE-2015-1790)
Severity: Moderate

The PKCS#7 parsing code does not handle missing inner EncryptedContent
correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs
with missing content and trigger a NULL pointer dereference on parsing.

Applications that decrypt PKCS#7 data or otherwise parse PKCS#7
structures from untrusted sources are affected. OpenSSL clients and
servers are not affected.

CMS verify infinite loop with unknown hash function (CVE-2015-1792)
Severity: Moderate

When verifying a signedData message the CMS code can enter an infinite
loop if presented with an unknown hash function OID.

This can be used to perform denial of service against any system which
verifies signedData messages using the CMS code.

Race condition handling NewSessionTicket (CVE-2015-1791)
Severity: Low

If a NewSessionTicket is received by a multi-threaded client when
attempting to reuse a previous ticket then a race condition can occur
potentially leading to a double free of the ticket data.

Invalid free in DTLS (CVE-2014-8176)
Severity: Moderate

This vulnerability does not affect current versions of OpenSSL. It
existed in previous OpenSSL versions and was fixed in June 2014.

If a DTLS peer receives application data between the ChangeCipherSpec
and Finished messages, buffering of such data may cause an invalid
free, resulting in a segmentation fault or potentially, memory


How to apply the patches
 - Preparation
Make sure that you have an installation of Enea Linux and have
applied the existing patches in the right order.

wget https://linux.enea.com/4.0/Enea-Linux-4.0.tar.gz
tar zxf Enea-Linux-4.0.tar.gz
cd Enea-Linux-4.0/poky/
<Fetch and apply the existing patches >

 - Fetch and apply the new patch
patch -p1 <

If you have any questions regarding the security patches and security
updates please contact security at enea.com.

Enea Security Team
Sona Sarmadi
Mobile: +46 70 971 4475
Version: GnuPG v2


More information about the security-announce mailing list