[security-announce] OpenSSL: Security update

Sona Sarmadi sona.sarmadi at enea.com
Fri Mar 6 07:35:03 CET 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

		Enea Linux Security Advisory	

=========================================================
Product/package: OpenSSL 1.0.1g
CVE Name: multiple CVEs fixes
=========================================================
A securiy patch that fixes following CVEs is now available at
http://linux.enea.com/4.0/patches:

CVE-2014-3569
CVE-2015-0204
CVE-2015-0205
CVE-2014-8275
CVE-2014-3571
CVE-2014-3570

README file: 0053-openssl-multiple-CVEs-fixes.patch
Patch file: 0053-openssl-multiple-CVEs-fixes.patch

Description
===========
no-ssl3 configuration sets method to NULL (CVE-2014-3569)
=========================================================

Severity: Low

When openssl is built with the no-ssl3 option and a SSL v3 ClientHello
is received the ssl method would be set to NULL which could later
result in a NULL pointer dereference.

This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.


RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204)
==============================================================

Severity: Low

An OpenSSL client will accept the use of an RSA temporary key in a
non-export RSA key exchange ciphersuite. A server could present a weak
temporary key and downgrade the security of the session.

This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.


DH client certificates accepted without verification [Server]
(CVE-2015-0205)
=============================================================================

Severity: Low

An OpenSSL server will accept a DH certificate for client authentication
without the certificate verify message. This effectively allows a client
to authenticate without the use of a private key. This only affects
servers which trust a client certificate authority which issues
certificates containing DH keys: these are extremely rare and hardly
ever encountered.

This issue affects OpenSSL versions: 1.0.1 and 1.0.0.


Certificate fingerprints can be modified (CVE-2014-8275)
========================================================

Severity: Low

OpenSSL accepts several non-DER-variations of certificate signature
algorithm and signature encodings. OpenSSL also does not enforce a
match between the signature algorithm between the signed and unsigned
portions of the certificate. By modifying the contents of the
signature algorithm or the encoding of the signature, it is possible
to change the certificate's fingerprint.

This does not allow an attacker to forge certificates, and does not
affect certificate verification or OpenSSL servers/clients in any
other way. It also does not affect common revocation mechanisms. Only
custom applications that rely on the uniqueness of the fingerprint
(e.g. certificate blacklists) may be affected.

This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and
0.9.8.

DTLS segmentation fault in dtls1_get_record (CVE-2014-3571)
===========================================================

Severity: Moderate

A carefully crafted DTLS message can cause a segmentation fault in
OpenSSL due to a NULL pointer dereference. This could lead to a Denial
Of Service attack.

This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.


Bignum squaring may produce incorrect results (CVE-2014-3570)
=============================================================

Severity: Low

Bignum squaring (BN_sqr) may produce incorrect results on some
platforms, including x86_64. This bug occurs at random with a very
low probability, and is not known to be exploitable in any way, though
its exact impact is difficult to determine. The following has been
determined:

*) The probability of BN_sqr producing an incorrect result at random
is very low: 1/2^64 on the single affected 32-bit platform (MIPS) and
1/2^128 on affected 64-bit platforms.
*) On most platforms, RSA follows a different code path and RSA
operations are not affected at all. For the remaining platforms
(e.g. OpenSSL built without assembly support), pre-existing
countermeasures thwart bug attacks [1].
*) Static ECDH is theoretically affected: it is possible to construct
elliptic curve points that would falsely appear to be on the given
curve. However, there is no known computationally feasible way to
construct such points with low order, and so the security of static
ECDH private keys is believed to be unaffected.
*) Other routines known to be theoretically affected are modular
exponentiation, primality testing, DSA, RSA blinding, JPAKE and
SRP. No exploits are known and straightforward bug attacks fail -
either the attacker cannot control when the bug triggers, or no
private key material is involved.

This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.

Reference
==========
https://www.openssl.org/news/secadv_20150108.txt

How to apply the patches
=======================
- - Preparation
Make sure that you have an installation of Enea Linux and have
applied the existing patches in the right order

wget http://linux.enea.com/4.0/Enea-Linux-4.0.tar.gz
tar zxf Enea-Linux-4.0.tar.gz
cd Enea-Linux-4.0/poky/
<Fetch and apply the existing patches >

- - Fetch and apply the new patch
wget
http://linux.enea.com/4.0/patches/0053-openssl-multiple-CVEs-fixes.patch
patch -p1 < ./0053-openssl-multiple-CVEs-fixes.patch

If you have any questions regarding the security patches and security
updates please contact security at enea.com.

Enea Security Team
Sona Sarmadi
Mobile: +46 70 971 4475
www.enea.com

This message, including attachments, is CONFIDENTIAL. It may also be
privileged or otherwise protected by law. If you received this email
by mistake please let us know by reply and then delete it from your
system; you should not copy it or disclose its contents to anyone.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBAgAGBQJU+UqXAAoJEHc+9u9ocWoUkXMP/ReMXC+i9sDIOR4rxWJaEY3O
A13KwdbObpoeVstnjnYnWSjFNeW6klBoNEV7nLugqOHl7zIS6V2HB9l2QdZ42l69
tJBTyg/DafmQA/ei+H9c7S5HLlD3Kj4VVQzp5plbdxLy9cNTozk6SiguyCzKZZhX
vAtdAyx5mzTguJdmRJqqVXFKR0Il4B0gAT60thdRgmXiO+tBLr/bSARGVyMwUCd6
NSbSfemSUaSWns7LPonclHco+VEOUyWhSXpSuvAvr0xMB7nrikiXIQPUSrbSChWO
AMQ/24AQMb5UN9zaCyd7DaSe3g7vTkIYWEXw7WffF0lKMvuxRYClV3p2TK3Jguy3
IR/F4RH1x1wKtWz9qYdI7Bg+e8tjDJw6EdXAKECXn2wP19UtLek/ZJm5KtX1UZg1
S5saZ98n6Sx9/hrxQt4QO9vVHRn6sHJo5yQuwDbb4GQc/mBSZHneV/SwEyqxxNmY
ho3febSo6lqwmw3VIk0mIfGumnVWT/hHnb0ycySJM+9c3+xPzSAIxrM3IOcwqgbR
VcMI7TTbBHqNprwhArgrZ1qEQLaFALoNdErOLOLsxw5Op8f2K0ZcNYjPv6i9Xn5x
Z70gSvWmAqdhqQLwIVc6L3+T8RPzxqlL8MZEedwo3mYCxuo4zcsleDyWvVD+e+mr
RvTt20KLRM252plQ7qqs
=Zq3l
-----END PGP SIGNATURE-----



More information about the security-announce mailing list