[security-announce] OpenSSL: Security update

Sona Sarmadi sona.sarmadi at enea.com
Fri Mar 6 07:35:03 CET 2015

Hash: SHA1

		Enea Linux Security Advisory	

Product/package: OpenSSL 1.0.1g
CVE Name: multiple CVEs fixes
A securiy patch that fixes following CVEs is now available at


README file: 0053-openssl-multiple-CVEs-fixes.patch
Patch file: 0053-openssl-multiple-CVEs-fixes.patch

no-ssl3 configuration sets method to NULL (CVE-2014-3569)

Severity: Low

When openssl is built with the no-ssl3 option and a SSL v3 ClientHello
is received the ssl method would be set to NULL which could later
result in a NULL pointer dereference.

This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.

RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204)

Severity: Low

An OpenSSL client will accept the use of an RSA temporary key in a
non-export RSA key exchange ciphersuite. A server could present a weak
temporary key and downgrade the security of the session.

This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.

DH client certificates accepted without verification [Server]

Severity: Low

An OpenSSL server will accept a DH certificate for client authentication
without the certificate verify message. This effectively allows a client
to authenticate without the use of a private key. This only affects
servers which trust a client certificate authority which issues
certificates containing DH keys: these are extremely rare and hardly
ever encountered.

This issue affects OpenSSL versions: 1.0.1 and 1.0.0.

Certificate fingerprints can be modified (CVE-2014-8275)

Severity: Low

OpenSSL accepts several non-DER-variations of certificate signature
algorithm and signature encodings. OpenSSL also does not enforce a
match between the signature algorithm between the signed and unsigned
portions of the certificate. By modifying the contents of the
signature algorithm or the encoding of the signature, it is possible
to change the certificate's fingerprint.

This does not allow an attacker to forge certificates, and does not
affect certificate verification or OpenSSL servers/clients in any
other way. It also does not affect common revocation mechanisms. Only
custom applications that rely on the uniqueness of the fingerprint
(e.g. certificate blacklists) may be affected.

This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and

DTLS segmentation fault in dtls1_get_record (CVE-2014-3571)

Severity: Moderate

A carefully crafted DTLS message can cause a segmentation fault in
OpenSSL due to a NULL pointer dereference. This could lead to a Denial
Of Service attack.

This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.

Bignum squaring may produce incorrect results (CVE-2014-3570)

Severity: Low

Bignum squaring (BN_sqr) may produce incorrect results on some
platforms, including x86_64. This bug occurs at random with a very
low probability, and is not known to be exploitable in any way, though
its exact impact is difficult to determine. The following has been

*) The probability of BN_sqr producing an incorrect result at random
is very low: 1/2^64 on the single affected 32-bit platform (MIPS) and
1/2^128 on affected 64-bit platforms.
*) On most platforms, RSA follows a different code path and RSA
operations are not affected at all. For the remaining platforms
(e.g. OpenSSL built without assembly support), pre-existing
countermeasures thwart bug attacks [1].
*) Static ECDH is theoretically affected: it is possible to construct
elliptic curve points that would falsely appear to be on the given
curve. However, there is no known computationally feasible way to
construct such points with low order, and so the security of static
ECDH private keys is believed to be unaffected.
*) Other routines known to be theoretically affected are modular
exponentiation, primality testing, DSA, RSA blinding, JPAKE and
SRP. No exploits are known and straightforward bug attacks fail -
either the attacker cannot control when the bug triggers, or no
private key material is involved.

This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.


How to apply the patches
- - Preparation
Make sure that you have an installation of Enea Linux and have
applied the existing patches in the right order

wget http://linux.enea.com/4.0/Enea-Linux-4.0.tar.gz
tar zxf Enea-Linux-4.0.tar.gz
cd Enea-Linux-4.0/poky/
<Fetch and apply the existing patches >

- - Fetch and apply the new patch
patch -p1 < ./0053-openssl-multiple-CVEs-fixes.patch

If you have any questions regarding the security patches and security
updates please contact security at enea.com.

Enea Security Team
Sona Sarmadi
Mobile: +46 70 971 4475

This message, including attachments, is CONFIDENTIAL. It may also be
privileged or otherwise protected by law. If you received this email
by mistake please let us know by reply and then delete it from your
system; you should not copy it or disclose its contents to anyone.
Version: GnuPG v2


More information about the security-announce mailing list