[ntp:security] Fwd: [openssl-announce] OpenSSL Security Advisory

Brad Knowles brad at shub-internet.org
Thu Dec 3 18:48:55 UTC 2015



> Begin forwarded message:
> 
> From: OpenSSL <openssl at openssl.org>
> Subject: [openssl-announce] OpenSSL Security Advisory
> Date: December 3, 2015 at 9:57:34 AM CST
> To: OpenSSL Developer ML <openssl-dev at openssl.org>, OpenSSL User Support ML <openssl-users at openssl.org>, OpenSSL Announce ML <openssl-announce at openssl.org>
> Reply-To: openssl-users at openssl.org, openssl at openssl.org
> 
> Signed PGP part
> OpenSSL Security Advisory [3 Dec 2015]
> =======================================
> 
> NOTE: WE ANTICIPATE THAT 1.0.0t AND 0.9.8zh WILL BE THE LAST RELEASES FOR THE
> 0.9.8 AND 1.0.0 VERSIONS AND THAT NO MORE SECURITY FIXES WILL BE PROVIDED (AS
> PER PREVIOUS ANNOUNCEMENTS). USERS ARE ADVISED TO UPGRADE TO LATER VERSIONS.
> 
> BN_mod_exp may produce incorrect results on x86_64 (CVE-2015-3193)
> ==================================================================
> 
> Severity: Moderate
> 
> There is a carry propagating bug in the x86_64 Montgomery squaring procedure. No
> EC algorithms are affected. Analysis suggests that attacks against RSA and DSA
> as a result of this defect would be very difficult to perform and are not
> believed likely. Attacks against DH are considered just feasible (although very
> difficult) because most of the work necessary to deduce information
> about a private key may be performed offline. The amount of resources
> required for such an attack would be very significant and likely only
> accessible to a limited number of attackers. An attacker would
> additionally need online access to an unpatched system using the target
> private key in a scenario with persistent DH parameters and a private
> key that is shared between multiple clients. For example this can occur by
> default in OpenSSL DHE based SSL/TLS ciphersuites.
> 
> This issue affects OpenSSL version 1.0.2.
> 
> OpenSSL 1.0.2 users should upgrade to 1.0.2e
> 
> This issue was reported to OpenSSL on August 13 2015 by Hanno
> Böck. The fix was developed by Andy Polyakov of the OpenSSL
> development team.
> 
> Certificate verify crash with missing PSS parameter (CVE-2015-3194)
> ===================================================================
> 
> Severity: Moderate
> 
> The signature verification routines will crash with a NULL pointer dereference
> if presented with an ASN.1 signature using the RSA PSS algorithm and absent
> mask generation function parameter. Since these routines are used to verify
> certificate signature algorithms this can be used to crash any certificate
> verification operation and exploited in a DoS attack. Any application which
> performs certificate verification is vulnerable including OpenSSL clients and
> servers which enable client authentication.
> 
> This issue affects OpenSSL versions 1.0.2 and 1.0.1.
> 
> OpenSSL 1.0.2 users should upgrade to 1.0.2e
> OpenSSL 1.0.1 users should upgrade to 1.0.1q
> 
> This issue was reported to OpenSSL on August 27 2015 by Loïc Jonas Etienne
> (Qnective AG). The fix was developed by Dr. Stephen Henson of the OpenSSL
> development team.
> 
> X509_ATTRIBUTE memory leak (CVE-2015-3195)
> ==========================================
> 
> Severity: Moderate
> 
> When presented with a malformed X509_ATTRIBUTE structure OpenSSL will leak
> memory. This structure is used by the PKCS#7 and CMS routines so any
> application which reads PKCS#7 or CMS data from untrusted sources is affected.
> SSL/TLS is not affected.
> 
> This issue affects OpenSSL versions 1.0.2 and 1.0.1, 1.0.0 and 0.9.8.
> 
> OpenSSL 1.0.2 users should upgrade to 1.0.2e
> OpenSSL 1.0.1 users should upgrade to 1.0.1q
> OpenSSL 1.0.0 users should upgrade to 1.0.0t
> OpenSSL 0.9.8 users should upgrade to 0.9.8zh
> 
> This issue was reported to OpenSSL on November 9 2015 by Adam Langley
> (Google/BoringSSL) using libFuzzer. The fix was developed by Dr. Stephen
> Henson of the OpenSSL development team.
> 
> Race condition handling PSK identify hint (CVE-2015-3196)
> =========================================================
> 
> Severity: Low
> 
> If PSK identity hints are received by a multi-threaded client then
> the values are wrongly updated in the parent SSL_CTX structure. This can
> result in a race condition potentially leading to a double free of the
> identify hint data.
> 
> This issue was fixed in OpenSSL 1.0.2d and 1.0.1p but has not been previously
> listed in an OpenSSL security advisory. This issue also affects OpenSSL 1.0.0
> and has not been previously fixed in an OpenSSL 1.0.0 release.
> 
> OpenSSL 1.0.2 users should upgrade to 1.0.2d
> OpenSSL 1.0.1 users should upgrade to 1.0.1p
> OpenSSL 1.0.0 users should upgrade to 1.0.0t
> 
> The fix for this issue can be identified in the OpenSSL git repository by commit
> ids 3c66a669dfc7 (1.0.2), d6be3124f228 (1.0.1) and 1392c238657e (1.0.0).
> 
> The fix was developed by Dr. Stephen Henson of the OpenSSL development team.
> 
> Note
> ====
> 
> As per our previous announcements and our Release Strategy
> (https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions
> 1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these
> versions will be provided after that date. In the absence of significant
> security issues being identified prior to that date, the 1.0.0t and 0.9.8zh
> releases will be the last for those versions. Users of these versions are
> advised to upgrade.
> 
> 
> References
> ==========
> 
> URL for this Security Advisory:
> https://www.openssl.org/news/secadv/20151203.txt
> 
> Note: the online version of the advisory may be updated with additional
> details over time.
> 
> For details of OpenSSL severity classifications please see:
> https://www.openssl.org/about/secpolicy.html
> 
> _______________________________________________
> openssl-announce mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-announce

--
Brad Knowles <brad at shub-internet.org>
LinkedIn Profile: <http://tinyurl.com/y8kpxu>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.ntp.org/private/security/attachments/20151203/f285e5b7/attachment.sig>


More information about the security mailing list