Hello community, here is the log from the commit of package openssl for openSUSE:12.1:Update:Test checked in at 2012-02-02 10:37:34 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.1:Update:Test/openssl (Old) and /work/SRC/openSUSE:12.1:Update:Test/.openssl.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openssl", Maintainer is "[email protected]" Changes: -------- --- /work/SRC/openSUSE:12.1:Update:Test/openssl/openssl.changes 2012-01-11 18:27:42.000000000 +0100 +++ /work/SRC/openSUSE:12.1:Update:Test/.openssl.new/openssl.changes 2012-02-02 10:37:36.000000000 +0100 @@ -1,0 +2,6 @@ +Thu Feb 2 07:14:05 UTC 2012 - [email protected] + +- fix security bug [bnc#742821] - DTLS DoS Attack + CVE-2012-0050 + +------------------------------------------------------------------- New: ---- CVE-2012-0050.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openssl.spec ++++++ --- /var/tmp/diff_new_pack.VtZd7Y/_old 2012-02-02 10:37:36.000000000 +0100 +++ /var/tmp/diff_new_pack.VtZd7Y/_new 2012-02-02 10:37:36.000000000 +0100 @@ -31,7 +31,6 @@ Obsoletes: openssl-64bit %endif # -#Version: 1.0.0 Version: 1.0.0e Release: 1 Summary: Secure Sockets and Transport Layer Security @@ -56,6 +55,7 @@ Patch23: CVE-2011-4577.patch Patch24: CVE-2011-4619.patch Patch25: CVE-2012-0027.patch +Patch26: CVE-2012-0050.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -198,6 +198,7 @@ %patch23 -p1 %patch24 -p1 %patch25 -p1 +%patch26 -p1 cp -p %{S:10} . echo "adding/overwriting some entries in the 'table' hash in Configure" # $dso_scheme:$shared_target:$shared_cflag:$shared_ldflag:$shared_extension:$ranlib:$arflags ++++++ CVE-2012-0050.patch ++++++ Index: openssl-1.0.0e/ssl/d1_pkt.c =================================================================== --- openssl-1.0.0e.orig/ssl/d1_pkt.c +++ openssl-1.0.0e/ssl/d1_pkt.c @@ -376,6 +376,7 @@ dtls1_process_record(SSL *s) unsigned int mac_size; unsigned char md[EVP_MAX_MD_SIZE]; int decryption_failed_or_bad_record_mac = 0; + unsigned char *mac = NULL; rr= &(s->s3->rrec); @@ -447,19 +448,15 @@ printf("\n"); #endif } /* check the MAC for rr->input (it's in mac_size bytes at the tail) */ - if (rr->length < mac_size) + if (rr->length >= mac_size) { -#if 0 /* OK only for stream ciphers */ - al=SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_LENGTH_TOO_SHORT); - goto f_err; -#else - decryption_failed_or_bad_record_mac = 1; -#endif + rr->length -= mac_size; + mac = &rr->data[rr->length]; } - rr->length-=mac_size; + else + rr->length = 0; i=s->method->ssl3_enc->mac(s,md,0); - if (i < 0 || memcmp(md,&(rr->data[rr->length]),mac_size) != 0) + if (i < 0 || mac == NULL || memcmp(md, mac, mac_size) != 0) { decryption_failed_or_bad_record_mac = 1; } -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
