The branch master has been updated via fda590f8c6af8c40f522e3f62a67b6b5f39f5dde (commit) from 76e25ea3709538ce2b534e6bde4f897942146e93 (commit)
- Log ----------------------------------------------------------------- commit fda590f8c6af8c40f522e3f62a67b6b5f39f5dde Author: Matt Caswell <m...@openssl.org> Date: Thu Dec 3 15:29:34 2015 +0000 Add release and vulnerabilities information to website for release ----------------------------------------------------------------------- Summary of changes: news/newsflash.txt | 5 ++ news/secadv/20151203.txt | 123 +++++++++++++++++++++++++++ news/vulnerabilities.xml | 214 ++++++++++++++++++++++++++++++++++++++++++++++- 3 files changed, 341 insertions(+), 1 deletion(-) create mode 100644 news/secadv/20151203.txt diff --git a/news/newsflash.txt b/news/newsflash.txt index 44b973c..cf51a94 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -4,6 +4,11 @@ # Format is two fields, colon-separated; the first line is the column # headings. URL paths must all be absolute. Date: Item +03-Dec-2015: <a href="/news/secadv/20151203.txt">Security Advisory</a>: four security fixes +03-Dec-2015: OpenSSL 1.0.2e is now available, including bug and security fixes +03-Dec-2015: OpenSSL 1.0.1q is now available, including bug and security fixes +03-Dec-2015: OpenSSL 1.0.0t is now available, including bug and security fixes +03-Dec-2015: OpenSSL 0.9.8zh is now available, including bug and security fixes 09-Jul-2015: <a href="/news/secadv/20150709.txt">Security Advisory</a>: one security fix 09-Jul-2015: OpenSSL 1.0.2d is now available, including bug and security fixes 09-Jul-2015: OpenSSL 1.0.1p is now available, including bug and security fixes diff --git a/news/secadv/20151203.txt b/news/secadv/20151203.txt new file mode 100644 index 0000000..44051a2 --- /dev/null +++ b/news/secadv/20151203.txt @@ -0,0 +1,123 @@ +OpenSSL Security Advisory [3 Dec 2015] +======================================= + +NOTE: WE ANTICIPATE THAT 1.0.0t AND 0.9.8zh WILL BE THE LAST RELEASES FOR THE +0.9.8 AND 1.0.0 VERSIONS AND THAT NO MORE SECURITY FIXES WILL BE PROVIDED (AS +PER PREVIOUS ANNOUNCEMENTS). USERS ARE ADVISED TO UPGRADE TO LATER VERSIONS. + +BN_mod_exp may produce incorrect results on x86_64 (CVE-2015-3193) +================================================================== + +Severity: Moderate + +There is a carry propagating bug in the x86_64 Montgomery squaring procedure. No +EC algorithms are affected. Analysis suggests that attacks against RSA and DSA +as a result of this defect would be very difficult to perform and are not +believed likely. Attacks against DH are considered just feasible (although very +difficult) because most of the work necessary to deduce information +about a private key may be performed offline. The amount of resources +required for such an attack would be very significant and likely only +accessible to a limited number of attackers. An attacker would +additionally need online access to an unpatched system using the target +private key in a scenario with persistent DH parameters and a private +key that is shared between multiple clients. For example this can occur by +default in OpenSSL DHE based SSL/TLS ciphersuites. + +This issue affects OpenSSL version 1.0.2. + +OpenSSL 1.0.2 users should upgrade to 1.0.2e + +This issue was reported to OpenSSL on August 13 2015 by Hanno +Böck. The fix was developed by Andy Polyakov of the OpenSSL +development team. + +Certificate verify crash with missing PSS parameter (CVE-2015-3194) +=================================================================== + +Severity: Moderate + +The signature verification routines will crash with a NULL pointer dereference +if presented with an ASN.1 signature using the RSA PSS algorithm and absent +mask generation function parameter. Since these routines are used to verify +certificate signature algorithms this can be used to crash any certificate +verification operation and exploited in a DoS attack. Any application which +performs certificate verification is vulnerable including OpenSSL clients and +servers which enable client authentication. + +This issue affects OpenSSL versions 1.0.2 and 1.0.1. + +OpenSSL 1.0.2 users should upgrade to 1.0.2e +OpenSSL 1.0.1 users should upgrade to 1.0.1q + +This issue was reported to OpenSSL on August 27 2015 by Loïc Jonas Etienne +(Qnective AG). The fix was developed by Dr. Stephen Henson of the OpenSSL +development team. + +X509_ATTRIBUTE memory leak (CVE-2015-3195) +========================================== + +Severity: Moderate + +When presented with a malformed X509_ATTRIBUTE structure OpenSSL will leak +memory. This structure is used by the PKCS#7 and CMS routines so any +application which reads PKCS#7 or CMS data from untrusted sources is affected. +SSL/TLS is not affected. + +This issue affects OpenSSL versions 1.0.2 and 1.0.1, 1.0.0 and 0.9.8. + +OpenSSL 1.0.2 users should upgrade to 1.0.2e +OpenSSL 1.0.1 users should upgrade to 1.0.1q +OpenSSL 1.0.0 users should upgrade to 1.0.0t +OpenSSL 0.9.8 users should upgrade to 0.9.8zh + +This issue was reported to OpenSSL on November 9 2015 by Adam Langley +(Google/BoringSSL) using libFuzzer. The fix was developed by Dr. Stephen +Henson of the OpenSSL development team. + +Race condition handling PSK identify hint (CVE-2015-3196) +========================================================= + +Severity: Low + +If PSK identity hints are received by a multi-threaded client then +the values are wrongly updated in the parent SSL_CTX structure. This can +result in a race condition potentially leading to a double free of the +identify hint data. + +This issue was fixed in OpenSSL 1.0.2d and 1.0.1p but has not been previously +listed in an OpenSSL security advisory. This issue also affects OpenSSL 1.0.0 +and has not been previously fixed in an OpenSSL 1.0.0 release. + +OpenSSL 1.0.2 users should upgrade to 1.0.2d +OpenSSL 1.0.1 users should upgrade to 1.0.1p +OpenSSL 1.0.0 users should upgrade to 1.0.0t + +The fix for this issue can be identified in the OpenSSL git repository by commit +ids 3c66a669dfc7 (1.0.2), d6be3124f228 (1.0.1) and 1392c238657e (1.0.0). + +The fix was developed by Dr. Stephen Henson of the OpenSSL development team. + +Note +==== + +As per our previous announcements and our Release Strategy +(https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions +1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these +versions will be provided after that date. In the absence of significant +security issues being identified prior to that date, the 1.0.0t and 0.9.8zh +releases will be the last for those versions. Users of these versions are +advised to upgrade. + + +References +========== + +URL for this Security Advisory: +https://www.openssl.org/news/secadv/20151203.txt + +Note: the online version of the advisory may be updated with additional +details over time. + +For details of OpenSSL severity classifications please see: +https://www.openssl.org/about/secpolicy.html + diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml index 8dbb358..b2629d7 100644 --- a/news/vulnerabilities.xml +++ b/news/vulnerabilities.xml @@ -5,7 +5,219 @@ 1.0.0 on 20100329 --> -<security updated="20150709"> +<security updated="20151203"> + <issue public="20151203"> + <cve name="2015-3193"/> + <affects base="1.0.2" version="1.0.2"/> + <affects base="1.0.2" version="1.0.2a"/> + <affects base="1.0.2" version="1.0.2b"/> + <affects base="1.0.2" version="1.0.2c"/> + <affects base="1.0.2" version="1.0.2d"/> + <fixed base="1.0.2" version="1.0.2e" date="20151203"/> + + <description> + There is a carry propagating bug in the x86_64 Montgomery squaring procedure. No + EC algorithms are affected. Analysis suggests that attacks against RSA and DSA + as a result of this defect would be very difficult to perform and are not + believed likely. Attacks against DH are considered just feasible (although very + difficult) because most of the work necessary to deduce information + about a private key may be performed offline. The amount of resources + required for such an attack would be very significant and likely only + accessible to a limited number of attackers. An attacker would + additionally need online access to an unpatched system using the target + private key in a scenario with persistent DH parameters and a private + key that is shared between multiple clients. For example this can occur by + default in OpenSSL DHE based SSL/TLS ciphersuites. + </description> + <advisory url="/news/secadv/20151203.txt"/> + <reported source="Hanno Böck"/> + </issue> + <issue public="20151203"> + <cve name="2015-3194"/> + <affects base="1.0.1" version="1.0.1"/> + <affects base="1.0.1" version="1.0.1a"/> + <affects base="1.0.1" version="1.0.1b"/> + <affects base="1.0.1" version="1.0.1c"/> + <affects base="1.0.1" version="1.0.1d"/> + <affects base="1.0.1" version="1.0.1e"/> + <affects base="1.0.1" version="1.0.1f"/> + <affects base="1.0.1" version="1.0.1g"/> + <affects base="1.0.1" version="1.0.1h"/> + <affects base="1.0.1" version="1.0.1i"/> + <affects base="1.0.1" version="1.0.1j"/> + <affects base="1.0.1" version="1.0.1k"/> + <affects base="1.0.1" version="1.0.1l"/> + <affects base="1.0.1" version="1.0.1m"/> + <affects base="1.0.1" version="1.0.1n"/> + <affects base="1.0.1" version="1.0.1o"/> + <affects base="1.0.1" version="1.0.1p"/> + <affects base="1.0.2" version="1.0.2"/> + <affects base="1.0.2" version="1.0.2a"/> + <affects base="1.0.2" version="1.0.2b"/> + <affects base="1.0.2" version="1.0.2c"/> + <affects base="1.0.2" version="1.0.2d"/> + <fixed base="1.0.2" version="1.0.2e" date="20151203"/> + <fixed base="1.0.1" version="1.0.1q" date="20151203"/> + + <description> + The signature verification routines will crash with a NULL pointer dereference + if presented with an ASN.1 signature using the RSA PSS algorithm and absent + mask generation function parameter. Since these routines are used to verify + certificate signature algorithms this can be used to crash any certificate + verification operation and exploited in a DoS attack. Any application which + performs certificate verification is vulnerable including OpenSSL clients and + servers which enable client authentication. + </description> + <advisory url="/news/secadv/20151203.txt"/> + <reported source="Loïc Jonas Etienne (Qnective AG)"/> + </issue> + <issue public="20151203"> + <cve name="2015-3195"/> + <affects base="0.9.8" version="0.9.8"/> + <affects base="0.9.8" version="0.9.8a"/> + <affects base="0.9.8" version="0.9.8b"/> + <affects base="0.9.8" version="0.9.8c"/> + <affects base="0.9.8" version="0.9.8d"/> + <affects base="0.9.8" version="0.9.8e"/> + <affects base="0.9.8" version="0.9.8f"/> + <affects base="0.9.8" version="0.9.8g"/> + <affects base="0.9.8" version="0.9.8h"/> + <affects base="0.9.8" version="0.9.8i"/> + <affects base="0.9.8" version="0.9.8j"/> + <affects base="0.9.8" version="0.9.8k"/> + <affects base="0.9.8" version="0.9.8l"/> + <affects base="0.9.8" version="0.9.8m"/> + <affects base="0.9.8" version="0.9.8n"/> + <affects base="0.9.8" version="0.9.8o"/> + <affects base="0.9.8" version="0.9.8p"/> + <affects base="0.9.8" version="0.9.8q"/> + <affects base="0.9.8" version="0.9.8r"/> + <affects base="0.9.8" version="0.9.8s"/> + <affects base="0.9.8" version="0.9.8t"/> + <affects base="0.9.8" version="0.9.8u"/> + <affects base="0.9.8" version="0.9.8v"/> + <affects base="0.9.8" version="0.9.8w"/> + <affects base="0.9.8" version="0.9.8x"/> + <affects base="0.9.8" version="0.9.8y"/> + <affects base="0.9.8" version="0.9.8za"/> + <affects base="0.9.8" version="0.9.8zb"/> + <affects base="0.9.8" version="0.9.8zc"/> + <affects base="0.9.8" version="0.9.8zd"/> + <affects base="0.9.8" version="0.9.8ze"/> + <affects base="0.9.8" version="0.9.8zf"/> + <affects base="0.9.8" version="0.9.8zg"/> + <affects base="1.0.0" version="1.0.0"/> + <affects base="1.0.0" version="1.0.0a"/> + <affects base="1.0.0" version="1.0.0b"/> + <affects base="1.0.0" version="1.0.0c"/> + <affects base="1.0.0" version="1.0.0d"/> + <affects base="1.0.0" version="1.0.0e"/> + <affects base="1.0.0" version="1.0.0f"/> + <affects base="1.0.0" version="1.0.0g"/> + <affects base="1.0.0" version="1.0.0h"/> + <affects base="1.0.0" version="1.0.0i"/> + <affects base="1.0.0" version="1.0.0j"/> + <affects base="1.0.0" version="1.0.0k"/> + <affects base="1.0.0" version="1.0.0l"/> + <affects base="1.0.0" version="1.0.0m"/> + <affects base="1.0.0" version="1.0.0n"/> + <affects base="1.0.0" version="1.0.0o"/> + <affects base="1.0.0" version="1.0.0p"/> + <affects base="1.0.0" version="1.0.0q"/> + <affects base="1.0.0" version="1.0.0r"/> + <affects base="1.0.0" version="1.0.0s"/> + <affects base="1.0.1" version="1.0.1"/> + <affects base="1.0.1" version="1.0.1a"/> + <affects base="1.0.1" version="1.0.1b"/> + <affects base="1.0.1" version="1.0.1c"/> + <affects base="1.0.1" version="1.0.1d"/> + <affects base="1.0.1" version="1.0.1e"/> + <affects base="1.0.1" version="1.0.1f"/> + <affects base="1.0.1" version="1.0.1g"/> + <affects base="1.0.1" version="1.0.1h"/> + <affects base="1.0.1" version="1.0.1i"/> + <affects base="1.0.1" version="1.0.1j"/> + <affects base="1.0.1" version="1.0.1k"/> + <affects base="1.0.1" version="1.0.1l"/> + <affects base="1.0.1" version="1.0.1m"/> + <affects base="1.0.1" version="1.0.1n"/> + <affects base="1.0.1" version="1.0.1o"/> + <affects base="1.0.1" version="1.0.1p"/> + <affects base="1.0.2" version="1.0.2"/> + <affects base="1.0.2" version="1.0.2a"/> + <affects base="1.0.2" version="1.0.2b"/> + <affects base="1.0.2" version="1.0.2c"/> + <affects base="1.0.2" version="1.0.2d"/> + <fixed base="1.0.2" version="1.0.2e" date="20151203"/> + <fixed base="1.0.1" version="1.0.1q" date="20151203"/> + <fixed base="1.0.0" version="1.0.0t" date="20151203"/> + <fixed base="0.9.8" version="0.9.8zh" date="20151203"/> + + <description> + When presented with a malformed X509_ATTRIBUTE structure OpenSSL will leak + memory. This structure is used by the PKCS#7 and CMS routines so any + application which reads PKCS#7 or CMS data from untrusted sources is affected. + SSL/TLS is not affected. + </description> + <advisory url="/news/secadv/20151203.txt"/> + <reported source="Adam Langley (Google/BoringSSL) using libFuzzer"/> + </issue> + <issue public="20151203"> + <cve name="2015-3196"/> + <affects base="1.0.0" version="1.0.0"/> + <affects base="1.0.0" version="1.0.0a"/> + <affects base="1.0.0" version="1.0.0b"/> + <affects base="1.0.0" version="1.0.0c"/> + <affects base="1.0.0" version="1.0.0d"/> + <affects base="1.0.0" version="1.0.0e"/> + <affects base="1.0.0" version="1.0.0f"/> + <affects base="1.0.0" version="1.0.0g"/> + <affects base="1.0.0" version="1.0.0h"/> + <affects base="1.0.0" version="1.0.0i"/> + <affects base="1.0.0" version="1.0.0j"/> + <affects base="1.0.0" version="1.0.0k"/> + <affects base="1.0.0" version="1.0.0l"/> + <affects base="1.0.0" version="1.0.0m"/> + <affects base="1.0.0" version="1.0.0n"/> + <affects base="1.0.0" version="1.0.0o"/> + <affects base="1.0.0" version="1.0.0p"/> + <affects base="1.0.0" version="1.0.0q"/> + <affects base="1.0.0" version="1.0.0r"/> + <affects base="1.0.0" version="1.0.0s"/> + <affects base="1.0.1" version="1.0.1"/> + <affects base="1.0.1" version="1.0.1a"/> + <affects base="1.0.1" version="1.0.1b"/> + <affects base="1.0.1" version="1.0.1c"/> + <affects base="1.0.1" version="1.0.1d"/> + <affects base="1.0.1" version="1.0.1e"/> + <affects base="1.0.1" version="1.0.1f"/> + <affects base="1.0.1" version="1.0.1g"/> + <affects base="1.0.1" version="1.0.1h"/> + <affects base="1.0.1" version="1.0.1i"/> + <affects base="1.0.1" version="1.0.1j"/> + <affects base="1.0.1" version="1.0.1k"/> + <affects base="1.0.1" version="1.0.1l"/> + <affects base="1.0.1" version="1.0.1m"/> + <affects base="1.0.1" version="1.0.1n"/> + <affects base="1.0.1" version="1.0.1o"/> + <affects base="1.0.2" version="1.0.2"/> + <affects base="1.0.2" version="1.0.2a"/> + <affects base="1.0.2" version="1.0.2b"/> + <affects base="1.0.2" version="1.0.2c"/> + <fixed base="1.0.2" version="1.0.2d" date="20150709"/> + <fixed base="1.0.1" version="1.0.1p" date="20150709"/> + <fixed base="1.0.0" version="1.0.0t" date="20151203"/> + + <description> + If PSK identity hints are received by a multi-threaded client then + the values are wrongly updated in the parent SSL_CTX structure. This can + result in a race condition potentially leading to a double free of the + identify hint data. + </description> + <advisory url="/news/secadv/20151203.txt"/> + <reported source="Stephen Henson (OpenSSL)"/> + </issue> + <issue public="20150709"> <cve name="2015-1793"/> <affects base="1.0.1" version="1.0.1n"/> _____ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits