The branch master has been updated via b142b6fc2b1787bac79b0823c7a1cc37c301c68c (commit) via 8af698d4de2c19b45f702d03560c8045fc1bbec5 (commit) from ba28d8470fba25cac99a94b7b9fa27bddbd1622a (commit)
- Log ----------------------------------------------------------------- commit b142b6fc2b1787bac79b0823c7a1cc37c301c68c Author: Matt Caswell <m...@openssl.org> Date: Tue Mar 27 14:25:09 2018 +0100 Publish security advisory commit 8af698d4de2c19b45f702d03560c8045fc1bbec5 Author: Matt Caswell <m...@openssl.org> Date: Tue Mar 27 14:10:47 2018 +0100 Update news for new release ----------------------------------------------------------------------- Summary of changes: news/newsflash.txt | 2 ++ news/secadv/20180327.txt | 82 ++++++++++++++++++++++++++++++++++++++++++++++++ news/vulnerabilities.xml | 73 ++++++++++++++++++++++++++++++++++++++++-- 3 files changed, 155 insertions(+), 2 deletions(-) create mode 100644 news/secadv/20180327.txt diff --git a/news/newsflash.txt b/news/newsflash.txt index 572c8db..f7fd9a1 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -4,6 +4,8 @@ # Format is two fields, colon-separated; the first line is the column # headings. URL paths must all be absolute. Date: Item +27-Mar-2018: OpenSSL 1.1.0h is now available, including bug and security fixes +27-Mar-2018: OpenSSL 1.0.2o is now available, including bug and security fixes 20-Mar-2018: OpenSSL 1.1.0h, 1.0.2o <a href="https://mta.openssl.org/pipermail/openssl-announce/2018-March/000116.html">security release due on 27th March 2018</a> 20-Mar-2018: Beta 1 of OpenSSL 1.1.1 is now available: please download and test it 01-Mar-2018: New Blog post: <a href="https://www.openssl.org/blog/blog/2018/03/01/last-license/">Seeking Last Group of Contributors</a> diff --git a/news/secadv/20180327.txt b/news/secadv/20180327.txt new file mode 100644 index 0000000..bddf0a6 --- /dev/null +++ b/news/secadv/20180327.txt @@ -0,0 +1,82 @@ + +OpenSSL Security Advisory [27 Mar 2018] +======================================== + +Constructed ASN.1 types with a recursive definition could exceed the stack (CVE-2018-0739) +========================================================================================== + +Severity: Moderate + +Constructed ASN.1 types with a recursive definition (such as can be found in +PKCS7) could eventually exceed the stack given malicious input with +excessive recursion. This could result in a Denial Of Service attack. There are +no such structures used within SSL/TLS that come from untrusted sources so this +is considered safe. + +OpenSSL 1.1.0 users should upgrade to 1.1.0h +OpenSSL 1.0.2 users should upgrade to 1.0.2o + +This issue was reported to OpenSSL on 4th January 2018 by the OSS-fuzz project. +The fix was developed by Matt Caswell of the OpenSSL development team. + +Incorrect CRYPTO_memcmp on HP-UX PA-RISC (CVE-2018-0733) +======================================================== + +Severity: Moderate + +Because of an implementation bug the PA-RISC CRYPTO_memcmp function is +effectively reduced to only comparing the least significant bit of each byte. +This allows an attacker to forge messages that would be considered as +authenticated in an amount of tries lower than that guaranteed by the security +claims of the scheme. The module can only be compiled by the HP-UX assembler, so +that only HP-UX PA-RISC targets are affected. + +OpenSSL 1.1.0 users should upgrade to 1.1.0h + +This issue was reported to OpenSSL on 2nd March 2018 by Peter Waltenberg (IBM). +The fix was developed by Andy Polyakov of the OpenSSL development team. + +rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738) +========================================================= + +Severity: Low + +This issue has been reported in a previous OpenSSL security advisory and a fix +was provided for OpenSSL 1.0.2. Due to the low severity no fix was released at +that time for OpenSSL 1.1.0. The fix is now available in OpenSSL 1.1.0h. + +There is an overflow bug in the AVX2 Montgomery multiplication procedure +used in exponentiation with 1024-bit moduli. No EC algorithms are affected. +Analysis suggests that attacks against RSA and DSA as a result of this defect +would be very difficult to perform and are not believed likely. Attacks +against DH1024 are considered just feasible, because most of the work +necessary to deduce information about a private key may be performed offline. +The amount of resources required for such an attack would be significant. +However, for an attack on TLS to be meaningful, the server would have to share +the DH1024 private key among multiple clients, which is no longer an option +since CVE-2016-0701. + +This only affects processors that support the AVX2 but not ADX extensions +like Intel Haswell (4th generation). + +Note: The impact from this issue is similar to CVE-2017-3736, CVE-2017-3732 +and CVE-2015-3193. + +OpenSSL 1.1.0 users should upgrade to 1.1.0h +OpenSSL 1.0.2 users should upgrade to 1.0.2n + +This issue was reported to OpenSSL on 22nd November 2017 by David Benjamin +(Google). The issue was originally found via the OSS-Fuzz project. The fix was +developed by Andy Polyakov of the OpenSSL development team. + +References +========== + +URL for this Security Advisory: +https://www.openssl.org/news/secadv/20180327.txt + +Note: the online version of the advisory may be updated with additional details +over time. + +For details of OpenSSL severity classifications please see: +https://www.openssl.org/policies/secpolicy.html diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml index 026afc0..b565e18 100644 --- a/news/vulnerabilities.xml +++ b/news/vulnerabilities.xml @@ -7,7 +7,76 @@ <!-- The updated attribute should be the same as the first public issue, unless an old entry was updated. --> -<security updated="20171102"> +<security updated="20180327"> + <issue public="20180327"> + <impact severity="Moderate"/> + <cve name="2018-0739"/> + <affects base="1.1.0" version="1.1.0"/> + <affects base="1.1.0" version="1.1.0a"/> + <affects base="1.1.0" version="1.1.0b"/> + <affects base="1.1.0" version="1.1.0c"/> + <affects base="1.1.0" version="1.1.0d"/> + <affects base="1.1.0" version="1.1.0e"/> + <affects base="1.1.0" version="1.1.0f"/> + <affects base="1.1.0" version="1.1.0g"/> + <affects base="1.0.2" version="1.0.2b"/> + <affects base="1.0.2" version="1.0.2c"/> + <affects base="1.0.2" version="1.0.2d"/> + <affects base="1.0.2" version="1.0.2e"/> + <affects base="1.0.2" version="1.0.2f"/> + <affects base="1.0.2" version="1.0.2g"/> + <affects base="1.0.2" version="1.0.2h"/> + <affects base="1.0.2" version="1.0.2i"/> + <affects base="1.0.2" version="1.0.2j"/> + <affects base="1.0.2" version="1.0.2k"/> + <affects base="1.0.2" version="1.0.2l"/> + <affects base="1.0.2" version="1.0.2m"/> + <affects base="1.0.2" version="1.0.2n"/> + <fixed base="1.1.0" version="1.1.0h" date="20180327"> + <git hash="2ac4c6f7b2b2af20c0e2b0ba05367e454cd11b33"/> + </fixed> + <fixed base="1.0.2" version="1.0.2o" date="20180327"> + <git hash="9310d45087ae546e27e61ddf8f6367f29848220d"/> + </fixed> + <problemtype>Stack overflow</problemtype> + <title>Constructed ASN.1 types with a recursive definition could exceed the stack</title> + <description> + Constructed ASN.1 types with a recursive definition (such as can be found + in PKCS7) could eventually exceed the stack given malicious input with + excessive recursion. This could result in a Denial Of Service attack. + There are no such structures used within SSL/TLS that come from untrusted + sources so this is considered safe. + </description> + <advisory url="/news/secadv/20180327.txt"/> + <reported source="OSS-fuzz"/> + </issue> + <issue public="20180327"> + <impact severity="Moderate"/> + <cve name="2018-0733"/> + <affects base="1.1.0" version="1.1.0"/> + <affects base="1.1.0" version="1.1.0a"/> + <affects base="1.1.0" version="1.1.0b"/> + <affects base="1.1.0" version="1.1.0c"/> + <affects base="1.1.0" version="1.1.0d"/> + <affects base="1.1.0" version="1.1.0e"/> + <affects base="1.1.0" version="1.1.0f"/> + <affects base="1.1.0" version="1.1.0g"/> + <fixed base="1.1.0" version="1.1.0h" date="20180327"> + <git hash="56d5a4bfcaf37fa420aef2bb881aa55e61cf5f2f"/> + </fixed> + <problemtype>Message forgery</problemtype> + <title>Incorrect CRYPTO_memcmp on HP-UX PA-RISC</title> + <description> + Because of an implementation bug the PA-RISC CRYPTO_memcmp function is + effectively reduced to only comparing the least significant bit of each + byte. This allows an attacker to forge messages that would be considered + as authenticated in an amount of tries lower than that guaranteed by the + security claims of the scheme. The module can only be compiled by the + HP-UX assembler, so that only HP-UX PA-RISC targets are affected. + </description> + <advisory url="/news/secadv/20180327.txt"/> + <reported source="Peter Waltenberg (IBM)"/> + </issue> <issue public="20171207"> <impact severity="Moderate"/> <cve name="2017-3737"/> @@ -76,7 +145,7 @@ <fixed base="1.0.2" version="1.0.2n" date="20171207"> <git hash="ca51bafc1a88d8b8348f5fd97adc5d6ca93f8e76"/> </fixed> - <fixed base="1.1.0" version="1.1.0h-dev" date="20171207"> + <fixed base="1.1.0" version="1.1.0h" date="20180327"> <git hash="e502cc86df9dafded1694fceb3228ee34d11c11a"/> </fixed> <problemtype>carry-propagating bug</problemtype> _____ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits