The branch master has been updated via 0689c523b599d89f0ce5caedab4f7d66bee1efb6 (commit) from f0a6320b5394fb6be437d7ea800aa75bb9eabbbe (commit)
- Log ----------------------------------------------------------------- commit 0689c523b599d89f0ce5caedab4f7d66bee1efb6 Author: Matt Caswell <m...@openssl.org> Date: Tue Dec 8 13:45:19 2020 +0000 Commits for new releases Reviewed-by: Richard Levitte <levi...@openssl.org> ----------------------------------------------------------------------- Summary of changes: news/newsflash.txt | 1 + news/secadv/20201208.txt | 73 ++++++++++++++++++++++++++++++++++++++++++ news/vulnerabilities.xml | 82 +++++++++++++++++++++++++++++++++++++++++++++++- 3 files changed, 155 insertions(+), 1 deletion(-) create mode 100644 news/secadv/20201208.txt diff --git a/news/newsflash.txt b/news/newsflash.txt index c945172..6b39413 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -5,6 +5,7 @@ # headings. URL paths must all be absolute. Date: Item +08-Dec-2020: OpenSSL 1.1.1i is now available, including bug and security fixes 26-Nov-2020: Alpha 9 of OpenSSL 3.0 is now available: please download and test it 05-Nov-2020: Alpha 8 of OpenSSL 3.0 is now available: please download and test it 21-Oct-2020: New Blog post: <a href="/blog/blog/2020/10/20/OpenSSL3.0Alpha7/">OpenSSL 3.0 Alpha7 Release</a> diff --git a/news/secadv/20201208.txt b/news/secadv/20201208.txt new file mode 100644 index 0000000..bda8317 --- /dev/null +++ b/news/secadv/20201208.txt @@ -0,0 +1,73 @@ +OpenSSL Security Advisory [08 December 2020] +============================================ + +EDIPARTYNAME NULL pointer de-reference (CVE-2020-1971) +====================================================== + +Severity: High + +The X.509 GeneralName type is a generic type for representing different types +of names. One of those name types is known as EDIPartyName. OpenSSL provides a +function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME +to see if they are equal or not. This function behaves incorrectly when both +GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash +may occur leading to a possible denial of service attack. + +OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: +1) Comparing CRL distribution point names between an available CRL and a CRL + distribution point embedded in an X509 certificate +2) When verifying that a timestamp response token signer matches the timestamp + authority name (exposed via the API functions TS_RESP_verify_response and + TS_RESP_verify_token) + +If an attacker can control both items being compared then that attacker could +trigger a crash. For example if the attacker can trick a client or server into +checking a malicious certificate against a malicious CRL then this may occur. +Note that some applications automatically download CRLs based on a URL embedded +in a certificate. This checking happens prior to the signatures on the +certificate and CRL being verified. OpenSSL's s_server, s_client and verify +tools have support for the "-crl_download" option which implements automatic +CRL downloading and this attack has been demonstrated to work against those +tools. + +Note that an unrelated bug means that affected versions of OpenSSL cannot parse +or construct correct encodings of EDIPARTYNAME. However it is possible to +construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence +trigger this attack. + +All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL +releases are out of support and have not been checked. + +OpenSSL 1.1.1 users should upgrade to 1.1.1i. + +OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium +support customers of OpenSSL 1.0.2 should upgrade to 1.0.2x. Other users should +upgrade to OpenSSL 1.1.1i. + +This issue was reported to OpenSSL on 9th November 2020 by David Benjamin +(Google). Initial analysis was performed by David Benjamin with additional +analysis by Matt Caswell (OpenSSL). The fix was developed by Matt Caswell. + +Note +==== + +OpenSSL 1.0.2 is out of support and no longer receiving public updates. Extended +support is available for premium support customers: +https://www.openssl.org/support/contracts.html + +OpenSSL 1.1.0 is out of support and no longer receiving updates of any kind. +The impact of this issue on OpenSSL 1.1.0 has not been analysed. + +Users of these versions should upgrade to OpenSSL 1.1.1. + +References +========== + +URL for this Security Advisory: +https://www.openssl.org/news/secadv/20201208.txt + +Note: the online version of the advisory may be updated with additional details +over time. + +For details of OpenSSL severity classifications please see: +https://www.openssl.org/policies/secpolicy.html diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml index 9b7dcb6..93543ac 100644 --- a/news/vulnerabilities.xml +++ b/news/vulnerabilities.xml @@ -7,7 +7,87 @@ <!-- The updated attribute should be the same as the first public issue, unless an old entry was updated. --> -<security updated="20200909"> +<security updated="20201208"> + <issue public="20201208"> + <impact severity="High"/> + <cve name="2020-1971"/> + <affects base="1.1.1" version="1.1.1"/> + <affects base="1.1.1" version="1.1.1a"/> + <affects base="1.1.1" version="1.1.1b"/> + <affects base="1.1.1" version="1.1.1c"/> + <affects base="1.1.1" version="1.1.1d"/> + <affects base="1.1.1" version="1.1.1e"/> + <affects base="1.1.1" version="1.1.1f"/> + <affects base="1.1.1" version="1.1.1g"/> + <affects base="1.1.1" version="1.1.1h"/> + <affects base="1.0.2" version="1.0.2"/> + <affects base="1.0.2" version="1.0.2a"/> + <affects base="1.0.2" version="1.0.2b"/> + <affects base="1.0.2" version="1.0.2c"/> + <affects base="1.0.2" version="1.0.2d"/> + <affects base="1.0.2" version="1.0.2e"/> + <affects base="1.0.2" version="1.0.2f"/> + <affects base="1.0.2" version="1.0.2g"/> + <affects base="1.0.2" version="1.0.2h"/> + <affects base="1.0.2" version="1.0.2i"/> + <affects base="1.0.2" version="1.0.2j"/> + <affects base="1.0.2" version="1.0.2k"/> + <affects base="1.0.2" version="1.0.2l"/> + <affects base="1.0.2" version="1.0.2m"/> + <affects base="1.0.2" version="1.0.2n"/> + <affects base="1.0.2" version="1.0.2o"/> + <affects base="1.0.2" version="1.0.2p"/> + <affects base="1.0.2" version="1.0.2q"/> + <affects base="1.0.2" version="1.0.2r"/> + <affects base="1.0.2" version="1.0.2s"/> + <affects base="1.0.2" version="1.0.2t"/> + <affects base="1.0.2" version="1.0.2u"/> + <affects base="1.0.2" version="1.0.2v"/> + <affects base="1.0.2" version="1.0.2w"/> + <fixed base="1.1.1" version="1.1.1i" date="20201208"> + <git hash="f960d81215ebf3f65e03d4d5d857fb9b666d6920"/> + </fixed> + <fixed base="1.0.2" version="1.0.2x" date="20201208"> + <git hash="2154ab83e14ede338d2ede9bbe5cdfce5d5a6c9e"/> + </fixed> + <problemtype>NULL pointer dereference</problemtype> + <title>EDIPARTYNAME NULL pointer dereference</title> + <description> +The X.509 GeneralName type is a generic type for representing different types +of names. One of those name types is known as EDIPartyName. OpenSSL provides a +function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME +to see if they are equal or not. This function behaves incorrectly when both +GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash +may occur leading to a possible denial of service attack. + +OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: +1) Comparing CRL distribution point names between an available CRL and a CRL + distribution point embedded in an X509 certificate +2) When verifying that a timestamp response token signer matches the timestamp + authority name (exposed via the API functions TS_RESP_verify_response and + TS_RESP_verify_token) + +If an attacker can control both items being compared then that attacker could +trigger a crash. For example if the attacker can trick a client or server into +checking a malicious certificate against a malicious CRL then this may occur. +Note that some applications automatically download CRLs based on a URL embedded +in a certificate. This checking happens prior to the signatures on the +certificate and CRL being verified. OpenSSL's s_server, s_client and verify +tools have support for the "-crl_download" option which implements automatic +CRL downloading and this attack has been demonstrated to work against those +tools. + +Note that an unrelated bug means that affected versions of OpenSSL cannot parse +or construct correct encodings of EDIPARTYNAME. However it is possible to +construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence +trigger this attack. + +All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL +releases are out of support and have not been checked. + </description> + <advisory url="/news/secadv/20201208.txt"/> + <reported source="David Benjamin (Google)"/> + </issue> <issue public="20200909"> <impact severity="Low"/> <cve name="2020-1968"/>