The redhat podcast with Mark (Cox) probably answers this best; http://bit.ly/Th64oP
On Thu, Jun 5, 2014 at 12:04 PM, Juha Saarinen <j...@saarinen.org> wrote: > Hi Steve, > > That’s quite a few in one go - is this due to greater testing of OpenSSL > and more scrutiny of the code by the community? > > Of the flaws listed, which is the one of most concern? > > This kind of begs the question what to do with all those embedded systems > that run older versions of OpenSSL. > > Thanks > > — > Juha > > > > On 5/06/2014, at 11:54 pm, OpenSSL <open...@openssl.org> wrote: > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA256 > > > > OpenSSL Security Advisory [05 Jun 2014] > > ======================================== > > > > Resend: first version contained characters which could cause signature > failure. > > > > SSL/TLS MITM vulnerability (CVE-2014-0224) > > =========================================== > > > > An attacker using a carefully crafted handshake can force the use of weak > > keying material in OpenSSL SSL/TLS clients and servers. This can be > exploited > > by a Man-in-the-middle (MITM) attack where the attacker can decrypt and > > modify traffic from the attacked client and server. > > > > The attack can only be performed between a vulnerable client *and* > > server. OpenSSL clients are vulnerable in all versions of OpenSSL. > Servers > > are only known to be vulnerable in OpenSSL 1.0.1 and 1.0.2-beta1. Users > > of OpenSSL servers earlier than 1.0.1 are advised to upgrade as a > precaution. > > > > OpenSSL 0.9.8 SSL/TLS users (client and/or server) should upgrade to > 0.9.8za. > > OpenSSL 1.0.0 SSL/TLS users (client and/or server) should upgrade to > 1.0.0m. > > OpenSSL 1.0.1 SSL/TLS users (client and/or server) should upgrade to > 1.0.1h. > > > > Thanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for discovering and > > researching this issue. This issue was reported to OpenSSL on 1st May > > 2014 via JPCERT/CC. > > > > The fix was developed by Stephen Henson of the OpenSSL core team partly > based > > on an original patch from KIKUCHI Masashi. > > > > DTLS recursion flaw (CVE-2014-0221) > > ==================================== > > > > By sending an invalid DTLS handshake to an OpenSSL DTLS client the code > > can be made to recurse eventually crashing in a DoS attack. > > > > Only applications using OpenSSL as a DTLS client are affected. > > > > OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za > > OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m. > > OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h. > > > > Thanks to Imre Rad (Search-Lab Ltd.) for discovering this issue. This > > issue was reported to OpenSSL on 9th May 2014. > > > > The fix was developed by Stephen Henson of the OpenSSL core team. > > > > DTLS invalid fragment vulnerability (CVE-2014-0195) > > ==================================================== > > > > A buffer overrun attack can be triggered by sending invalid DTLS > fragments > > to an OpenSSL DTLS client or server. This is potentially exploitable to > > run arbitrary code on a vulnerable client or server. > > > > Only applications using OpenSSL as a DTLS client or server affected. > > > > OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za > > OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m. > > OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h. > > > > Thanks to Juri Aedla for reporting this issue. This issue was > > reported to OpenSSL on 23rd April 2014 via HP ZDI. > > > > The fix was developed by Stephen Henson of the OpenSSL core team. > > > > SSL_MODE_RELEASE_BUFFERS NULL pointer dereference (CVE-2014-0198) > > ================================================================= > > > > A flaw in the do_ssl3_write function can allow remote attackers to > > cause a denial of service via a NULL pointer dereference. This flaw > > only affects OpenSSL 1.0.0 and 1.0.1 where SSL_MODE_RELEASE_BUFFERS is > > enabled, which is not the default and not common. > > > > OpenSSL 1.0.0 users should upgrade to 1.0.0m. > > OpenSSL 1.0.1 users should upgrade to 1.0.1h. > > > > This issue was reported in public. The fix was developed by > > Matt Caswell of the OpenSSL development team. > > > > SSL_MODE_RELEASE_BUFFERS session injection or denial of service > (CVE-2010-5298) > > > =============================================================================== > > > > A race condition in the ssl3_read_bytes function can allow remote > > attackers to inject data across sessions or cause a denial of service. > > This flaw only affects multithreaded applications using OpenSSL 1.0.0 > > and 1.0.1, where SSL_MODE_RELEASE_BUFFERS is enabled, which is not the > > default and not common. > > > > OpenSSL 1.0.0 users should upgrade to 1.0.0m. > > OpenSSL 1.0.1 users should upgrade to 1.0.1h. > > > > This issue was reported in public. > > > > Anonymous ECDH denial of service (CVE-2014-3470) > > ================================================ > > > > OpenSSL TLS clients enabling anonymous ECDH ciphersuites are subject to a > > denial of service attack. > > > > OpenSSL 0.9.8 users should upgrade to 0.9.8za > > OpenSSL 1.0.0 users should upgrade to 1.0.0m. > > OpenSSL 1.0.1 users should upgrade to 1.0.1h. > > > > Thanks to Felix Grobert and Ivan Fratric at Google for discovering this > > issue. This issue was reported to OpenSSL on 28th May 2014. > > > > The fix was developed by Stephen Henson of the OpenSSL core team. > > > > Other issues > > ============ > > > > OpenSSL 1.0.0m and OpenSSL 0.9.8za also contain a fix for > > CVE-2014-0076: Fix for the attack described in the paper "Recovering > > OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack" > > Reported by Yuval Yarom and Naomi Benger. This issue was previously > > fixed in OpenSSL 1.0.1g. > > > > > > References > > ========== > > > > URL for this Security Advisory: > > http://www.openssl.org/news/secadv_20140605.txt > > > > Note: the online version of the advisory may be updated with additional > > details over time. > > -----BEGIN PGP SIGNATURE----- > > Version: GnuPG v1.4.11 (GNU/Linux) > > > > iQIcBAEBCAAGBQJTkFm3AAoJENNXdQf6QOnihZAQAIFx8gw6s6HabFQ1b+GIpvdi > > aJ1BBE4RPVLvxVtApON0eOESjcuetkiz6aU2JUVeObWn9fiPjuRnNueuFe5CiK0P > > zVzv1AFyfae0m5IMzGSPgmffusbTo8cfjt6N6e77p6zWFncmlTW1wkr3th3RdjBk > > OyEZgrSq1lO22csiQVD/CG+sOFWJUxM1dDDzluVU+XCnNEFdfAKc/i6b26BLUjag > > zIDbptPgDu/5alRGqO/1A1EC0ODLYtu0xJWe7JUMPSPa/M8y2U9AKAMGPvlxJzs1 > > g2rNk14NT1YzN7KJBHJVMA70wMSmsU0jq3IYcXMUrhOkuBTAIKYb/KaivYS15Wrm > > LJWJJzC1uIuaJOnUhN9g0Q5WwVkQTwf0oY/n+qdhyup/9duJvuWpgSK4cW8c7xGe > > t7bYaOMlTjPKrUmulXDi0GBdcGd/UwctCWdaDeHORVlz7WM+aQHQfQMAaNmpzJzV > > /CA5h5t4OlrjLLJW/Im5axk7Li8HU8aypkhLLCZUNjkLmoYnl1buo4LmmikQ77A2 > > JyoSlioYWC+lry22VQien/JR4ute7DO+s9N0jcWMTjR/isTwwnehimpf8Pyc/MoQ > > kvKh+vXIVBX+u0jufSB4E2fDCgcr95bjjlQwnMTLhcDn1y1X39qU2LjXDdJIwwVw > > oAC+cB8GKalIUtUfXf4x > > =3foe > > -----END PGP SIGNATURE----- > > ______________________________________________________________________ > > OpenSSL Project http://www.openssl.org > > Announcement Mailing List openssl-annou...@openssl.org > > Automated List Manager majord...@openssl.org > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org > >