Hi Steve, That’s quite a few in one go - is this due to greater testing of OpenSSL and more scrutiny of the code by the community?
Of the flaws listed, which is the one of most concern? This kind of begs the question what to do with all those embedded systems that run older versions of OpenSSL. Thanks — Juha On 5/06/2014, at 11:54 pm, OpenSSL <open...@openssl.org> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > OpenSSL Security Advisory [05 Jun 2014] > ======================================== > > Resend: first version contained characters which could cause signature > failure. > > SSL/TLS MITM vulnerability (CVE-2014-0224) > =========================================== > > An attacker using a carefully crafted handshake can force the use of weak > keying material in OpenSSL SSL/TLS clients and servers. This can be exploited > by a Man-in-the-middle (MITM) attack where the attacker can decrypt and > modify traffic from the attacked client and server. > > The attack can only be performed between a vulnerable client *and* > server. OpenSSL clients are vulnerable in all versions of OpenSSL. Servers > are only known to be vulnerable in OpenSSL 1.0.1 and 1.0.2-beta1. Users > of OpenSSL servers earlier than 1.0.1 are advised to upgrade as a precaution. > > OpenSSL 0.9.8 SSL/TLS users (client and/or server) should upgrade to 0.9.8za. > OpenSSL 1.0.0 SSL/TLS users (client and/or server) should upgrade to 1.0.0m. > OpenSSL 1.0.1 SSL/TLS users (client and/or server) should upgrade to 1.0.1h. > > Thanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for discovering and > researching this issue. This issue was reported to OpenSSL on 1st May > 2014 via JPCERT/CC. > > The fix was developed by Stephen Henson of the OpenSSL core team partly based > on an original patch from KIKUCHI Masashi. > > DTLS recursion flaw (CVE-2014-0221) > ==================================== > > By sending an invalid DTLS handshake to an OpenSSL DTLS client the code > can be made to recurse eventually crashing in a DoS attack. > > Only applications using OpenSSL as a DTLS client are affected. > > OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za > OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m. > OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h. > > Thanks to Imre Rad (Search-Lab Ltd.) for discovering this issue. This > issue was reported to OpenSSL on 9th May 2014. > > The fix was developed by Stephen Henson of the OpenSSL core team. > > DTLS invalid fragment vulnerability (CVE-2014-0195) > ==================================================== > > A buffer overrun attack can be triggered by sending invalid DTLS fragments > to an OpenSSL DTLS client or server. This is potentially exploitable to > run arbitrary code on a vulnerable client or server. > > Only applications using OpenSSL as a DTLS client or server affected. > > OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za > OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m. > OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h. > > Thanks to Juri Aedla for reporting this issue. This issue was > reported to OpenSSL on 23rd April 2014 via HP ZDI. > > The fix was developed by Stephen Henson of the OpenSSL core team. > > SSL_MODE_RELEASE_BUFFERS NULL pointer dereference (CVE-2014-0198) > ================================================================= > > A flaw in the do_ssl3_write function can allow remote attackers to > cause a denial of service via a NULL pointer dereference. This flaw > only affects OpenSSL 1.0.0 and 1.0.1 where SSL_MODE_RELEASE_BUFFERS is > enabled, which is not the default and not common. > > OpenSSL 1.0.0 users should upgrade to 1.0.0m. > OpenSSL 1.0.1 users should upgrade to 1.0.1h. > > This issue was reported in public. The fix was developed by > Matt Caswell of the OpenSSL development team. > > SSL_MODE_RELEASE_BUFFERS session injection or denial of service > (CVE-2010-5298) > =============================================================================== > > A race condition in the ssl3_read_bytes function can allow remote > attackers to inject data across sessions or cause a denial of service. > This flaw only affects multithreaded applications using OpenSSL 1.0.0 > and 1.0.1, where SSL_MODE_RELEASE_BUFFERS is enabled, which is not the > default and not common. > > OpenSSL 1.0.0 users should upgrade to 1.0.0m. > OpenSSL 1.0.1 users should upgrade to 1.0.1h. > > This issue was reported in public. > > Anonymous ECDH denial of service (CVE-2014-3470) > ================================================ > > OpenSSL TLS clients enabling anonymous ECDH ciphersuites are subject to a > denial of service attack. > > OpenSSL 0.9.8 users should upgrade to 0.9.8za > OpenSSL 1.0.0 users should upgrade to 1.0.0m. > OpenSSL 1.0.1 users should upgrade to 1.0.1h. > > Thanks to Felix Grobert and Ivan Fratric at Google for discovering this > issue. This issue was reported to OpenSSL on 28th May 2014. > > The fix was developed by Stephen Henson of the OpenSSL core team. > > Other issues > ============ > > OpenSSL 1.0.0m and OpenSSL 0.9.8za also contain a fix for > CVE-2014-0076: Fix for the attack described in the paper "Recovering > OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack" > Reported by Yuval Yarom and Naomi Benger. This issue was previously > fixed in OpenSSL 1.0.1g. > > > References > ========== > > URL for this Security Advisory: > http://www.openssl.org/news/secadv_20140605.txt > > Note: the online version of the advisory may be updated with additional > details over time. > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (GNU/Linux) > > iQIcBAEBCAAGBQJTkFm3AAoJENNXdQf6QOnihZAQAIFx8gw6s6HabFQ1b+GIpvdi > aJ1BBE4RPVLvxVtApON0eOESjcuetkiz6aU2JUVeObWn9fiPjuRnNueuFe5CiK0P > zVzv1AFyfae0m5IMzGSPgmffusbTo8cfjt6N6e77p6zWFncmlTW1wkr3th3RdjBk > OyEZgrSq1lO22csiQVD/CG+sOFWJUxM1dDDzluVU+XCnNEFdfAKc/i6b26BLUjag > zIDbptPgDu/5alRGqO/1A1EC0ODLYtu0xJWe7JUMPSPa/M8y2U9AKAMGPvlxJzs1 > g2rNk14NT1YzN7KJBHJVMA70wMSmsU0jq3IYcXMUrhOkuBTAIKYb/KaivYS15Wrm > LJWJJzC1uIuaJOnUhN9g0Q5WwVkQTwf0oY/n+qdhyup/9duJvuWpgSK4cW8c7xGe > t7bYaOMlTjPKrUmulXDi0GBdcGd/UwctCWdaDeHORVlz7WM+aQHQfQMAaNmpzJzV > /CA5h5t4OlrjLLJW/Im5axk7Li8HU8aypkhLLCZUNjkLmoYnl1buo4LmmikQ77A2 > JyoSlioYWC+lry22VQien/JR4ute7DO+s9N0jcWMTjR/isTwwnehimpf8Pyc/MoQ > kvKh+vXIVBX+u0jufSB4E2fDCgcr95bjjlQwnMTLhcDn1y1X39qU2LjXDdJIwwVw > oAC+cB8GKalIUtUfXf4x > =3foe > -----END PGP SIGNATURE----- > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > Announcement Mailing List openssl-annou...@openssl.org > Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
