Thanks. -----Original Message----- From: openssl-users <openssl-users-boun...@openssl.org> On Behalf Of Matt Caswell Sent: Wednesday, February 27, 2019 11:18 AM To: openssl-users@openssl.org Subject: Re: OpenSSL Security Advisory
On 27/02/2019 18:43, Scott Neugroschl wrote: > Is this a client-side or server-side vulnerability? Or does it matter? It can apply to either side. Matt > > Thanks, > > ScottN > > --- > Scott Neugroschl | XYPRO Technology Corporation > 4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 > 583-2874|Fax 805 583-0124 | > > > > > -----Original Message----- > From: openssl-users <openssl-users-boun...@openssl.org> On Behalf Of OpenSSL > Sent: Tuesday, February 26, 2019 6:59 AM > To: openssl-proj...@openssl.org; OpenSSL User Support ML > <openssl-users@openssl.org>; OpenSSL Announce ML > <openssl-annou...@openssl.org> > Subject: OpenSSL Security Advisory > > OpenSSL Security Advisory [26 February 2019] > ============================================ > > 0-byte record padding oracle (CVE-2019-1559) > ============================================ > > Severity: Moderate > > If an application encounters a fatal protocol error and then calls > SSL_shutdown() twice (once to send a close_notify, and once to receive one) > then OpenSSL can respond differently to the calling application if a 0 byte > record is received with invalid padding compared to if a 0 byte record is > received with an invalid MAC. If the application then behaves differently > based on that in a way that is detectable to the remote peer, then this > amounts to a padding oracle that could be used to decrypt data. > > In order for this to be exploitable "non-stitched" ciphersuites must be in > use. > Stitched ciphersuites are optimised implementations of certain commonly used > ciphersuites. Also the application must call SSL_shutdown() twice even if a > protocol error has occurred (applications should not do this but some do > anyway). > > This issue does not impact OpenSSL 1.1.1 or 1.1.0. > > OpenSSL 1.0.2 users should upgrade to 1.0.2r. > > This issue was discovered by Juraj Somorovsky, Robert Merget and Nimrod > Aviram, with additional investigation by Steven Collison and Andrew Hourselt. > It was reported to OpenSSL on 10th December 2018. > > Note > ==== > > OpenSSL 1.0.2 and 1.1.0 are currently only receiving security updates. > Support for 1.0.2 will end on 31st December 2019. Support for 1.1.0 will end > on 11th September 2019. Users of these versions should upgrade to OpenSSL > 1.1.1. > > References > ========== > > URL for this Security Advisory: > https://www.openssl.org/news/secadv/20190226.txt > > Note: the online version of the advisory may be updated with additional > details over time. > > For details of OpenSSL severity classifications please see: > https://www.openssl.org/policies/secpolicy.html >
