latest OpenSSL advisory
Could be worse, could be better https://www.openssl.org/news/secadv_20150319.txt ---Mike -- --- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, m...@sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/ ___ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
FreeBSD Security Advisory FreeBSD-SA-15:06.openssl
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 = FreeBSD-SA-15:06.opensslSecurity Advisory The FreeBSD Project Topic: Multiple OpenSSL vulnerabilities Category: contrib Module: openssl Announced: 2015-03-19 Affects:All supported versions of FreeBSD. Corrected: 2015-03-19 17:40:43 UTC (stable/10, 10.1-STABLE) 2015-03-19 17:42:38 UTC (releng/10.1, 10.1-RELEASE-p7) 2015-03-19 17:40:43 UTC (stable/9, 9.3-STABLE) 2015-03-19 17:42:38 UTC (releng/9.3, 9.3-RELEASE-p11) 2015-03-19 17:40:43 UTC (stable/8, 8.4-STABLE) 2015-03-19 17:42:38 UTC (releng/8.4, 8.4-RELEASE-p25) CVE Name: CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0293 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit https://security.FreeBSD.org/>. I. Background FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. Abstract Syntax Notation One (ASN.1) is a standard and notation that describes rules and structures for representing, encoding, transmitting, and decoding data in telecommunications and computer networking, which enables representation of objects that are independent of machine-specific encoding technique. II. Problem Description A malformed elliptic curve private key file could cause a use-after-free condition in the d2i_ECPrivateKey function. [CVE-2015-0209] An attempt to compare ASN.1 boolean types will cause the ASN1_TYPE_cmp function to crash with an invalid read. [CVE-2015-0286] Reusing a structure in ASN.1 parsing may allow an attacker to cause memory corruption via an invalid write. [CVE-2015-0287] The function X509_to_X509_REQ will crash with a NULL pointer dereference if the certificate key is invalid. [CVE-2015-0288] The PKCS#7 parsing code does not handle missing outer ContentInfo correctly. [CVE-2015-0289] A malicious client can trigger an OPENSSL_assert in servers that both support SSLv2 and enable export cipher suites by sending a specially crafted SSLv2 CLIENT-MASTER-KEY message. [CVE-2015-0293] III. Impact A malformed elliptic curve private key file can cause server daemons using OpenSSL to crash, resulting in a Denial of Service. [CVE-2015-0209] A remote attacker who is able to send specifically crafted certificates may be able to crash an OpenSSL client or server. [CVE-2015-0286] An attacker who can cause invalid writes with applications that parse structures containing CHOICE or ANY DEFINED BY components and reusing the structures may be able to cause them to crash. Such reuse is believed to be rare. OpenSSL clients and servers are not affected. [CVE-2015-0287] An attacker may be able to crash applications that create a new certificate request with subject name the same as in an existing, specifically crafted certificate. This usage is rare in practice. [CVE-2015-0288] An attacker may be able to crash applications that verify PKCS#7 signatures, decrypt PKCS#7 data or otherwise parse PKCS#7 structures with specifically crafted certificates. [CVE-2015-0289] A malicious client can trigger an OPENSSL_assert in servers that both support SSLv2 and enable export cipher suites by sending a carefully crafted SSLv2 CLIENT-MASTER-KEY message, resulting in a Denial of Service. [CVE-2015-0293] Note that two issues in the original OpenSSL advisory, CVE-2015-0204 and CVE-2015-0292, were already addressed by FreeBSD-SA-15:01.openssl and FreeBSD-EN-15:02.openssl. IV. Workaround No workaround is available. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. 2) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install 3) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 8.4 and FreeBSD 9.3] # fetch https://security.FreeBSD.org/patches/SA-15:06/openssl-0.9.8.patch # fetch https://security.FreeBSD.org/patches/SA-15:06/openssl-0.9.8.patch.asc # g
Re: FreeBSD Security Advisory FreeBSD-SA-15:06.openssl
Wow, thanks for the quick fix/commit Xin!! ---Mike On 3/19/2015 1:55 PM, FreeBSD Security Advisories wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 = FreeBSD-SA-15:06.opensslSecurity Advisory The FreeBSD Project Topic: Multiple OpenSSL vulnerabilities Category: contrib Module: openssl Announced: 2015-03-19 Affects:All supported versions of FreeBSD. Corrected: 2015-03-19 17:40:43 UTC (stable/10, 10.1-STABLE) 2015-03-19 17:42:38 UTC (releng/10.1, 10.1-RELEASE-p7) 2015-03-19 17:40:43 UTC (stable/9, 9.3-STABLE) 2015-03-19 17:42:38 UTC (releng/9.3, 9.3-RELEASE-p11) 2015-03-19 17:40:43 UTC (stable/8, 8.4-STABLE) 2015-03-19 17:42:38 UTC (releng/8.4, 8.4-RELEASE-p25) CVE Name: CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0293 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit https://security.FreeBSD.org/>. I. Background FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. Abstract Syntax Notation One (ASN.1) is a standard and notation that describes rules and structures for representing, encoding, transmitting, and decoding data in telecommunications and computer networking, which enables representation of objects that are independent of machine-specific encoding technique. II. Problem Description A malformed elliptic curve private key file could cause a use-after-free condition in the d2i_ECPrivateKey function. [CVE-2015-0209] An attempt to compare ASN.1 boolean types will cause the ASN1_TYPE_cmp function to crash with an invalid read. [CVE-2015-0286] Reusing a structure in ASN.1 parsing may allow an attacker to cause memory corruption via an invalid write. [CVE-2015-0287] The function X509_to_X509_REQ will crash with a NULL pointer dereference if the certificate key is invalid. [CVE-2015-0288] The PKCS#7 parsing code does not handle missing outer ContentInfo correctly. [CVE-2015-0289] A malicious client can trigger an OPENSSL_assert in servers that both support SSLv2 and enable export cipher suites by sending a specially crafted SSLv2 CLIENT-MASTER-KEY message. [CVE-2015-0293] III. Impact A malformed elliptic curve private key file can cause server daemons using OpenSSL to crash, resulting in a Denial of Service. [CVE-2015-0209] A remote attacker who is able to send specifically crafted certificates may be able to crash an OpenSSL client or server. [CVE-2015-0286] An attacker who can cause invalid writes with applications that parse structures containing CHOICE or ANY DEFINED BY components and reusing the structures may be able to cause them to crash. Such reuse is believed to be rare. OpenSSL clients and servers are not affected. [CVE-2015-0287] An attacker may be able to crash applications that create a new certificate request with subject name the same as in an existing, specifically crafted certificate. This usage is rare in practice. [CVE-2015-0288] An attacker may be able to crash applications that verify PKCS#7 signatures, decrypt PKCS#7 data or otherwise parse PKCS#7 structures with specifically crafted certificates. [CVE-2015-0289] A malicious client can trigger an OPENSSL_assert in servers that both support SSLv2 and enable export cipher suites by sending a carefully crafted SSLv2 CLIENT-MASTER-KEY message, resulting in a Denial of Service. [CVE-2015-0293] Note that two issues in the original OpenSSL advisory, CVE-2015-0204 and CVE-2015-0292, were already addressed by FreeBSD-SA-15:01.openssl and FreeBSD-EN-15:02.openssl. IV. Workaround No workaround is available. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. 2) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install 3) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 8.4 and FreeBSD 9.3] # fetch https://security.F
Re: Security Advisory FreeBSD-SA-15:06.openssl
> No workaround is available. Isn't using OpenSSL from ports a workaround? ___ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
Re: Security Advisory FreeBSD-SA-15:06.openssl
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 03/19/15 15:18, l...@lena.kiev.ua wrote: >> No workaround is available. > > Isn't using OpenSSL from ports a workaround? Not really as that does not solve problem for applications shipped with base system. Cheers, - -- Xin LI https://www.delphij.net/ FreeBSD - The Power to Serve! Live free or die -BEGIN PGP SIGNATURE- Version: GnuPG v2.1.2 (FreeBSD) iQIcBAEBCgAGBQJVC0uFAAoJEJW2GBstM+ns8NoP/Rtp/QlT2+asjUTFHmU7qvWB eI1aL/DMlbJz8C7G3piHDmKW5TRW6WV2PkwDJWghoYEtgF0oMasHhfcHrRnk4vid eWqHK/E60MVOaoVA7Ika04dwic+hNyQe0BkQANqo7tPyHfmHsZ2Kl8lutymXyaRF Vq3NIH6E2J+STYQip2wK/S8T4qm+cmUiBIIQfRR48/3NSTWSUXsGr+BSgLF4CW4j HrFStar4u2RciB/bgQPwy9adzKv2ETKQ1u4mgDwmVmZeFPlajIHAOO9fOuQh+/Vc uTlyHYPm9RDNrO8JKHZFxwQVjInkq9keeeX8WU56Z0kbsoNaq5wObBnJGEYxiZnW PCGdL0VMMgMCJ1UO6ORG36KyhUAZge9VD7gAvOBqEqdwyJlebsfxMZJLmtQvplwi FyQd24vIuR3P2E17Ba7QRuerqj2GsEtvaAa+d4D27laX7dKUDfRQWSXkEOo0d0o2 QSCZSAU3FO+yn28hem0IcQfCBWXZmoDUnlEQrvfGHpMlpuv0tA0r8eb16kNV7sN6 R0KvDeAFBoKKPej3kXvLtV9c48S5ohq6v7nT9w//CdWXErBWfZjqYpDzpJA8Dz7h ouQr92QTL7Yul80pAYwKhtScP54SjqGlYwZdlXgEjoBeLCcxjhvOjQoC8wuqjo0x 8DK6UoHDwk1oLrG2k6KJ =aqdY -END PGP SIGNATURE- ___ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
bad patch for openssl
I notice the posted patch includes a change to tasn_dec.c that doesn't work.
- if (ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0)
- return *pval;
+ if (pval && *pval && it->itype == ASN1_ITYPE_PRIMITIVE)
+ ptmpval = *pval;
+ if (ASN1_item_ex_d2i(&ptmpval, in, len, it, -1, 0, 0, &c) > 0) {
This will, among other things, prevent nginx 1.6 from loading keys.
The diff was included in the preannouncement material, but is not part of the
any of the final openssl releases.
___
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
HEADSUP -- issues with SA-15:06.openssl
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi,
Please be advised that we have noticed some issues with
SA-15:06.openssl and are actively working on validating the fix. A
copy of draft errata patches is attached.
My apologies for this mess. Revised advisories would be announced
once we have made sure that everything is correct.
Cheers,
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.1.2 (FreeBSD)
iQIcBAEBCgAGBQJVC3a5AAoJEJW2GBstM+ns+s4P/A+M1xdhycNvo0qsSTfLcah1
uAvZnWLo7gobBM8CxlrgtrXkRsYwGp7Q6bzW63PA+8qE4FIht7/fgMpXNHufK8bz
1b/h0KrnPs7rEBe3K13RJEI5ufVb/Xj1mOVY59GCJ76QuekN9nEGbYRE2Fbg8yhE
iOWLpNWKsQBPdDhMfqmayUZmuZf8pPhgIEwzEsSefnZhe1XrN5kX8s4T00aWieSz
MbEkLRfOlVn+qeXlZOp6R96vEoNYaGeTnX7AN16wKg+0Sipk9AJBDFUODjPQgzIr
4BbL8TpW3DvC0cOOpJnYb4KVy7o+54QMFoDr0Gt0R/HZQj3lzdtOBbTFfNs82KDl
wWPZB3G4CY5l2d1CYQjUQtXmuRnro3JrslBbx00RcLAs9deDtIoJVqHQv0wiLSlZ
jv1lWZbyUhVw/9cY4A8c1QRs01YWGGPZV4cuO0RN56zs6ipIK/0XkzYrY+b2yWku
U5slMwqhuREZ1ypLcfUwQHgnyX094wTXkuJQ2l+4dMiO8wV6gW5x3C2lOe/0OHYP
L0Atb84aYvMG9RlFCTF6CB2226tRjqxuFhI+x2d0choVJpMt5SJ2cfBi5E3e9Ooy
roPVTlOwB1tsYVi3fjYjwJZ5TiPDq3ekcByTmIrasrsFB5+9tBDBnRC5nERNITM4
o69NYExg60dSJ8p5RTeE
=wG30
-END PGP SIGNATURE-
Index: crypto/openssl/crypto/asn1/tasn_dec.c
===
--- crypto/openssl/crypto/asn1/tasn_dec.c (revision 280272)
+++ crypto/openssl/crypto/asn1/tasn_dec.c (working copy)
@@ -127,22 +127,16 @@ unsigned long ASN1_tag2bit(int tag)
ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **pval,
const unsigned char **in, long len, const ASN1_ITEM *it)
-{
+ {
ASN1_TLC c;
ASN1_VALUE *ptmpval = NULL;
+ if (!pval)
+ pval = &ptmpval;
asn1_tlc_clear_nc(&c);
- if (pval && *pval && it->itype == ASN1_ITYPE_PRIMITIVE)
- ptmpval = *pval;
- if (ASN1_item_ex_d2i(&ptmpval, in, len, it, -1, 0, 0, &c) > 0) {
- if (pval && it->itype != ASN1_ITYPE_PRIMITIVE) {
- if (*pval)
- ASN1_item_free(*pval, it);
- *pval = ptmpval;
- }
- return ptmpval;
+ if (ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0)
+ return *pval;
+ return NULL;
}
- return NULL;
-}
int ASN1_template_d2i(ASN1_VALUE **pval,
const unsigned char **in, long len, const ASN1_TEMPLATE *tt)
Index: crypto/openssl/crypto/ec/ec_asn1.c
===
--- crypto/openssl/crypto/ec/ec_asn1.c (revision 280272)
+++ crypto/openssl/crypto/ec/ec_asn1.c (working copy)
@@ -1142,8 +1142,6 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigne
ERR_R_MALLOC_FAILURE);
goto err;
}
- if (a)
- *a = ret;
}
else
ret = *a;
@@ -1225,11 +1223,13 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigne
ret->enc_flag |= EC_PKEY_NO_PUBKEY;
}
+ if (a)
+ *a = ret;
ok = 1;
err:
if (!ok)
{
- if (ret)
+ if (ret && (a == NULL || *a != ret))
EC_KEY_free(ret);
ret = NULL;
}
Index: crypto/openssl/crypto/x509/x509_req.c
===
--- crypto/openssl/crypto/x509/x509_req.c (revision 280272)
+++ crypto/openssl/crypto/x509/x509_req.c (working copy)
@@ -92,6 +92,8 @@ X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey
goto err;
pktmp = X509_get_pubkey(x);
+ if (pktmp == NULL)
+ goto err;
i=X509_REQ_set_pubkey(ret,pktmp);
EVP_PKEY_free(pktmp);
if (!i) goto err;
Index: crypto/openssl/crypto/asn1/tasn_dec.c
===
--- crypto/openssl/crypto/asn1/tasn_dec.c (revision 280272)
+++ crypto/openssl/crypto/asn1/tasn_dec.c (working copy)
@@ -125,23 +125,16 @@ unsigned long ASN1_tag2bit(int tag)
ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **pval,
const unsigned char **in, long len, const ASN1_ITEM *it)
-{
+ {
ASN1_TLC c;
ASN1_VALUE *ptmpval = NULL;
+ if (!pval)
+ pval = &ptmpval;
c.valid = 0;
- if (pval && *pval && it->itype == ASN1_ITYPE_PRIMITIVE)
- ptmpval = *pval;
-
- if (ASN1_item_ex_d2i(&ptmpval, in, len, it, -1, 0, 0, &c) > 0) {
- if (pval && it->itype != ASN1_ITYPE_PRIMITIVE) {
- if (*pval)
- ASN1_item_free(*pval, it);
- *pval = ptmpval;
- }
- return ptmpval;
+ if (ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0)
+ return *pval;
+
