diff options
Diffstat (limited to 'share/security/advisories/FreeBSD-SA-10:10.openssl.asc')
| -rw-r--r-- | share/security/advisories/FreeBSD-SA-10:10.openssl.asc | 168 |
1 files changed, 168 insertions, 0 deletions
diff --git a/share/security/advisories/FreeBSD-SA-10:10.openssl.asc b/share/security/advisories/FreeBSD-SA-10:10.openssl.asc new file mode 100644 index 0000000000..f4ddb04168 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-10:10.openssl.asc @@ -0,0 +1,168 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-10:10.openssl Security Advisory + The FreeBSD Project + +Topic: OpenSSL multiple vulnerabilities + +Category: contrib +Module: openssl +Announced: 2010-11-29 +Credits: Georgi Guninski, Rob Hulswit +Affects: FreeBSD 7.0 and later +Corrected: 2010-11-26 22:50:58 UTC (RELENG_8, 8.1-STABLE) + 2010-11-29 20:43:06 UTC (RELENG_8_1, 8.1-RELEASE-p2) + 2010-11-29 20:43:06 UTC (RELENG_8_0, 8.0-RELEASE-p6) + 2010-11-28 13:45:51 UTC (RELENG_7, 7.3-STABLE) + 2010-11-29 20:43:06 UTC (RELENG_7_3, 7.3-RELEASE-p4) + 2010-11-29 20:43:06 UTC (RELENG_7_1, 7.1-RELEASE-p16) +CVE Name: CVE-2010-2939, CVE-2010-3864 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit <URL:http://security.FreeBSD.org/>. + +I. Background + +FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is +a collaborative effort to develop a robust, commercial-grade, full-featured +Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) +and Transport Layer Security (TLS v1) protocols as well as a full-strength +general purpose cryptography library. + +II. Problem Description + +A race condition exists in the OpenSSL TLS server extension code +parsing when used in a multi-threaded application, which uses +OpenSSL's internal caching mechanism. The race condition can lead to +a buffer overflow. [CVE-2010-3864] + +A double free exists in the SSL client ECDH handling code, when +processing specially crafted public keys with invalid prime +numbers. [CVE-2010-2939] + +III. Impact + +For affected server applications, an attacker may be able to utilize +the buffer overflow to crash the application or potentially run +arbitrary code with the privileges of the application. [CVE-2010-3864]. + +It may be possible to cause a DoS or potentially execute arbitrary in +the context of the user connection to a malicious SSL server. +[CVE-2010-2939] + +IV. Workaround + +No workaround is available, but CVE-2010-3864 only affects FreeBSD 8.0 +and later. + +It should also be noted that CVE-2010-3864 affects neither the Apache +HTTP server nor Stunnel. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 7-STABLE or 8-STABLE, or to the +RELENG_8_1, RELENG_8_0, RELENG_7_3, or RELENG_7_1 security branch +dated after the correction date. + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to FreeBSD 7.1, 7.3, +8.0 and 8.1 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 7.x] +# fetch http://security.FreeBSD.org/patches/SA-10:10/openssl7.patch +# fetch http://security.FreeBSD.org/patches/SA-10:10/openssl7.patch.asc + +[FreeBSD 8.x] +# fetch http://security.FreeBSD.org/patches/SA-10:10/openssl.patch +# fetch http://security.FreeBSD.org/patches/SA-10:10/openssl.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch +# cd /usr/src/secure/lib/libssl +# make obj && make depend && make && make install + +NOTE: On the amd64 platform, the above procedure will not update the +lib32 (i386 compatibility) libraries. On amd64 systems where the i386 +compatibility libraries are used, the operating system should instead +be recompiled as described in +<URL:http://www.FreeBSD.org/handbook/makeworld.html> + +3) To update your vulnerable system via a binary patch: + +Systems running 7.1-RELEASE, 7.3-RELEASE, 8.0-RELEASE or 8.1-RELEASE +on the i386 or amd64 platforms can be updated via the +freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +CVS: + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_7_3 + src/UPDATING 1.507.2.34.2.6 + src/sys/conf/newvers.sh 1.72.2.16.2.8 + src/crypto/openssl/ssl/s3_clnt.c 1.1.1.14.2.1.4.1 +RELENG_7_1 + src/UPDATING 1.507.2.13.2.19 + src/sys/conf/newvers.sh 1.72.2.9.2.20 + src/crypto/openssl/ssl/s3_clnt.c 1.1.1.14.6.2 +RELENG_8_1 + src/UPDATING 1.632.2.14.2.5 + src/sys/conf/newvers.sh 1.83.2.10.2.6 + src/crypto/openssl/ssl/s3_clnt.c 1.3.2.1.2.1 + src/crypto/openssl/ssl/t1_lib.c 1.2.2.1.2.1 +RELENG_8_0 + src/UPDATING 1.632.2.7.2.9 + src/sys/conf/newvers.sh 1.83.2.6.2.9 + src/crypto/openssl/ssl/s3_clnt.c 1.3.4.1 + src/crypto/openssl/ssl/t1_lib.c 1.2.4.1 +- ------------------------------------------------------------------------- + +Subversion: + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/7/ r215997 +releng/7.3/ r216063 +releng/7.1/ r216063 +stable/8/ r215912 +releng/8.0/ r216063 +releng/8.1/ r216063 +- ------------------------------------------------------------------------- + +VII. References + +https://bugzilla.redhat.com/show_bug.cgi?id=649304 +http://www.openssl.org/news/secadv_20101116.txt +http://www.mail-archive.com/openssl-dev@openssl.org/msg28043.html +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2939 +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3864 + +The latest revision of this advisory is available at +http://security.FreeBSD.org/advisories/FreeBSD-SA-10:10.openssl.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.9 + +iEYEARECAAYFAkz0FdsACgkQFdaIBMps37JjAgCcC7NSDXR7P4d2y4XFF/Ce9sG1 +Bs8An36Pjplsfovx6Im/NCnVgHtVgj5x +=xU/h +-----END PGP SIGNATURE----- |