aboutsummaryrefslogtreecommitdiff
path: root/share/security/advisories/FreeBSD-SA-14:23.openssl.asc
diff options
context:
space:
mode:
Diffstat (limited to 'share/security/advisories/FreeBSD-SA-14:23.openssl.asc')
-rw-r--r--share/security/advisories/FreeBSD-SA-14:23.openssl.asc193
1 files changed, 0 insertions, 193 deletions
diff --git a/share/security/advisories/FreeBSD-SA-14:23.openssl.asc b/share/security/advisories/FreeBSD-SA-14:23.openssl.asc
deleted file mode 100644
index 485b175515..0000000000
--- a/share/security/advisories/FreeBSD-SA-14:23.openssl.asc
+++ /dev/null
@@ -1,193 +0,0 @@
------BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA1
-
-=============================================================================
-FreeBSD-SA-14:23.openssl Security Advisory
- The FreeBSD Project
-
-Topic: OpenSSL multiple vulnerabilities
-
-Category: contrib
-Module: openssl
-Announced: 2014-10-21
-Affects: All supported versions of FreeBSD.
-Corrected: 2014-10-15 19:59:43 UTC (stable/10, 10.1-PRERELEASE)
- 2014-10-21 19:00:32 UTC (releng/10.1, 10.1-RC3)
- 2014-10-21 19:00:32 UTC (releng/10.1, 10.1-RC2-p1)
- 2014-10-21 19:00:32 UTC (releng/10.1, 10.1-RC1-p1)
- 2014-10-21 19:00:32 UTC (releng/10.1, 10.1-BETA3-p1)
- 2014-10-21 20:21:10 UTC (releng/10.0, 10.0-RELEASE-p10)
- 2014-10-15 20:28:31 UTC (stable/9, 9.3-STABLE)
- 2014-10-21 20:21:10 UTC (releng/9.3, 9.3-RELEASE-p3)
- 2014-10-21 20:21:10 UTC (releng/9.2, 9.2-RELEASE-p13)
- 2014-10-21 20:21:10 UTC (releng/9.1, 9.1-RELEASE-p20)
- 2014-10-15 20:28:31 UTC (stable/8, 8.4-STABLE)
- 2014-10-21 20:21:27 UTC (releng/8.4, 8.4-RELEASE-p17)
-CVE Name: CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, CVE-2014-3568
-
-For general information regarding FreeBSD Security Advisories,
-including descriptions of the fields above, security branches, and the
-following sections, please visit <URL:http://security.FreeBSD.org/>.
-
-I. Background
-
-FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is
-a collaborative effort to develop a robust, commercial-grade, full-featured
-Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)
-and Transport Layer Security (TLS v1) protocols as well as a full-strength
-general purpose cryptography library.
-
-II. Problem Description
-
-A flaw in the DTLS SRTP extension parsing code allows an attacker, who
-sends a carefully crafted handshake message, to cause OpenSSL to fail
-to free up to 64k of memory causing a memory leak. [CVE-2014-3513].
-
-When an OpenSSL SSL/TLS/DTLS server receives a session ticket the
-integrity of that ticket is first verified. In the event of a session
-ticket integrity check failing, OpenSSL will fail to free memory
-causing a memory leak. [CVE-2014-3567].
-
-The SSL protocol 3.0, as supported in OpenSSL and other products, supports
-CBC mode encryption where it could not adequately check the integrity of
-padding, because of the use of non-deterministic CBC padding. This
-protocol weakness makes it possible for an attacker to obtain clear text
-data through a padding-oracle attack.
-
-Some client applications (such as browsers) will reconnect using a
-downgraded protocol to work around interoperability bugs in older
-servers. This could be exploited by an active man-in-the-middle to
-downgrade connections to SSL 3.0 even if both sides of the connection
-support higher protocols. SSL 3.0 contains a number of weaknesses
-including POODLE [CVE-2014-3566].
-
-OpenSSL has added support for TLS_FALLBACK_SCSV to allow applications
-to block the ability for a MITM attacker to force a protocol downgrade.
-
-When OpenSSL is configured with "no-ssl3" as a build option, servers
-could accept and complete a SSL 3.0 handshake, and clients could be
-configured to send them. [CVE-2014-3568].
-
-III. Impact
-
-A remote attacker can cause Denial of Service with OpenSSL 1.0.1
-server implementations for both SSL/TLS and DTLS regardless of
-whether SRTP is used or configured. [CVE-2014-3513]
-
-By sending a large number of invalid session tickets an attacker
-could exploit this issue in a Denial Of Service attack.
-[CVE-2014-3567].
-
-An active man-in-the-middle attacker can force a protocol downgrade
-to SSLv3 and exploit the weakness of SSLv3 to obtain clear text data
-from the connection. [CVE-2014-3566] [CVE-2014-3568]
-
-IV. Workaround
-
-No workaround is available.
-
-V. Solution
-
-Perform one of the following:
-
-1) Upgrade your vulnerable system to a supported FreeBSD stable or
-release / security branch (releng) dated after the correction date.
-
-2) To update your vulnerable system via a binary patch:
-
-Systems running a RELEASE version of FreeBSD on the i386 or amd64
-platforms can be updated via the freebsd-update(8) utility:
-
-# freebsd-update fetch
-# freebsd-update install
-
-3) To update your vulnerable system via a source code patch:
-
-The following patches have been verified to apply to the applicable
-FreeBSD release branches.
-
-a) Download the relevant patch from the location below, and verify the
-detached PGP signature using your PGP utility.
-
-[FreeBSD 10.0]
-# fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-10.0.patch
-# fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-10.0.patch.asc
-# gpg --verify openssl-10.0.patch.asc
-
-[FreeBSD 9.3]
-# fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-9.3.patch
-# fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-9.3.patch.asc
-# gpg --verify openssl-9.3.patch.asc
-
-[FreeBSD 8.4, 9.1 and 9.2]
-# fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-8.4.patch
-# fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-8.4.patch.asc
-# gpg --verify openssl-8.4.patch.asc
-
-b) Apply the patch. Execute the following commands as root:
-
-# cd /usr/src
-# patch < /path/to/patch
-
-c) Recompile the operating system using buildworld and installworld as
-described in <URL:http://www.FreeBSD.org/handbook/makeworld.html>.
-
-Restart all deamons using the library, or reboot the system.
-
-VI. Correction details
-
-The following list contains the correction revision numbers for each
-affected branch.
-
-Branch/path Revision
-- -------------------------------------------------------------------------
-stable/8/ r273151
-releng/8.4/ r273416
-stable/9/ r273151
-releng/9.1/ r273415
-releng/9.2/ r273415
-releng/9.3/ r273415
-stable/10/ r273149
-releng/10.0/ r273415
-releng/10.1/ r273399
-- -------------------------------------------------------------------------
-
-To see which files were modified by a particular revision, run the
-following command, replacing NNNNNN with the revision number, on a
-machine with Subversion installed:
-
-# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
-
-Or visit the following URL, replacing NNNNNN with the revision number:
-
-<URL:http://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
-
-VII. References
-
-<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513>
-
-<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566>
-
-<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567>
-
-<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568>
-
-The latest revision of this advisory is available at
-<URL:http://security.FreeBSD.org/advisories/FreeBSD-SA-14:23.openssl.asc>
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1
-
-iQIcBAEBAgAGBQJURsSwAAoJEO1n7NZdz2rn3ekQANG9DnAGJq/yAXXtX4wdeP08
-Ep35L3dkxJsthoqJhn7fc/pra5SZ5iS7NCRHdh5Xn1dsxRiOsffYt9zanWyTOgj+
-RQy9jiNp0oIWQEkxZVoHMIKn6VeQk1I2llSXyERANjeDtKX6GV2gV+Zd4tcExW4T
-Nn9jVHgkDL/doxJ3C1K0BrkdoEEwyPohAf8WLAg6ZKRm3Pys1Ewjm6fPBPtKUIEu
-zWFruP5xFz3rM6i/4zcihj7b4BuIKtUBgHf28rgf0I3TKZTr75Xr9h4q/8ZG4H0G
-Lk/1OoZTiMyjlBLufpTlCOdODjz7ORzDLif47Zyt52iZowq1hl4WO7Xo/C/kPUmG
-o631wsLmO9tPS2Z0TmIQm1fwjlTvIZefZAlMpa1lDwnwZx2hRsu9TzauACdSbuWx
-9i+e8/CSMEsr0qJo8KXjltpV9siULhkvl9xr3PwxMfvHFjGUAuur2zHUoTQZTpy0
-nKJJXSs3kIW/4ivLMDuDYijdVnf4hrih6GTKEND6aNXtyXitiFK8J4a/q0T4BBnh
-89A2QUFVeeDPmf7jzMh824s8W2uoPFGJqHgdtqv1bLT29rqh5ya/5zi7sci6Q/Mk
-ov0U8X3Pwun7iwJDeYG6N38lUSdMqImHR12Ay7pOY04i4qau4Yf8B26lwcMk/HrU
-cZ84y1sCp0qHtTqKuak9
-=ywze
------END PGP SIGNATURE-----