diff options
Diffstat (limited to 'share/security/advisories/FreeBSD-SA-14:23.openssl.asc')
-rw-r--r-- | share/security/advisories/FreeBSD-SA-14:23.openssl.asc | 193 |
1 files changed, 0 insertions, 193 deletions
diff --git a/share/security/advisories/FreeBSD-SA-14:23.openssl.asc b/share/security/advisories/FreeBSD-SA-14:23.openssl.asc deleted file mode 100644 index 485b175515..0000000000 --- a/share/security/advisories/FreeBSD-SA-14:23.openssl.asc +++ /dev/null @@ -1,193 +0,0 @@ ------BEGIN PGP SIGNED MESSAGE----- -Hash: SHA1 - -============================================================================= -FreeBSD-SA-14:23.openssl Security Advisory - The FreeBSD Project - -Topic: OpenSSL multiple vulnerabilities - -Category: contrib -Module: openssl -Announced: 2014-10-21 -Affects: All supported versions of FreeBSD. -Corrected: 2014-10-15 19:59:43 UTC (stable/10, 10.1-PRERELEASE) - 2014-10-21 19:00:32 UTC (releng/10.1, 10.1-RC3) - 2014-10-21 19:00:32 UTC (releng/10.1, 10.1-RC2-p1) - 2014-10-21 19:00:32 UTC (releng/10.1, 10.1-RC1-p1) - 2014-10-21 19:00:32 UTC (releng/10.1, 10.1-BETA3-p1) - 2014-10-21 20:21:10 UTC (releng/10.0, 10.0-RELEASE-p10) - 2014-10-15 20:28:31 UTC (stable/9, 9.3-STABLE) - 2014-10-21 20:21:10 UTC (releng/9.3, 9.3-RELEASE-p3) - 2014-10-21 20:21:10 UTC (releng/9.2, 9.2-RELEASE-p13) - 2014-10-21 20:21:10 UTC (releng/9.1, 9.1-RELEASE-p20) - 2014-10-15 20:28:31 UTC (stable/8, 8.4-STABLE) - 2014-10-21 20:21:27 UTC (releng/8.4, 8.4-RELEASE-p17) -CVE Name: CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, CVE-2014-3568 - -For general information regarding FreeBSD Security Advisories, -including descriptions of the fields above, security branches, and the -following sections, please visit <URL:http://security.FreeBSD.org/>. - -I. Background - -FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is -a collaborative effort to develop a robust, commercial-grade, full-featured -Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) -and Transport Layer Security (TLS v1) protocols as well as a full-strength -general purpose cryptography library. - -II. Problem Description - -A flaw in the DTLS SRTP extension parsing code allows an attacker, who -sends a carefully crafted handshake message, to cause OpenSSL to fail -to free up to 64k of memory causing a memory leak. [CVE-2014-3513]. - -When an OpenSSL SSL/TLS/DTLS server receives a session ticket the -integrity of that ticket is first verified. In the event of a session -ticket integrity check failing, OpenSSL will fail to free memory -causing a memory leak. [CVE-2014-3567]. - -The SSL protocol 3.0, as supported in OpenSSL and other products, supports -CBC mode encryption where it could not adequately check the integrity of -padding, because of the use of non-deterministic CBC padding. This -protocol weakness makes it possible for an attacker to obtain clear text -data through a padding-oracle attack. - -Some client applications (such as browsers) will reconnect using a -downgraded protocol to work around interoperability bugs in older -servers. This could be exploited by an active man-in-the-middle to -downgrade connections to SSL 3.0 even if both sides of the connection -support higher protocols. SSL 3.0 contains a number of weaknesses -including POODLE [CVE-2014-3566]. - -OpenSSL has added support for TLS_FALLBACK_SCSV to allow applications -to block the ability for a MITM attacker to force a protocol downgrade. - -When OpenSSL is configured with "no-ssl3" as a build option, servers -could accept and complete a SSL 3.0 handshake, and clients could be -configured to send them. [CVE-2014-3568]. - -III. Impact - -A remote attacker can cause Denial of Service with OpenSSL 1.0.1 -server implementations for both SSL/TLS and DTLS regardless of -whether SRTP is used or configured. [CVE-2014-3513] - -By sending a large number of invalid session tickets an attacker -could exploit this issue in a Denial Of Service attack. -[CVE-2014-3567]. - -An active man-in-the-middle attacker can force a protocol downgrade -to SSLv3 and exploit the weakness of SSLv3 to obtain clear text data -from the connection. [CVE-2014-3566] [CVE-2014-3568] - -IV. Workaround - -No workaround is available. - -V. Solution - -Perform one of the following: - -1) Upgrade your vulnerable system to a supported FreeBSD stable or -release / security branch (releng) dated after the correction date. - -2) To update your vulnerable system via a binary patch: - -Systems running a RELEASE version of FreeBSD on the i386 or amd64 -platforms can be updated via the freebsd-update(8) utility: - -# freebsd-update fetch -# freebsd-update install - -3) To update your vulnerable system via a source code patch: - -The following patches have been verified to apply to the applicable -FreeBSD release branches. - -a) Download the relevant patch from the location below, and verify the -detached PGP signature using your PGP utility. - -[FreeBSD 10.0] -# fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-10.0.patch -# fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-10.0.patch.asc -# gpg --verify openssl-10.0.patch.asc - -[FreeBSD 9.3] -# fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-9.3.patch -# fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-9.3.patch.asc -# gpg --verify openssl-9.3.patch.asc - -[FreeBSD 8.4, 9.1 and 9.2] -# fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-8.4.patch -# fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-8.4.patch.asc -# gpg --verify openssl-8.4.patch.asc - -b) Apply the patch. Execute the following commands as root: - -# cd /usr/src -# patch < /path/to/patch - -c) Recompile the operating system using buildworld and installworld as -described in <URL:http://www.FreeBSD.org/handbook/makeworld.html>. - -Restart all deamons using the library, or reboot the system. - -VI. Correction details - -The following list contains the correction revision numbers for each -affected branch. - -Branch/path Revision -- ------------------------------------------------------------------------- -stable/8/ r273151 -releng/8.4/ r273416 -stable/9/ r273151 -releng/9.1/ r273415 -releng/9.2/ r273415 -releng/9.3/ r273415 -stable/10/ r273149 -releng/10.0/ r273415 -releng/10.1/ r273399 -- ------------------------------------------------------------------------- - -To see which files were modified by a particular revision, run the -following command, replacing NNNNNN with the revision number, on a -machine with Subversion installed: - -# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base - -Or visit the following URL, replacing NNNNNN with the revision number: - -<URL:http://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> - -VII. References - -<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513> - -<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566> - -<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567> - -<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568> - -The latest revision of this advisory is available at -<URL:http://security.FreeBSD.org/advisories/FreeBSD-SA-14:23.openssl.asc> ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1 - -iQIcBAEBAgAGBQJURsSwAAoJEO1n7NZdz2rn3ekQANG9DnAGJq/yAXXtX4wdeP08 -Ep35L3dkxJsthoqJhn7fc/pra5SZ5iS7NCRHdh5Xn1dsxRiOsffYt9zanWyTOgj+ -RQy9jiNp0oIWQEkxZVoHMIKn6VeQk1I2llSXyERANjeDtKX6GV2gV+Zd4tcExW4T -Nn9jVHgkDL/doxJ3C1K0BrkdoEEwyPohAf8WLAg6ZKRm3Pys1Ewjm6fPBPtKUIEu -zWFruP5xFz3rM6i/4zcihj7b4BuIKtUBgHf28rgf0I3TKZTr75Xr9h4q/8ZG4H0G -Lk/1OoZTiMyjlBLufpTlCOdODjz7ORzDLif47Zyt52iZowq1hl4WO7Xo/C/kPUmG -o631wsLmO9tPS2Z0TmIQm1fwjlTvIZefZAlMpa1lDwnwZx2hRsu9TzauACdSbuWx -9i+e8/CSMEsr0qJo8KXjltpV9siULhkvl9xr3PwxMfvHFjGUAuur2zHUoTQZTpy0 -nKJJXSs3kIW/4ivLMDuDYijdVnf4hrih6GTKEND6aNXtyXitiFK8J4a/q0T4BBnh -89A2QUFVeeDPmf7jzMh824s8W2uoPFGJqHgdtqv1bLT29rqh5ya/5zi7sci6Q/Mk -ov0U8X3Pwun7iwJDeYG6N38lUSdMqImHR12Ay7pOY04i4qau4Yf8B26lwcMk/HrU -cZ84y1sCp0qHtTqKuak9 -=ywze ------END PGP SIGNATURE----- |