Diffstat (limited to 'share/security/advisories/FreeBSD-SA-20:33.openssl.asc')
1 files changed, 144 insertions, 0 deletions
diff --git a/share/security/advisories/FreeBSD-SA-20:33.openssl.asc b/share/security/advisories/FreeBSD-SA-20:33.openssl.asc
new file mode 100644
@@ -0,0 +1,144 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+FreeBSD-SA-20:33.openssl Security Advisory
+ The FreeBSD Project
+Topic: OpenSSL NULL pointer de-reference
+Affects: All supported versions of FreeBSD.
+Corrected: 2020-12-08 18:28:49 UTC (stable/12, 12.2-STABLE)
+ 2020-12-08 19:10:40 UTC (releng/12.2, 12.2-RELEASE-p2)
+ 2020-12-08 19:10:40 UTC (releng/12.1, 12.1-RELEASE-p12)
+CVE Name: CVE-2020-1971
+Note: The OpenSSL project has published publicly available patches for
+versions included in FreeBSD 12.x. This vulnerability is also known to
+affect OpenSSL versions included in FreeBSD 11.4. However, the OpenSSL
+project is only giving patches for that version to premium support contract
+holders. The FreeBSD project does not have access to these patches and
+recommends FreeBSD 11.4 users to either upgrade to FreeBSD 12.x or leverage
+up to date versions of OpenSSL in the ports/pkg system. The FreeBSD Project
+may update this advisory to include FreeBSD 11.4 should patches become
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:https://security.FreeBSD.org/>.
+FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a
+collaborative effort to develop a robust, commercial-grade, full-featured
+Open Source toolkit for the Transport Layer Security (TLS) protocol. It is
+also a general-purpose cryptography library.
+II. Problem Description
+The X.509 GeneralName type is a generic type for representing different types
+of names. One of those name types is known as EDIPartyName. OpenSSL
+provides a function GENERAL_NAME_cmp which compares different instances of a
+GENERAL_NAME to see if they are equal or not. This function behaves
+incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME.
+An attacker who is able to control both items being compared can trigger a
+NULL pointer dereference and a crash may occur leading to a possible denial
+of service attack. As an example, if an attacker can trick a client of
+server to check a maliciously constructed certificate against a malicious CRL
+could trigger the NULL dereference.
+No workaround is available.
+Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+Perform one of the following:
+1) To update your vulnerable system via a binary patch:
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+# freebsd-update fetch
+# freebsd-update install
+2) To update your vulnerable system via a source code patch:
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+# fetch https://security.FreeBSD.org/patches/SA-20:33/openssl.patch
+# fetch https://security.FreeBSD.org/patches/SA-20:33/openssl.patch.asc
+# gpg --verify openssl.patch.asc
+b) Apply the patch. Execute the following commands as root:
+# cd /usr/src
+# patch < /path/to/patch
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+Restart all daemons that use the library, or reboot the system.
+VI. Correction details
+The following list contains the correction revision numbers for each
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+Or visit the following URL, replacing NNNNNN with the revision number:
+The latest revision of this advisory is available at
+-----BEGIN PGP SIGNATURE-----
+-----END PGP SIGNATURE-----