diff options
Diffstat (limited to 'share/security/advisories/FreeBSD-SA-20:33.openssl.asc')
| -rw-r--r-- | share/security/advisories/FreeBSD-SA-20:33.openssl.asc | 144 |
1 files changed, 144 insertions, 0 deletions
diff --git a/share/security/advisories/FreeBSD-SA-20:33.openssl.asc b/share/security/advisories/FreeBSD-SA-20:33.openssl.asc new file mode 100644 index 0000000000..e5b703dcb6 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-20:33.openssl.asc @@ -0,0 +1,144 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-20:33.openssl Security Advisory + The FreeBSD Project + +Topic: OpenSSL NULL pointer de-reference + +Category: contrib +Module: openssl +Announced: 2020-12-08 +Affects: All supported versions of FreeBSD. +Corrected: 2020-12-08 18:28:49 UTC (stable/12, 12.2-STABLE) + 2020-12-08 19:10:40 UTC (releng/12.2, 12.2-RELEASE-p2) + 2020-12-08 19:10:40 UTC (releng/12.1, 12.1-RELEASE-p12) +CVE Name: CVE-2020-1971 + +Note: The OpenSSL project has published publicly available patches for +versions included in FreeBSD 12.x. This vulnerability is also known to +affect OpenSSL versions included in FreeBSD 11.4. However, the OpenSSL +project is only giving patches for that version to premium support contract +holders. The FreeBSD project does not have access to these patches and +recommends FreeBSD 11.4 users to either upgrade to FreeBSD 12.x or leverage +up to date versions of OpenSSL in the ports/pkg system. The FreeBSD Project +may update this advisory to include FreeBSD 11.4 should patches become +publicly available. + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit <URL:https://security.FreeBSD.org/>. + +I. Background + +FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a +collaborative effort to develop a robust, commercial-grade, full-featured +Open Source toolkit for the Transport Layer Security (TLS) protocol. It is +also a general-purpose cryptography library. + +II. Problem Description + +The X.509 GeneralName type is a generic type for representing different types +of names. One of those name types is known as EDIPartyName. OpenSSL +provides a function GENERAL_NAME_cmp which compares different instances of a +GENERAL_NAME to see if they are equal or not. This function behaves +incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. + +III. Impact + +An attacker who is able to control both items being compared can trigger a +NULL pointer dereference and a crash may occur leading to a possible denial +of service attack. As an example, if an attacker can trick a client of +server to check a maliciously constructed certificate against a malicious CRL +could trigger the NULL dereference. + +IV. Workaround + +No workaround is available. + +V. Solution + +Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date. + +Perform one of the following: + +1) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/SA-20:33/openssl.patch +# fetch https://security.FreeBSD.org/patches/SA-20:33/openssl.patch.asc +# gpg --verify openssl.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +Restart all daemons that use the library, or reboot the system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/12/ r368459 +releng/12.2/ r368463 +releng/12.1/ r368463 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> + +VII. References + +<URL:https://www.openssl.org/news/secadv/20201208.txt> + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1971> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-20:33.openssl.asc> +-----BEGIN PGP SIGNATURE----- + +iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl/P6+RfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cI4zQ//dy/tBaAq+kvGkWry74LzvqdZ5c0IIWH1UIrDab0wgmj8H5siP3Rpp7OB +GKtpA+gDDmIgbe80fD+L6L5LR59wBU3sfyYPIcKIbPGl4ix2C5HK7reGns1qoX+O +BFJd3gyPVeq4FD5/+btynyom8lcR//ta4dKKz2TERfd27iL8fM0AoLl+JI/axzJS +d06Z2kA0gRo528DsVRsTbiZFINfhGm8wzeXYpAxwbpnedswOeukOxTsKXrdtSAy+ +BCq5BHdBxL/z4A2QLlrsYqpQH0Ty77ueGjqrq4QPFwq7dxSMDkfzz+YeGPKAvGsU +lwyE2LlkP+531y4ueeGs5K6zRk8jDn7hJs+HfAtTy7y6d+VX9h7wRSssozC9DsV4 +87OWHkXOEj5LeDRDfrEKVLx+QBqRcOOY6mkT3mb5dB7o9bmqxtjf3CaQaA7eV7Y8 +a9QJvpO37m1ZpCC/kXACUPwmwbc5q8sjOsAcQiRAVeom6coFwDxs9u+yHX3uCLRJ +zorgaLgce/c7yLUoQ/bA1/bfuOE7qIwxK7JosZSxv59CvavAhN/hBUcuL7CPCGrP +u9LyYGPoYLXUj4CBKI7FmGkQVhNCLDhUYdvrVyRbTy3hihi1VtbFEZ8Dhipm4nL7 +Oko1LxjLb1dJiHEj9kHtNWRmhueuErxkgA+GWLlsJpjlGlC/YAU= +=5e1s +-----END PGP SIGNATURE----- |