Incorrectly formatted ClientHello handshake messages could cause OpenSSL to parse past the end of the message. This issue applies to the following versions: 1) OpenSSL 0.9.8h through 0.9.8q 2) OpenSSL 1.0.0 through 1.0.0c The parsing function in question is already used on arbitary data so no additional vulnerabilities are expected to be uncovered by this. However, an attacker may be able to cause a crash (denial of service) by triggering invalid memory accesses. The results of the parse are only availible to the application using OpenSSL so do not directly cause an information leak. However, some applications may expose the contents of parsed OCSP extensions, specifically an OCSP nonce extension. An attacker could use this to read the contents of memory following the ClientHello. Users of OpenSSL should update to the OpenSSL 1.0.0d (or 0.9.8r) release, which contains a patch to correct this issue. If upgrading is not immediately possible, the source code patch provided in this advisory should be applied. Neel Mehta (Google) identified the vulnerability. Adam Langley and Bodo Moeller (Google) prepared the fix.
Assuming the crash is not exploitable based on "no additional vulnerabilities are expected to be uncovered by this".
1.0.0d was in the tree before this bug was filed ... 0.9.8d wasnt explicitly announced, but it's in the tree now
(In reply to comment #2) > 1.0.0d was in the tree before this bug was filed ... > > 0.9.8d wasnt explicitly announced, but it's in the tree now > Thanks, Mike. Are we ok to stabilize? And are we stabilizing 0.9.8r on x86 and amd64 only?
For what it's worth, I'm using both 1.0.0d and 0.9.8d on stable amd64 systems without any issues. tested with at least lighttpd/openssh/ktorrent2
Arches, please stabilize: everyone: =dev-libs/openssl-1.0.0d just amd64 and x86: =dev-libs/openssl-0.9.8r
amd64 ok ( version 1.0.0d works also on my x86hardened )
amd64 done. Thanks Agostino
ppc/ppc64 stable
Tested openssl 1.0.0d on SPARC, seems to be OK. Stabilise please.
Stable for HPPA.
arm stable
Looks also good to go here on x86.
x86 stable
(In reply to comment #13) > x86 stable > Fauli, it seems that you forgot to stabilize =dev-libs/openssl-0.9.8r also!
(In reply to comment #14) > (In reply to comment #13) > > x86 stable > > > Fauli, it seems that you forgot to stabilize =dev-libs/openssl-0.9.8r also! Thanks for the heads up. The CVS outage confused me. x86 done for real.
Stable on alpha.
ia64/m68k/s390/sh/sparc stable
Thanks, everyone. Added to existing GLSA request.
CVE-2011-0014 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0014): ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c allows remote attackers to cause a denial of service (crash), and possibly obtain sensitive information in applications that use OpenSSL, via a malformed ClientHello handshake message that triggers an out-of-bounds memory access, aka "OCSP stapling vulnerability."
This issue was resolved and addressed in 201110-01 at http://security.gentoo.org/glsa/glsa-201110-01.xml by GLSA coordinator Tobias Heinlein (keytoaster).