Summary: | <dev-libs/openssl-1.0.1j: multiple vulnerabilities (CVE-2014-{3513,3567,3568}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | base-system, laen, uudruid74 |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://www.openssl.org/news/secadv_20141015.txt | ||
Whiteboard: | A3 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2014-10-15 08:06:37 UTC
Also see #525484 *** Bug 525484 has been marked as a duplicate of this bug. *** @base-system: go ahead :) There are some more DOS issues fixed, so it's not just information leakage. +*openssl-1.0.1j (15 Oct 2014) +*openssl-1.0.0o (15 Oct 2014) +*openssl-0.9.8z_p3 (15 Oct 2014) + + 15 Oct 2014; Lars Wendler <polynomial-c@gentoo.org> + +openssl-0.9.8z_p3.ebuild, -openssl-1.0.0m.ebuild, -openssl-1.0.0n.ebuild, + +openssl-1.0.0o.ebuild, +openssl-1.0.1j.ebuild, -openssl-1.0.2_beta2.ebuild, + -files/openssl-1.0.2_beta2-revert-alpha-perl-generation.patch: + Security bump (bug #525468). Fixes CVE-2014-{3513,3515,3566,3567,3568}. + Arches please test and mark stable the following list of ebuilds: =dev-libs/openssl-0.9.8z_p3 (=openssl-0.9.8zc) =dev-libs/openssl-1.0.1j Target KEYWORDS are: alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux amd64 stable x86 stable Both stable on alpha. It should be noted that this does not really fix CVE-2014-3566 aka POODLE. SCSV is merely a workaround for the "protocol dance" "feature" of browsers. The real fix is to disable SSLv3. I would propose the following: The openssl ebuild should be compiled with disable-ssl3 by default and for backwards compatibility a useflag could be added ("insecure-ssl3" maybe, it should be made clear to users that SSLv3 is always risky and should be avoided). I'm currently testing openssl with ssl3 disabled on some servers, so far it seems tow Hanno, thanks for your input! I just wanted to push this issue because of the DOS vulnerabilites. Stable for HPPA. @craig fast update is fine, but I think we should consider doing more. I also just found out that OpenSSL by default not only enables SSLv3 but also the (even more broken) SSLv2. I propose the same thing: Provide a use-flag (maybe some people need it for some testing), but disable it by default. (In reply to Hanno Boeck from comment #12) > @craig fast update is fine, but I think we should consider doing more. > > I also just found out that OpenSSL by default not only enables SSLv3 but > also the (even more broken) SSLv2. I propose the same thing: Provide a > use-flag (maybe some people need it for some testing), but disable it by > default. Hanno, what you're asking for is handled in bug #510798. Please move the conversation over to that bug and maybe provide ebuild patches. stable on ppc and ppc64 *** Bug 525686 has been marked as a duplicate of this bug. *** ia64 stable sparc stable arm stable, all arches done. Maintainers, please clean up vulnerable versions for this bug and bug 519264: =dev-libs/openssl-0.9.8z_p1-r2 =dev-libs/openssl-1.0.1i This issue was resolved and addressed in GLSA 201412-39 at http://security.gentoo.org/glsa/glsa-201412-39.xml by GLSA coordinator Sean Amoss (ackle). Re-opening until vulnerable versions are dropped. CVE-2014-3513 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3513): Memory leak in d1_srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted handshake message. CVE-2014-3568 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3568): OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j does not properly enforce the no-ssl3 build option, which allows remote attackers to bypass intended access restrictions via an SSL 3.0 handshake, related to s23_clnt.c and s23_srvr.c. CVE-2014-3567 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3567): Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted session ticket that triggers an integrity-check failure. Cleanup superseded by bug 543552. |