From: Ben Laurie <ben@links.org> To: OpenSSL Announce <openssl-announce@openssl.org>, openssl-users <openssl-users@openssl.org>, OpenSSL Dev <openssl-dev@openssl.org>, Bugtraq <BUGTRAQ@SECURITYFOCUS.COM>, Cryptography <cryptography@metzdowd.com>, full-disclosure-request@lists.grok.org.uk Date: Fri, 12 Oct 2007 12:05:48 +0100 Subject: OpenSSL Security Advisory -----BEGIN PGP SIGNED MESSAGE----- OpenSSL Security Advisory [12-Oct-2007] OpenSSL Vulnerabilities - ----------------------- Vulnerability A - --------------- Andy Polyakov discovered a flaw in OpenSSL's DTLS implementation which could lead to the compromise of clients and servers with DTLS enabled. DTLS is a datagram variant of TLS specified in RFC 4347 first supported in OpenSSL version 0.9.8. Note that the vulnerabilities do not affect SSL and TLS so only clients and servers explicitly using DTLS are affected. We believe this flaw will permit remote code execution. This vulnerability is tracked as CVE-2007-4995. Versions Affected - ----------------- All releases of 0.9.8 prior to 0.9.8f. Recommendation - -------------- Either a) Upgrade to the latest version of OpenSSL (0.9.8f) and rebuild all packages using OpenSSL for DTLS. or, b) Disable DTLS. Vulnerability B - --------------- Moritz Jodeit found an off-by-one error in SSL_get_shared_ciphers(), a function that should normally only be used for logging or debugging. The impact of this overflow is unclear. This vulnerability is tracked as CVE-2007-5135. Versions Affected - ----------------- All releases of 0.9.8 prior to 0.9.8f. All releases of 0.9.7 prior to 0.9.7m. (Note that versions prior to 0.9.8d and 0.9.7l actually had a worse problem in the same function). Recommendation - -------------- a) Don't use SSL_get_shared_ciphers(). OR b) Upgrade to 0.9.8f. - -- http://www.apache-ssl.org/ben.html http://www.links.org/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQCVAwUBRw9VDBsIDEUnGa81AQEgFAP+MBSAb2CYGHXe0eicqsn3CRVE3R384PoC 01odYyJIdzjXrmgUxKZ0zaKst2Ud2BbNZff1WUDj3oymjc5wbylE2tQLK7KsetRv hpfFwKmwbiLmhYtei+CVXOQiO+inOPeS9KbDbOqE40wrD9yMShJfpJXE7OG/Mf5t 8+l8pKLYag0= =mVOD -----END PGP SIGNATURE-----
*** Bug 195674 has been marked as a duplicate of this bug. ***
CVE-2007-5135 was adressed with GLSA 200710-06. DTLS is used only for UDP mode, so I would rate this B1 as this isn't much used compared to classic TLS for TCP. Anyway, base-system: please provide updated ebuild.
0.9.8f is now in ... gave a quick test on x86/amd64/sparc/ppc/ppc64/ia64 and it seems to be ok ...
Arches, please test and mark stable dev-libs/openssl-0.9.8f. Target "-* alpha amd64 arm hppa ia64 m68k mips ppc ppc64 s390 sh sparc ~sparc-fbsd x86 ~x86-fbsd"
done on x86
Created attachment 133354 [details] openssl-0.9.8f.ebuild with padlock patch support
Created attachment 133358 [details, diff] padlock engine patch for 0.9.8f ebuild
Thanks, openssl-0.9.8f.ebuild works flawlessly, including padlock static loading patch. Tested on X86 with apache, mysql, postfix, courier, ssh...
Comment on attachment 133358 [details, diff] padlock engine patch for 0.9.8f ebuild stop posting this stuff as you were already told where to take it
alpha/ia64/sparc stable
ppc64 stable
Stable for HPPA.
dev-libs/openssl-0.9.8f USE="kerberos (sse2) test zlib -bindist -emacs -gmp" 1. Emerges on AMD64. 2. No collisions and passes all tests. 3. Works. Tested with openssh and can still login remotely with both password and keys. Portage 2.1.3.9 (default-linux/amd64/2007.0/desktop, gcc-4.1.2, glibc-2.5-r4, 2.6.22-gentoo-r2 x86_64) ================================================================= System uname: 2.6.22-gentoo-r2 x86_64 Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz Timestamp of tree: Tue, 02 Oct 2007 20:50:01 +0000 distcc 2.18.3 x86_64-pc-linux-gnu (protocols 1 and 2) (default port 3632) [enabled] ccache version 2.4 [enabled] app-shells/bash: 3.2_p17 dev-java/java-config: 1.3.7, 2.0.33-r1 dev-lang/python: 2.4.4-r5 dev-python/pycrypto: 2.0.1-r6 dev-util/ccache: 2.4-r7 sys-apps/baselayout: 1.12.9-r2 sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.13, 2.61-r1 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10 sys-devel/binutils: 2.17-r1 sys-devel/gcc-config: 1.3.16 sys-devel/libtool: 1.5.24 virtual/os-headers: 2.6.21 ACCEPT_KEYWORDS="amd64" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=nocona -Os -msse3 -pipe -fomit-frame-pointer" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config" CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/splash /etc/terminfo" CXXFLAGS="-march=nocona -Os -msse3 -pipe -fomit-frame-pointer" DISTDIR="/usr/portage/distfiles" FEATURES="ccache collision-protect distcc distlocks metadata-transfer multilib-strict parallel-fetch sandbox sfperms strict test unmerge-orphans userfetch" GENTOO_MIRRORS="http://ftp.belnet.be/mirror/rsync.gentoo.org/gentoo/ http://trumpetti.atm.tut.fi/gentoo/ http://ftp.snt.utwente.nl/pub/os/linux/gentoo http://ds.thn.htu.se/linux/gentoo" LC_ALL="en_DK.utf8" MAKEOPTS="-j6" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/portage/local/layman/php-testing /usr/local/portage" SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage" USE="X a52 aac acl acpi aiglx alsa amd64 apache2 arts atk berkdb bitmap-fonts cairo cdr cli cracklib crypt cups dbus dga directfb dri dts dvd dvdr dvdread eds emboss encode evo fam fbcn ffmpeg firefox fortran ftp gd gdbm gif gphoto2 gpm gstreamer gtk hal iconv icq ieee1394 ipv6 isdnlog java jpeg kde kerberos lm_sensors mad midi mikmod mjpeg mmx mozilla mp2 mp3 mpeg mplayer msn mudflap ncurses nls nptl nptlonly ogg oggvorbis opengl openmp pam pcre pda pdf perl png ppds pppd python qt qt3 qt3support qt4 quicktime readline reflection samba sdl session spell spl sse sse2 sse3 ssl svg tcpd test threads tiff truetype truetype-fonts type1-fonts unicode vorbis x264 xcomposite xml xorg xscreensaver xv xvid zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" ELIBC="glibc" INPUT_DEVICES="keyboard mouse" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" USERLAND="GNU" VIDEO_CARDS="radeon" Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LDFLAGS, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
amd64 stable
ppc stable, ready for glsa
thanks, request filed.
GLSA 200710-30
(In reply to comment #17) > GLSA 200710-30 > As some of you noticed, the mail advisory included an error, vulnerable and unaffected versions were swapped, i.e. unaffected versions are of course >= 0.9.8f while vulnerable are < 0.9.8f, as the title says. Thanks for all of those who reported, you don't need to send me more e-mails about that now :)