On March 19th 2015 the OpenSSL team will release updated versions of OpenSSL 0.9.8, 1.0.0, 1.0.1, 1.02 that fix several security issues. Lars is going to prepare patched ebuilds.
Note that the worst issues only affect OpenSSL 1.0.2 which is not stable on Gentoo.
*** Bug 543600 has been marked as a duplicate of this bug. ***
*** Bug 543766 has been marked as a duplicate of this bug. ***
CCing ago, getting ready for rapid stabilization as soon as new ebuilds are in tree.
Public via http://openssl.org/news/secadv_20150319.txt.
+*openssl-1.0.2-r3 (19 Mar 2015) +*openssl-1.0.1l-r1 (19 Mar 2015) + + 19 Mar 2015; Lars Wendler <polynomial-c@gentoo.org> + +openssl-1.0.1l-r1.ebuild, +openssl-1.0.2-r3.ebuild, + +files/openssl-1.0.1l-CVE-2015-0286.patch, + +files/openssl-1.0.2-CVE-2015-0291.patch: + Security bump (bug #543552). + 0.9.8z_p5-r1 will take a bit longer due to massive refactoring of the patch.
New upstream versions are available now too: https://www.openssl.org/source/ https://www.openssl.org/source/openssl-0.9.8zf.tar.gz https://www.openssl.org/source/openssl-1.0.0r.tar.gz https://www.openssl.org/source/openssl-1.0.1m.tar.gz https://www.openssl.org/source/openssl-1.0.2a.tar.gz
+*openssl-0.9.8z_p5-r1 (19 Mar 2015) + + 19 Mar 2015; Lars Wendler <polynomial-c@gentoo.org> + +openssl-0.9.8z_p5-r1.ebuild, +files/openssl-0.9.8ze-CVE-2015-0286.patch: + Security bump (bug #543552). + (In reply to Zoltán Halassy from comment #7) > New upstream versions are available now too: > > https://www.openssl.org/source/ > https://www.openssl.org/source/openssl-0.9.8zf.tar.gz > https://www.openssl.org/source/openssl-1.0.0r.tar.gz > https://www.openssl.org/source/openssl-1.0.1m.tar.gz > https://www.openssl.org/source/openssl-1.0.2a.tar.gz Upstram completely refactored their code so we need to adjust our patches first. Backporting the security patches was faster.
Stable for alpha/amd64/arm/ia64/ppc/ppc64/s390/sh/sparc/x86
the openssl advisory mentions 14 vulns, the current 1.0.2-r3 ebuild only patches one as far as I can see (judging from the patch names). Are the other vulns all patched? I understand it was faster to backport the patches, but I would feel more comfortable if we could quickly move to the upstream releases. (On the medium term it would probably be a good idea to upstream more of the gentoo-specific patches.)
(In reply to Hanno Boeck from comment #10) > the openssl advisory mentions 14 vulns, the current 1.0.2-r3 ebuild only > patches one as far as I can see (judging from the patch names). > Are the other vulns all patched? I understand it was faster to backport the > patches, but I would feel more comfortable if we could quickly move to the > upstream releases. (On the medium term it would probably be a good idea to > upstream more of the gentoo-specific patches.) Yes, all the vulns are patched. ebuilds for the new upstream releases are being worked on but treated outside of this security bug
Stable for HPPA.
*** Bug 541502 has been marked as a duplicate of this bug. ***
*** Bug 542038 has been marked as a duplicate of this bug. ***
This issue was resolved and addressed in GLSA 201503-11 at https://security.gentoo.org/glsa/201503-11 by GLSA coordinator Kristian Fiskerstrand (K_F).
Reopening for cleanup
+*openssl-1.0.2a (19 Mar 2015) +*openssl-1.0.1m (19 Mar 2015) +*openssl-1.0.0r (19 Mar 2015) +*openssl-0.9.8z_p6 (19 Mar 2015) + + 19 Mar 2015; Lars Wendler <polynomial-c@gentoo.org> + -openssl-0.9.8z_p1-r2.ebuild, -openssl-0.9.8z_p2.ebuild, + -openssl-0.9.8z_p3.ebuild, -openssl-0.9.8z_p4.ebuild, + -openssl-0.9.8z_p5.ebuild, +openssl-0.9.8z_p6.ebuild, -openssl-1.0.0q.ebuild, + +openssl-1.0.0r.ebuild, -openssl-1.0.1j.ebuild, -openssl-1.0.1k.ebuild, + -openssl-1.0.1l.ebuild, +openssl-1.0.1m.ebuild, -openssl-1.0.2-r1.ebuild, + -openssl-1.0.2-r2.ebuild, +openssl-1.0.2a.ebuild, + -files/openssl-1.0.0e-x32.patch, +files/openssl-1.0.0r-x32.patch, + +files/openssl-1.0.1m-ipv6.patch, +files/openssl-1.0.1m-parallel-build.patch, + +files/openssl-1.0.1m-s_client-verify.patch, +files/openssl-1.0.1m-x32.patch, + +files/openssl-1.0.2a-parallel-build.patch: + Version bump. Removed old. +
Thanks Lars! Closed.
Ok, nice, upstream released 1.0.1m (M!) and 1.0.1l (L) has been marked stable, which only added build fixes for some obscure archs. The NSA is proud of you ;)
(In reply to Rolf Eike Beer from comment #19) > Ok, nice, upstream released 1.0.1m (M!) and 1.0.1l (L) has been marked > stable, which only added build fixes for some obscure archs. The NSA is > proud of you ;) Rolf Eike, sorry to disappoint you, but we backported the patches for 1.0.1m to 1.0.1l-r1 (note "revision 1") before the new release was even public. Feel free to look at the actual ebuilds and patches.
CVE-2015-1787 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1787): The ssl3_get_client_key_exchange function in s3_srvr.c in OpenSSL 1.0.2 before 1.0.2a, when client authentication and an ephemeral Diffie-Hellman ciphersuite are enabled, allows remote attackers to cause a denial of service (daemon crash) via a ClientKeyExchange message with a length of zero. CVE-2015-0293 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0293): The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (s2_lib.c assertion failure and daemon exit) via a crafted CLIENT-MASTER-KEY message. CVE-2015-0292 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0292): Integer underflow in the EVP_DecodeUpdate function in crypto/evp/encode.c in the base64-decoding implementation in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted base64 data that triggers a buffer overflow. CVE-2015-0291 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0291): The sigalgs implementation in t1_lib.c in OpenSSL 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) by using an invalid signature_algorithms extension in the ClientHello message during a renegotiation. CVE-2015-0290 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0290): The multi-block feature in the ssl3_write_bytes function in s3_pkt.c in OpenSSL 1.0.2 before 1.0.2a on 64-bit x86 platforms with AES NI support does not properly handle certain non-blocking I/O cases, which allows remote attackers to cause a denial of service (pointer corruption and application crash) via unspecified vectors. CVE-2015-0289 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0289): The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly handle a lack of outer ContentInfo, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, related to crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c. CVE-2015-0288 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0288): The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid certificate key. CVE-2015-0287 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0287): The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not reinitialize CHOICE and ADB data structures, which might allow attackers to cause a denial of service (invalid write operation and memory corruption) by leveraging an application that relies on ASN.1 structure reuse. CVE-2015-0286 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0286): The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly perform boolean-type comparisons, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature. CVE-2015-0285 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0285): The ssl3_client_hello function in s3_clnt.c in OpenSSL 1.0.2 before 1.0.2a does not ensure that the PRNG is seeded before proceeding with a handshake, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and then conducting a brute-force attack. CVE-2015-0209 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0209): Use-after-free vulnerability in the d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed Elliptic Curve (EC) private-key file that is improperly handled during import. CVE-2015-0208 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0208): The ASN.1 signature-verification implementation in the rsa_item_verify function in crypto/rsa/rsa_ameth.c in OpenSSL 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted RSA PSS parameters to an endpoint that uses the certificate-verification feature. CVE-2015-0207 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0207): The dtls1_listen function in d1_lib.c in OpenSSL 1.0.2 before 1.0.2a does not properly isolate the state information of independent data streams, which allows remote attackers to cause a denial of service (application crash) via crafted DTLS traffic, as demonstrated by DTLS 1.0 traffic to a DTLS 1.2 server.