629290 – (CVE-2017-3735) <dev-libs/openssl-{1.0.2m,1.1.0g}: Malformed X.509 IPAdressFamily could cause OOB read

Bug 629290 (CVE-2017-3735) - <dev-libs/openssl-{1.0.2m,1.1.0g}: Malformed X.509 IPAdressFamily could cause OOB read

Summary: <dev-libs/openssl-{1.0.2m,1.1.0g}: Malformed X.509 IPAdressFamily could cause...

Status:	RESOLVED FIXED

Alias:	CVE-2017-3735

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:	https://www.openssl.org/news/secadv/2...
Whiteboard:	A3 [glsa cve blocked]
Keywords:

Depends on:	CVE-2017-3736
Blocks:
	Show dependency tree

Reported:	2017-08-29 14:01 UTC by Kristian Fiskerstrand (RETIRED)
Modified:	2017-12-14 18:25 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Kristian Fiskerstrand (RETIRED) gentoo-dev

2017-08-29 14:01:52 UTC

OpenSSL Security Advisory [28 Aug 2017]
========================================

Malformed X.509 IPAdressFamily could cause OOB read (CVE-2017-3735)
===================================================================

Severity: Low

If an X.509 certificate has a malformed IPAddressFamily extension,
OpenSSL could do a one-byte buffer overread. The most likely result
would be an erroneous display of the certificate in text format.

As this is a low severity fix, no release is being made. The fix can be
found in the source repository (1.0.2, 1.1.0, and master branches); see
https://github.com/openssl/openssl/pull/4276. This bug has been present
since 2006.


This issue was found by Google's OSS-Fuzz project on August 22.
The fix was developed by Rich Salz of the OpenSSL development team.

Note
====

Support for version 1.0.1 ended on 31st December 2016. Support for versions
0.9.8 and 1.0.0 ended on 31st December 2015. Those versions are no longer
receiving security updates.

References
==========

URL for this Security Advisory:
https://www.openssl.org/news/secadv/20170828.txt

Note: the online version of the advisory may be updated with additional details
over time.

For details of OpenSSL severity classifications please see:
https://www.openssl.org/policies/secpolicy.html

Comment 1 Larry the Git Cow gentoo-dev

2017-11-02 15:58:06 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ddc7a2854b198ea1377a9b109a1d366e4c3099e0

commit ddc7a2854b198ea1377a9b109a1d366e4c3099e0
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2017-11-02 15:57:41 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2017-11-02 15:57:55 +0000

    dev-libs/openssl: Bump for CVE-2017-{3735,3736}
    
    Bug: https://bugs.gentoo.org/629290
    Bug: https://bugs.gentoo.org/636264
    Package-Manager: Portage-2.3.13, Repoman-2.3.4

 dev-libs/openssl/Manifest              |   2 +
 dev-libs/openssl/openssl-1.0.2m.ebuild | 254 +++++++++++++++++++++++++++++++++
 dev-libs/openssl/openssl-1.1.0g.ebuild | 240 +++++++++++++++++++++++++++++++
 3 files changed, 496 insertions(+)}

Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev

2017-11-24 02:21:22 UTC

Added to an existing GLSA request.

Comment 3 GLSAMaker/CVETool Bot gentoo-dev

2017-12-14 18:25:14 UTC

This issue was resolved and addressed in
 GLSA 201712-03 at https://security.gentoo.org/glsa/201712-03
by GLSA coordinator Thomas Deutschmann (whissi).