FreshPorts - VuXML

The OpenSSL team reports:

• Missing DHE man-in-the-middle protection (Logjam) (CVE-2015-4000)
• Malformed ECParameters causes infinite loop (CVE-2015-1788)
• Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789)
• PKCS#7 crash with missing EnvelopedContent (CVE-2015-1790)
• CMS verify infinite loop with unknown hash function (CVE-2015-1792)
• Race condition handling NewSessionTicket (CVE-2015-1791)
• Invalid free in DTLS (CVE-2014-8176)

< 1.0.2_2

ge 1.0.1 lt 1.0.2b

< 1.0.1e_6

< 2.1.7

ge 10.1 lt 10.1_12

ge 9.3 lt 9.3_16

ge 8.4 lt 8.4_30

The OpenSSL Project reports:

A flaw in the DTLS SRTP extension parsing code allows an attacker, who sends a carefully crafted handshake message, to cause OpenSSL to fail to free up to 64k of memory causing a memory leak. This could be exploited in a Denial Of Service attack. This issue affects OpenSSL 1.0.1 server implementations for both SSL/TLS and DTLS regardless of whether SRTP is used or configured. Implementations of OpenSSL that have been compiled with OPENSSL_NO_SRTP defined are not affected. [CVE-2014-3513].

When an OpenSSL SSL/TLS/DTLS server receives a session ticket the integrity of that ticket is first verified. In the event of a session ticket integrity check failing, OpenSSL will fail to free memory causing a memory leak. By sending a large number of invalid session tickets an attacker could exploit this issue in a Denial Of Service attack. [CVE-2014-3567].

OpenSSL has added support for TLS_FALLBACK_SCSV to allow applications to block the ability for a MITM attacker to force a protocol downgrade.

Some client applications (such as browsers) will reconnect using a downgraded protocol to work around interoperability bugs in older servers. This could be exploited by an active man-in-the-middle to downgrade connections to SSL 3.0 even if both sides of the connection support higher protocols. SSL 3.0 contains a number of weaknesses including POODLE [CVE-2014-3566].

When OpenSSL is configured with "no-ssl3" as a build option, servers could accept and complete a SSL 3.0 handshake, and clients could be configured to send them. [CVE-2014-3568].

ge 1.0.1 lt 1.0.1_16

ge 1.0.1 lt 1.0.1j

< 1.0.1e_1

ge 8.4 lt 8.4_17

ge 9.1 lt 9.1_20

ge 9.2 lt 9.2_13

ge 9.3 lt 9.3_3

ge 10.0 lt 10.0_10

OpenSSL project reports:

1. BN_mod_exp may produce incorrect results on x86_64 (CVE-2015-3193)
2. Certificate verify crash with missing PSS parameter (CVE-2015-3194)
3. X509_ATTRIBUTE memory leak (CVE-2015-3195)
4. Race condition handling PSK identify hint (CVE-2015-3196)
5. Anon DH ServerKeyExchange with 0 p parameter (CVE-2015-1794)

< 1.0.2_5

ge 1.0.1 lt 1.0.2e

< 1.0.1e_7

ge 10.2 lt 10.2_8

ge 10.1 lt 10.1_25

ge 9.3 lt 9.3_31

OpenSSL project reports:

1. Historically OpenSSL only ever generated DH parameters based on "safe" primes. More recently (in version 1.0.2) support was provided for generating X9.42 style parameter files such as those required for RFC 5114 support. The primes used in such files may not be "safe". Where an application is using DH configured with parameters based on primes that are not "safe" then an attacker could use this fact to find a peer's private DH exponent. This attack requires that the attacker complete multiple handshakes in which the peer uses the same private DH exponent. For example this could be used to discover a TLS server's private DH exponent if it's reusing the private DH exponent or it's using a static DH ciphersuite. OpenSSL provides the option SSL_OP_SINGLE_DH_USE for ephemeral DH (DHE) in TLS. It is not on by default. If the option is not set then the server reuses the same private DH exponent for the life of the server process and would be vulnerable to this attack. It is believed that many popular applications do set this option and would therefore not be at risk. (CVE-2016-0701)
2. A malicious client can negotiate SSLv2 ciphers that have been disabled on the server and complete SSLv2 handshakes even if all SSLv2 ciphers have been disabled, provided that the SSLv2 protocol was not also disabled via SSL_OP_NO_SSLv2. (CVE-2015-3197)

< 1.0.2_7

ge 1.0.1 lt 1.0.2f

ge 10.2 lt 10.2_12

ge 10.1 lt 10.1_29

ge 9.3 lt 9.3_36

OpenSSL project reports:

DTLS segmentation fault in dtls1_get_record (CVE-2014-3571)

DTLS memory leak in dtls1_buffer_record (CVE-2015-0206)

no-ssl3 configuration sets method to NULL (CVE-2014-3569)

ECDHE silently downgrades to ECDH [Client] (CVE-2014-3572)

RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204)

DH client certificates accepted without verification [Server] (CVE-2015-0205)

Certificate fingerprints can be modified (CVE-2014-8275)

Bignum squaring may produce incorrect results (CVE-2014-3570)

ge 1.0.1 lt 1.0.1_17

ge 1.0.1 lt 1.0.1k

< 1.0.1e_3

ge 10.1 lt 10.1_4

ge 10.0 lt 10.0_16

ge 9.3 lt 9.3_8

ge 8.4 lt 8.4_22

OpenSSL project reports:

• Reclassified: RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204). OpenSSL only.
• Segmentation fault in ASN1_TYPE_cmp (CVE-2015-0286)
• ASN.1 structure reuse memory corruption (CVE-2015-0287)
• PKCS#7 NULL pointer dereferences (CVE-2015-0289)
• Base64 decode (CVE-2015-0292). OpenSSL only.
• DoS via reachable assert in SSLv2 servers (CVE-2015-0293). OpenSSL only.
• Use After Free following d2i_ECPrivatekey error (CVE-2015-0209)
• X509_to_X509_REQ NULL pointer deref (CVE-2015-0288)

ge 1.0.1 lt 1.0.1_19

ge 1.0.1 lt 1.0.1m

< 1.0.1e_4

le 2.1.5_1

ge 10.1 lt 10.1_8

ge 9.3 lt 9.3_12

ge 8.4 lt 8.4_26