ID

VAR-201605-0079

CVE

CVE-2016-2109

TITLE

OpenSSL ASN.1 BIO Implementing a denial of service vulnerability

DESCRIPTION

The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding. OpenSSL is prone to a local denial-of-service vulnerability. An attacker may exploit this issue to crash the application or consume excessive amount of data, resulting in denial-of-service conditions. Corrected: 2016-05-03 18:54:20 UTC (stable/10, 10.3-STABLE) 2016-05-04 15:25:47 UTC (releng/10.3, 10.3-RELEASE-p2) 2016-05-04 15:26:23 UTC (releng/10.2, 10.2-RELEASE-p16) 2016-05-04 15:27:09 UTC (releng/10.1, 10.1-RELEASE-p33) 2016-05-04 06:53:02 UTC (stable/9, 9.3-STABLE) 2016-05-04 15:27:09 UTC (releng/9.3, 9.3-RELEASE-p41) CVE Name: CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2109, CVE-2016-2176 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:https://security.FreeBSD.org/>. Background FreeBSD includes software from the OpenSSL Project. II. [CVE-2016-2176] FreeBSD does not run on any EBCDIC systems and therefore is not affected. III. IV. Workaround No workaround is available. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. Restart all daemons that use the library, or reboot the system. 2) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install Restart all daemons that use the library, or reboot the system. 3) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 10.x] # fetch https://security.FreeBSD.org/patches/SA-16:17/openssl-10.patch # fetch https://security.FreeBSD.org/patches/SA-16:17/openssl-10.patch.asc # gpg --verify openssl-10.patch.asc [FreeBSD 9.3] # fetch https://security.FreeBSD.org/patches/SA-16:17/openssl-9.patc # fetch https://security.FreeBSD.org/patches/SA-16:17/openssl-9.patch.asc # gpg --verify openssl-9.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. Restart all daemons that use the library, or reboot the system. VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/9/ r299053 releng/9.3/ r299068 stable/10/ r298999 releng/10.1/ r299068 releng/10.2/ r299067 releng/10.3/ r299066 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: <URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> VII. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201612-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: OpenSSL: Multiple vulnerabilities Date: December 07, 2016 Bugs: #581234, #585142, #585276, #591454, #592068, #592074, #592082, #594500, #595186 ID: 201612-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in OpenSSL, the worst of which allows attackers to conduct a time based side-channel attack. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-libs/openssl < 1.0.2j >= 1.0.2j Description =========== Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers and the International Association for Cryptologic Research's (IACR) paper, "Make Sure DSA Signing Exponentiations Really are Constant-Time" for further details. Additionally, a time based side-channel attack may allow a local attacker to recover a private DSA key. Resolution ========== All OpenSSL users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.2j" References ========== [ 1 ] CVE-2016-2105 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2105 [ 2 ] CVE-2016-2106 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2106 [ 3 ] CVE-2016-2107 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2107 [ 4 ] CVE-2016-2108 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2108 [ 5 ] CVE-2016-2109 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2109 [ 6 ] CVE-2016-2176 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2176 [ 7 ] CVE-2016-2177 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2177 [ 8 ] CVE-2016-2178 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2178 [ 9 ] CVE-2016-2180 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2180 [ 10 ] CVE-2016-2183 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2183 [ 11 ] CVE-2016-6304 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6304 [ 12 ] CVE-2016-6305 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6305 [ 13 ] CVE-2016-6306 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6306 [ 14 ] CVE-2016-7052 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7052 [ 15 ] Make Sure DSA Signing Exponentiations Really are Constant-Time http://eprint.iacr.org/2016/594.pdf Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201612-16 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. License ======= Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/openssl-1.0.1t-i486-1_slack14.1.txz: Upgraded. +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated packages for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1t-i486-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1t-i486-1_slack14.0.txz Updated packages for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1t-x86_64-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1t-x86_64-1_slack14.0.txz Updated packages for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1t-i486-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1t-i486-1_slack14.1.txz Updated packages for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1t-x86_64-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1t-x86_64-1_slack14.1.txz Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.2h-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.2h-i586-1.txz Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.2h-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.2h-x86_64-1.txz MD5 signatures: +-------------+ Slackware 14.0 packages: 033bd9509aeb07712e6bb3adf89c18e4 openssl-1.0.1t-i486-1_slack14.0.txz 9e91d781e33f7af80cbad08b245e84ed openssl-solibs-1.0.1t-i486-1_slack14.0.txz Slackware x86_64 14.0 packages: e5c77ec16e3f2fcb2f1d53d84a6ba951 openssl-1.0.1t-x86_64-1_slack14.0.txz 2de7b6196a905233036d7f38008984bd openssl-solibs-1.0.1t-x86_64-1_slack14.0.txz Slackware 14.1 packages: 96dcae05ae2f585c30de852a55eb870f openssl-1.0.1t-i486-1_slack14.1.txz 59618b061e62fd9d73ba17df7626b2e7 openssl-solibs-1.0.1t-i486-1_slack14.1.txz Slackware x86_64 14.1 packages: 3d5ebfce099917703d537ab603e58a9b openssl-1.0.1t-x86_64-1_slack14.1.txz bf3a6bbdbe835dd2ce73333822cc9f06 openssl-solibs-1.0.1t-x86_64-1_slack14.1.txz Slackware -current packages: 4889a10c5f3aa7104167c7d50eedf7ea a/openssl-solibs-1.0.2h-i586-1.txz 8e3439f35c3cb4e11ca64eebb238a52f n/openssl-1.0.2h-i586-1.txz Slackware x86_64 -current packages: b4a852bb7e86389ec228288ccb7e79bb a/openssl-solibs-1.0.2h-x86_64-1.txz bcf9dc7bb04173f002644e3ce33ab4ab n/openssl-1.0.2h-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the packages as root: # upgradepkg openssl-1.0.1t-i486-1_slack14.1.txz openssl-solibs-1.0.1t-i486-1_slack14.1.txz Then, reboot the machine or restart any network services that use OpenSSL. +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: openssl security update Advisory ID: RHSA-2016:0722-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0722.html Issue date: 2016-05-09 CVE Names: CVE-2016-0799 CVE-2016-2105 CVE-2016-2106 CVE-2016-2107 CVE-2016-2108 CVE-2016-2109 CVE-2016-2842 ===================================================================== 1. Summary: An update for openssl is now available for Red Hat Enterprise Linux 7. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es): * A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library. A remote attacker could use these flaws to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application. (CVE-2016-2105, CVE-2016-2106) * It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when the connection used the AES CBC cipher suite and the server supported AES-NI. A remote attacker could possibly use this flaw to retrieve plain text from encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2016-0799, CVE-2016-2842) * A denial of service flaw was found in the way OpenSSL parsed certain ASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. (CVE-2016-2109) Red Hat would like to thank the OpenSSL project for reporting CVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, and CVE-2016-0799. Upstream acknowledges Huzaifa Sidhpurwala (Red Hat), Hanno Böck, and David Benjamin (Google) as the original reporters of CVE-2016-2108; Guido Vranken as the original reporter of CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, and CVE-2016-0799; and Juraj Somorovsky as the original reporter of CVE-2016-2107. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. 5. Bugs fixed (https://bugzilla.redhat.com/): 1312219 - CVE-2016-0799 OpenSSL: Fix memory issues in BIO_*printf functions 1314757 - CVE-2016-2842 openssl: doapr_outch function does not verify that certain memory allocation succeeds 1330101 - CVE-2016-2109 openssl: ASN.1 BIO handling of large amounts of data 1331402 - CVE-2016-2108 openssl: Memory corruption in the ASN.1 encoder 1331426 - CVE-2016-2107 openssl: Padding oracle in AES-NI CBC MAC check 1331441 - CVE-2016-2105 openssl: EVP_EncodeUpdate overflow 1331536 - CVE-2016-2106 openssl: EVP_EncryptUpdate overflow 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: openssl-1.0.1e-51.el7_2.5.src.rpm x86_64: openssl-1.0.1e-51.el7_2.5.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.5.i686.rpm openssl-libs-1.0.1e-51.el7_2.5.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: openssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.5.i686.rpm openssl-devel-1.0.1e-51.el7_2.5.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.5.x86_64.rpm openssl-static-1.0.1e-51.el7_2.5.i686.rpm openssl-static-1.0.1e-51.el7_2.5.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: openssl-1.0.1e-51.el7_2.5.src.rpm x86_64: openssl-1.0.1e-51.el7_2.5.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.5.i686.rpm openssl-libs-1.0.1e-51.el7_2.5.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: openssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.5.i686.rpm openssl-devel-1.0.1e-51.el7_2.5.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.5.x86_64.rpm openssl-static-1.0.1e-51.el7_2.5.i686.rpm openssl-static-1.0.1e-51.el7_2.5.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: openssl-1.0.1e-51.el7_2.5.src.rpm ppc64: openssl-1.0.1e-51.el7_2.5.ppc64.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.ppc.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.ppc64.rpm openssl-devel-1.0.1e-51.el7_2.5.ppc.rpm openssl-devel-1.0.1e-51.el7_2.5.ppc64.rpm openssl-libs-1.0.1e-51.el7_2.5.ppc.rpm openssl-libs-1.0.1e-51.el7_2.5.ppc64.rpm ppc64le: openssl-1.0.1e-51.el7_2.5.ppc64le.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.ppc64le.rpm openssl-devel-1.0.1e-51.el7_2.5.ppc64le.rpm openssl-libs-1.0.1e-51.el7_2.5.ppc64le.rpm s390x: openssl-1.0.1e-51.el7_2.5.s390x.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.s390.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.s390x.rpm openssl-devel-1.0.1e-51.el7_2.5.s390.rpm openssl-devel-1.0.1e-51.el7_2.5.s390x.rpm openssl-libs-1.0.1e-51.el7_2.5.s390.rpm openssl-libs-1.0.1e-51.el7_2.5.s390x.rpm x86_64: openssl-1.0.1e-51.el7_2.5.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.5.i686.rpm openssl-devel-1.0.1e-51.el7_2.5.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.5.i686.rpm openssl-libs-1.0.1e-51.el7_2.5.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: openssl-debuginfo-1.0.1e-51.el7_2.5.ppc.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.ppc64.rpm openssl-perl-1.0.1e-51.el7_2.5.ppc64.rpm openssl-static-1.0.1e-51.el7_2.5.ppc.rpm openssl-static-1.0.1e-51.el7_2.5.ppc64.rpm ppc64le: openssl-debuginfo-1.0.1e-51.el7_2.5.ppc64le.rpm openssl-perl-1.0.1e-51.el7_2.5.ppc64le.rpm openssl-static-1.0.1e-51.el7_2.5.ppc64le.rpm s390x: openssl-debuginfo-1.0.1e-51.el7_2.5.s390.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.s390x.rpm openssl-perl-1.0.1e-51.el7_2.5.s390x.rpm openssl-static-1.0.1e-51.el7_2.5.s390.rpm openssl-static-1.0.1e-51.el7_2.5.s390x.rpm x86_64: openssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.5.x86_64.rpm openssl-static-1.0.1e-51.el7_2.5.i686.rpm openssl-static-1.0.1e-51.el7_2.5.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: openssl-1.0.1e-51.el7_2.5.src.rpm x86_64: openssl-1.0.1e-51.el7_2.5.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.5.i686.rpm openssl-devel-1.0.1e-51.el7_2.5.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.5.i686.rpm openssl-libs-1.0.1e-51.el7_2.5.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: openssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.5.x86_64.rpm openssl-static-1.0.1e-51.el7_2.5.i686.rpm openssl-static-1.0.1e-51.el7_2.5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-0799 https://access.redhat.com/security/cve/CVE-2016-2105 https://access.redhat.com/security/cve/CVE-2016-2106 https://access.redhat.com/security/cve/CVE-2016-2107 https://access.redhat.com/security/cve/CVE-2016-2108 https://access.redhat.com/security/cve/CVE-2016-2109 https://access.redhat.com/security/cve/CVE-2016-2842 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXMFlTXlSAg2UNWIIRAhYAAJ0T9Ib2vXUa5te34i6fphHrbe0HlwCfePy5 WjaK8x9OaI0FgbWyfxvwq6o= =jHjh -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce. This could lead to a heap corruption. This could lead to a heap corruption. CVE-2016-2108 David Benjamin from Google discovered that two separate bugs in the ASN.1 encoder, related to handling of negative zero integer values and large universal tags, could lead to an out-of-bounds write. For the unstable distribution (sid), these problems have been fixed in version 1.0.2h-1. Description: Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release includes bug fixes and enhancements, as well as a new release of OpenSSL that addresses a number of outstanding security flaws. For further information, see the knowledge base article linked to in the References section. The JBoss server process must be restarted for the update to take effect. (CVE-2016-2108) * Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP request smuggling attacks. (CVE-2015-3195) * A flaw was found in the way the TLS protocol composes the Diffie-Hellman exchange (for both export and non-export grade cipher suites). An attacker could use this flaw to downgrade a DHE connection to use export-grade key sizes, which could then be broken by sufficient pre-computation. This can lead to a passive man-in-the-middle attack in which the attacker is able to decrypt all traffic. (CVE-2016-2106) * It was discovered that it is possible to remotely Segfault Apache http server with a specially crafted string sent to the mod_cluster via service messages (MCMP). (CVE-2016-2109) * It was discovered that specifying configuration with a JVMRoute path longer than 80 characters will cause segmentation fault leading to a server crash. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05320149 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05320149 Version: 1 HPSBMU03653 rev.1 - HPE System Management Homepage (SMH), Remote Arbitrary Code Execution, Cross-Site Scripting (XSS), Denial of Service (DoS), Unauthorized Disclosure of Information NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2016-10-26 Last Updated: 2016-10-26 Potential Security Impact: Remote: Arbitrary Code Execution, Cross-Site Scripting (XSS), Denial of Service (DoS), Unauthorized Disclosure of Information Source: Hewlett Packard Enterprise, Product Security Response Team VULNERABILITY SUMMARY Multiple potential security vulnerabilities have been identified in HPE System Management Homepage (SMH) on Windows and Linux. The vulnerabilities could be remotely exploited using man-in-the-middle (MITM) attacks resulting in cross-site scripting (XSS), arbitrary code execution, Denial of Service (DoS), and/or unauthorized disclosure of information. References: - CVE-2016-2107 - OpenSSL, Unauthorized disclosure of information - CVE-2016-2106 - OpenSSL, Denial of Service (DoS) - CVE-2016-2109 - OpenSSL, Denial of Service (DoS) - CVE-2016-2105 - OpenSSL, Denial of Service (DoS) - CVE-2016-3739 - cURL and libcurl, Remote code execution - CVE-2016-5388 - "HTTPoxy", Apache Tomcat - CVE-2016-5387 - "HTTPoxy", Apache HTTP Server - CVE-2016-5385 - "HTTPoxy", PHP - CVE-2016-4543 - PHP, multiple impact - CVE-2016-4071 - PHP, multiple impact - CVE-2016-4072 - PHP, multiple impact - CVE-2016-4542 - PHP, multiple impact - CVE-2016-4541 - PHP, multiple impact - CVE-2016-4540 - PHP, multiple impact - CVE-2016-4539 - PHP, multiple impact - CVE-2016-4538 - PHP, multiple impact - CVE-2016-4537 - PHP, multiple impact - CVE-2016-4343 - PHP, multiple impact - CVE-2016-4342 - PHP, multiple impact - CVE-2016-4070 - PHP, Denial of Service (DoS) - CVE-2016-4393 - PSRT110263, XSS vulnerability - CVE-2016-4394 - PSRT110263, HSTS vulnerability - CVE-2016-4395 - ZDI-CAN-3722, PSRT110115, Buffer Overflow - CVE-2016-4396 - ZDI-CAN-3730, PSRT110116, Buffer Overflow - PSRT110145 - PSRT110263 - PSRT110115 - PSRT110116 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. - HPE System Management Homepage - all versions prior to v7.6 BACKGROUND CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector CVE-2016-2105 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) CVE-2016-2106 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) CVE-2016-2107 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.6 (AV:N/AC:H/Au:N/C:P/I:N/A:N) CVE-2016-2109 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C) CVE-2016-3739 5.3 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N) CVE-2016-4070 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) CVE-2016-4071 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2016-4072 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2016-4342 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 8.3 (AV:N/AC:M/Au:N/C:P/I:P/A:C) CVE-2016-4343 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2016-4393 4.2 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N 4.9 (AV:N/AC:M/Au:S/C:P/I:P/A:N) CVE-2016-4394 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L 5.8 (AV:N/AC:M/Au:N/C:N/I:P/A:P) CVE-2016-4395 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 7.8 (AV:N/AC:L/Au:N/C:N/I:C/A:N) CVE-2016-4396 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 7.8 (AV:N/AC:L/Au:N/C:N/I:C/A:N) CVE-2016-4537 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2016-4538 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2016-4539 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2016-4540 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2016-4541 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2016-4542 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2016-4543 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2016-5385 8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P) CVE-2016-5387 8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P) CVE-2016-5388 8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P) Information on CVSS is documented in HPE Customer Notice HPSN-2008-002 here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499 * Hewlett Packard Enterprise thanks Tenable Network Security for working with Trend Micro's Zero Day Initiative (ZDI) for reporting CVE-2016-4395 and CVE-2016-4396 to security-alert@hpe.com RESOLUTION HPE has made the following software updates available to resolve the vulnerabilities for the impacted versions of System Management Homepage (SMH). Please download and install HPE System Management Homepage (SMH) v7.6.0 from the following locations: * <https://www.hpe.com/us/en/product-catalog/detail/pip.344313.html> HISTORY Version:1 (rev.1) - 26 October 2016 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com. Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX Copyright 2016 Hewlett Packard Enterprise Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. References: - CVE-2016-2105 - openssl - CVE-2016-2106 - openssl - CVE-2016-2107 - openssl - CVE-2016-2108 - openssl - CVE-2016-2109 - openssl - CVE-2016-2176 - openssl SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. The References section of this erratum contains a download link (you must log in to download the update). (CVE-2014-8176, CVE-2015-0209, CVE-2015-0286, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196, CVE-2015-3216, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0799, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2016-2177, CVE-2016-2178, CVE-2016-2842) * This update fixes several flaws in libxml2. (CVE-2016-1762, CVE-2016-1833, CVE-2016-1834, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, CVE-2016-1840, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447, CVE-2016-4448, CVE-2016-4449, CVE-2016-4483) * This update fixes three flaws in curl. (CVE-2016-5419, CVE-2016-5420, CVE-2016-7141) * This update fixes two flaws in httpd. (CVE-2014-3523, CVE-2015-3185) * This update fixes two flaws in mod_cluster. (CVE-2016-4459, CVE-2016-8612) * A buffer overflow flaw when concatenating virtual host names and URIs was fixed in mod_jk. (CVE-2016-6808) * A memory leak flaw was fixed in expat. After installing the updated packages, the httpd daemon will be restarted automatically. JIRA issues fixed (https://issues.jboss.org/): JBCS-50 - CVE-2012-1148 CVE-2012-0876 expat: various flaws [jbews-3.0.0] JBCS-95 - CVE-2014-3523 httpd: WinNT MPM denial of service 6. OpenSSL Security Advisory [3rd May 2016] ======================================== Memory corruption in the ASN.1 encoder (CVE-2016-2108) ====================================================== Severity: High This issue affected versions of OpenSSL prior to April 2015. The bug causing the vulnerability was fixed on April 18th 2015, and released as part of the June 11th 2015 security releases. The security impact of the bug was not known at the time. In previous versions of OpenSSL, ASN.1 encoding the value zero represented as a negative integer can cause a buffer underflow with an out-of-bounds write in i2c_ASN1_INTEGER. The ASN.1 parser does not normally create "negative zeroes" when parsing ASN.1 input, and therefore, an attacker cannot trigger this bug. However, a second, independent bug revealed that the ASN.1 parser (specifically, d2i_ASN1_TYPE) can misinterpret a large universal tag as a negative zero value. Large universal tags are not present in any common ASN.1 structures (such as X509) but are accepted as part of ANY structures. Therefore, if an application deserializes untrusted ASN.1 structures containing an ANY field, and later reserializes them, an attacker may be able to trigger an out-of-bounds write. This has been shown to cause memory corruption that is potentially exploitable with some malloc implementations. Applications that parse and re-encode X509 certificates are known to be vulnerable. Applications that verify RSA signatures on X509 certificates may also be vulnerable; however, only certificates with valid signatures trigger ASN.1 re-encoding and hence the bug. Specifically, since OpenSSL's default TLS X509 chain verification code verifies the certificate chain from root to leaf, TLS handshakes could only be targeted with valid certificates issued by trusted Certification Authorities. OpenSSL 1.0.2 users should upgrade to 1.0.2c OpenSSL 1.0.1 users should upgrade to 1.0.1o This vulnerability is a combination of two bugs, neither of which individually has security impact. The first bug (mishandling of negative zero integers) was reported to OpenSSL by Huzaifa Sidhpurwala (Red Hat) and independently by Hanno Böck in April 2015. The second issue (mishandling of large universal tags) was found using libFuzzer, and reported on the public issue tracker on March 1st 2016. The fact that these two issues combined present a security vulnerability was reported by David Benjamin (Google) on March 31st 2016. The fixes were developed by Steve Henson of the OpenSSL development team, and David Benjamin. The OpenSSL team would also like to thank Mark Brand and Ian Beer from the Google Project Zero team for their careful analysis of the impact. The fix for the "negative zero" memory corruption bug can be identified by commits 3661bb4e7934668bd99ca777ea8b30eedfafa871 (1.0.2) and 32d3b0f52f77ce86d53f38685336668d47c5bdfe (1.0.1) Padding oracle in AES-NI CBC MAC check (CVE-2016-2107) ====================================================== Severity: High A MITM attacker can use a padding oracle attack to decrypt traffic when the connection uses an AES CBC cipher and the server support AES-NI. This issue was introduced as part of the fix for Lucky 13 padding attack (CVE-2013-0169). The padding check was rewritten to be in constant time by making sure that always the same bytes are read and compared against either the MAC or padding bytes. But it no longer checked that there was enough data to have both the MAC and padding bytes. OpenSSL 1.0.2 users should upgrade to 1.0.2h OpenSSL 1.0.1 users should upgrade to 1.0.1t This issue was reported to OpenSSL on 13th of April 2016 by Juraj Somorovsky using TLS-Attacker. The fix was developed by Kurt Roeckx of the OpenSSL development team. EVP_EncodeUpdate overflow (CVE-2016-2105) ========================================= Severity: Low An overflow can occur in the EVP_EncodeUpdate() function which is used for Base64 encoding of binary data. If an attacker is able to supply very large amounts of input data then a length check can overflow resulting in a heap corruption. Internally to OpenSSL the EVP_EncodeUpdate() function is primarly used by the PEM_write_bio* family of functions. These are mainly used within the OpenSSL command line applications. These internal uses are not considered vulnerable because all calls are bounded with length checks so no overflow is possible. User applications that call these APIs directly with large amounts of untrusted data may be vulnerable. (Note: Initial analysis suggested that the PEM_write_bio* were vulnerable, and this is reflected in the patch commit message. This is no longer believed to be the case). OpenSSL 1.0.2 users should upgrade to 1.0.2h OpenSSL 1.0.1 users should upgrade to 1.0.1t This issue was reported to OpenSSL on 3rd March 2016 by Guido Vranken. The fix was developed by Matt Caswell of the OpenSSL development team. EVP_EncryptUpdate overflow (CVE-2016-2106) ========================================== Severity: Low An overflow can occur in the EVP_EncryptUpdate() function. If an attacker is able to supply very large amounts of input data after a previous call to EVP_EncryptUpdate() with a partial block then a length check can overflow resulting in a heap corruption. Following an analysis of all OpenSSL internal usage of the EVP_EncryptUpdate() function all usage is one of two forms. The first form is where the EVP_EncryptUpdate() call is known to be the first called function after an EVP_EncryptInit(), and therefore that specific call must be safe. The second form is where the length passed to EVP_EncryptUpdate() can be seen from the code to be some small value and therefore there is no possibility of an overflow. Since all instances are one of these two forms, it is believed that there can be no overflows in internal code due to this problem. It should be noted that EVP_DecryptUpdate() can call EVP_EncryptUpdate() in certain code paths. Also EVP_CipherUpdate() is a synonym for EVP_EncryptUpdate(). All instances of these calls have also been analysed too and it is believed there are no instances in internal usage where an overflow could occur. This could still represent a security issue for end user code that calls this function directly. OpenSSL 1.0.2 users should upgrade to 1.0.2h OpenSSL 1.0.1 users should upgrade to 1.0.1t This issue was reported to OpenSSL on 3rd March 2016 by Guido Vranken. The fix was developed by Matt Caswell of the OpenSSL development team. Any application parsing untrusted data through d2i BIO functions is affected. The memory based functions such as d2i_X509() are *not* affected. Since the memory based functions are used by the TLS library, TLS applications are not affected. OpenSSL 1.0.2 users should upgrade to 1.0.2h OpenSSL 1.0.1 users should upgrade to 1.0.1t This issue was reported to OpenSSL on 4th April 2016 by Brian Carpenter. The fix was developed by Stephen Henson of the OpenSSL development team. EBCDIC overread (CVE-2016-2176) =============================== Severity: Low ASN1 Strings that are over 1024 bytes can cause an overread in applications using the X509_NAME_oneline() function on EBCDIC systems. This could result in arbitrary stack data being returned in the buffer. OpenSSL 1.0.2 users should upgrade to 1.0.2h OpenSSL 1.0.1 users should upgrade to 1.0.1t This issue was reported to OpenSSL on 5th March 2016 by Guido Vranken. The fix was developed by Matt Caswell of the OpenSSL development team. Note ==== As per our previous announcements and our Release Strategy (https://www.openssl.org/policies/releasestrat.html), support for OpenSSL version 1.0.1 will cease on 31st December 2016. No security updates for that version will be provided after that date. Users of 1.0.1 are advised to upgrade. Support for versions 0.9.8 and 1.0.0 ended on 31st December 2015. Those versions are no longer receiving security updates. References ========== URL for this Security Advisory: https://www.openssl.org/news/secadv/20160503.txt Note: the online version of the advisory may be updated with additional details over time. For details of OpenSSL severity classifications please see: https://www.openssl.org/policies/secpolicy.html

AFFECTED PRODUCTS