ID

VAR-201705-3649

CVE

CVE-2017-3732

TITLE

OpenSSL Service disruption in (DoS) Vulnerabilities

DESCRIPTION

There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very similar to CVE-2015-3193 but must be treated as a separate problem. OpenSSL There is a service disruption ( crash ) There are vulnerabilities that are put into a state.Service operation interruption ( crash ) There is a possibility of being put into a state. OpenSSL is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. Versions prior to OpenSSL 1.1.0d and 1.0.2k are vulnerable. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] openssl (SSA:2017-041-02) New openssl packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/openssl-1.0.2k-i586-1_slack14.2.txz: Upgraded. +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated packages for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openssl-1.0.2k-i586-1_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openssl-solibs-1.0.2k-i586-1_slack14.2.txz Updated packages for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openssl-1.0.2k-x86_64-1_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openssl-solibs-1.0.2k-x86_64-1_slack14.2.txz Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.2k-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.2k-i586-1.txz Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.2k-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.2k-x86_64-1.txz MD5 signatures: +-------------+ Slackware 14.2 packages: 1d03d7f59dece41b97104cbe8341b812 openssl-1.0.2k-i586-1_slack14.2.txz c5e689d9ac1c1675c5059b8e7cd42594 openssl-solibs-1.0.2k-i586-1_slack14.2.txz Slackware x86_64 14.2 packages: 5e075d516ab7ccc1ef14f430e599bdef openssl-1.0.2k-x86_64-1_slack14.2.txz 110479b47a4208bcdb43fee59b9f06ca openssl-solibs-1.0.2k-x86_64-1_slack14.2.txz Slackware -current packages: 8eca7a113cf58688dc6203c4091fd0ac a/openssl-solibs-1.0.2k-i586-1.txz 1ee03441f6409e48dda42c006ae5a7ad n/openssl-1.0.2k-i586-1.txz Slackware x86_64 -current packages: 51ed87062d6898bd50705b2c2abc2c68 a/openssl-solibs-1.0.2k-x86_64-1.txz d9e56ff59fd7aa5791bf6809ccea0f92 n/openssl-1.0.2k-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the packages as root: # upgradepkg openssl-1.0.2k-i586-1_slack14.2.txz openssl-solibs-1.0.2k-i586-1_slack14.2.txz +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. Background ========== A fast, multi-threaded, multi-user SQL database server. https://creativecommons.org/licenses/by-sa/2.5 . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201702-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: OpenSSL: Multiple vulnerabilities Date: February 14, 2017 Bugs: #607318 ID: 201702-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in OpenSSL, the worst of which might allow attackers to access sensitive information. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-libs/openssl < 1.0.2k >= 1.0.2k Description =========== Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker is able to crash applications linked against OpenSSL or could obtain sensitive private-key information via an attack against the Diffie-Hellman (DH) ciphersuite. Workaround ========== There is no known workaround at this time. Resolution ========== All OpenSSL users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.2k" References ========== [ 1 ] CVE-2016-7055 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7055 [ 2 ] CVE-2017-3730 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3730 [ 3 ] CVE-2017-3731 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3731 [ 4 ] CVE-2017-3732 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3732 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201702-07 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2017 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 --6TxcaqolfH5V8d0tqHGgGlj1v2tmUA9I9-- . Description: This release adds the new Apache HTTP Server 2.4.29 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.23, and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes, enhancements and component upgrades included in this release. This release upgrades OpenSSL to version 1.0.2.n Security Fix(es): * openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec() (CVE-2016-2182) * openssl: Insufficient TLS session ticket HMAC length checks (CVE-2016-6302) * openssl: certificate message OOB reads (CVE-2016-6306) * openssl: Carry propagating bug in Montgomery multiplication (CVE-2016-7055) * openssl: Truncated packet could crash via OOB read (CVE-2017-3731) * openssl: BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732) * openssl: bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736) * openssl: Read/write after SSL object in error state (CVE-2017-3737) * openssl: rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738) Red Hat would like to thank the OpenSSL project for reporting CVE-2016-6306 and CVE-2016-7055. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/): 1367340 - CVE-2016-2182 openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec() 1369855 - CVE-2016-6302 openssl: Insufficient TLS session ticket HMAC length checks 1377594 - CVE-2016-6306 openssl: certificate message OOB reads 1393929 - CVE-2016-7055 openssl: Carry propagating bug in Montgomery multiplication 1416852 - CVE-2017-3731 openssl: Truncated packet could crash via OOB read 1416856 - CVE-2017-3732 openssl: BN_mod_exp may produce incorrect results on x86_64 1509169 - CVE-2017-3736 openssl: bn_sqrx8x_internal carry bug on x86_64 1523504 - CVE-2017-3737 openssl: Read/write after SSL object in error state 1523510 - CVE-2017-3738 openssl: rsaz_1024_mul_avx2 overflow bug on x86_64 6. JIRA issues fixed (https://issues.jboss.org/): JBCS-373 - Errata for httpd 2.4.29 GA RHEL 7 7. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: java-1.8.0-ibm security update Advisory ID: RHSA-2018:2568-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://access.redhat.com/errata/RHSA-2018:2568 Issue date: 2018-08-27 CVE Names: CVE-2016-0705 CVE-2017-3732 CVE-2017-3736 CVE-2018-1517 CVE-2018-1656 CVE-2018-2940 CVE-2018-2952 CVE-2018-2973 CVE-2018-12539 ===================================================================== 1. Summary: An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client Supplementary (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Supplementary (v. 7) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 7) - x86_64 3. Description: IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP20. Security Fix(es): * IBM JDK: privilege escalation via insufficiently restricted access to Attach API (CVE-2018-12539) * openssl: BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732) * openssl: bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736) * IBM JDK: DoS in the java.math component (CVE-2018-1517) * IBM JDK: path traversal flaw in the Diagnostic Tooling Framework (CVE-2018-1656) * Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (Libraries) (CVE-2018-2940) * OpenJDK: insufficient index validation in PatternSyntaxException getMessage() (Concurrency, 8199547) (CVE-2018-2952) * Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (JSSE) (CVE-2018-2973) * OpenSSL: Double-free in DSA code (CVE-2016-0705) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the OpenSSL project for reporting CVE-2016-0705. Upstream acknowledges Adam Langley (Google/BoringSSL) as the original reporter of CVE-2016-0705. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of IBM Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1310596 - CVE-2016-0705 OpenSSL: Double-free in DSA code 1416856 - CVE-2017-3732 openssl: BN_mod_exp may produce incorrect results on x86_64 1509169 - CVE-2017-3736 openssl: bn_sqrx8x_internal carry bug on x86_64 1600925 - CVE-2018-2952 OpenJDK: insufficient index validation in PatternSyntaxException getMessage() (Concurrency, 8199547) 1602145 - CVE-2018-2973 Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (JSSE) 1602146 - CVE-2018-2940 Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (Libraries) 1618767 - CVE-2018-12539 IBM JDK: privilege escalation via insufficiently restricted access to Attach API 1618869 - CVE-2018-1656 IBM JDK: path traversal flaw in the Diagnostic Tooling Framework 1618871 - CVE-2018-1517 IBM JDK: DoS in the java.math component 6. Package List: Red Hat Enterprise Linux Client Supplementary (v. 7): x86_64: java-1.8.0-ibm-1.8.0.5.20-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-demo-1.8.0.5.20-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-devel-1.8.0.5.20-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-plugin-1.8.0.5.20-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-src-1.8.0.5.20-1jpp.1.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Supplementary (v. 7): x86_64: java-1.8.0-ibm-1.8.0.5.20-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-demo-1.8.0.5.20-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-devel-1.8.0.5.20-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-src-1.8.0.5.20-1jpp.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 7): ppc64: java-1.8.0-ibm-1.8.0.5.20-1jpp.1.el7.ppc64.rpm java-1.8.0-ibm-demo-1.8.0.5.20-1jpp.1.el7.ppc64.rpm java-1.8.0-ibm-devel-1.8.0.5.20-1jpp.1.el7.ppc64.rpm java-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el7.ppc64.rpm java-1.8.0-ibm-plugin-1.8.0.5.20-1jpp.1.el7.ppc64.rpm java-1.8.0-ibm-src-1.8.0.5.20-1jpp.1.el7.ppc64.rpm ppc64le: java-1.8.0-ibm-1.8.0.5.20-1jpp.1.el7.ppc64le.rpm java-1.8.0-ibm-demo-1.8.0.5.20-1jpp.1.el7.ppc64le.rpm java-1.8.0-ibm-devel-1.8.0.5.20-1jpp.1.el7.ppc64le.rpm java-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el7.ppc64le.rpm java-1.8.0-ibm-src-1.8.0.5.20-1jpp.1.el7.ppc64le.rpm s390x: java-1.8.0-ibm-1.8.0.5.20-1jpp.1.el7.s390x.rpm java-1.8.0-ibm-demo-1.8.0.5.20-1jpp.1.el7.s390x.rpm java-1.8.0-ibm-devel-1.8.0.5.20-1jpp.1.el7.s390x.rpm java-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el7.s390x.rpm java-1.8.0-ibm-src-1.8.0.5.20-1jpp.1.el7.s390x.rpm x86_64: java-1.8.0-ibm-1.8.0.5.20-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-demo-1.8.0.5.20-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-devel-1.8.0.5.20-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-plugin-1.8.0.5.20-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-src-1.8.0.5.20-1jpp.1.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 7): x86_64: java-1.8.0-ibm-1.8.0.5.20-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-demo-1.8.0.5.20-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-devel-1.8.0.5.20-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-plugin-1.8.0.5.20-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-src-1.8.0.5.20-1jpp.1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-0705 https://access.redhat.com/security/cve/CVE-2017-3732 https://access.redhat.com/security/cve/CVE-2017-3736 https://access.redhat.com/security/cve/CVE-2018-1517 https://access.redhat.com/security/cve/CVE-2018-1656 https://access.redhat.com/security/cve/CVE-2018-2940 https://access.redhat.com/security/cve/CVE-2018-2952 https://access.redhat.com/security/cve/CVE-2018-2973 https://access.redhat.com/security/cve/CVE-2018-12539 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBW4QI1dzjgjWX9erEAQgiBRAApZ4yMTz6VaYwLOqGPcoQdZzEkg64CARM k1LrzpzgD6tRbaKya/LqvJvIhQlJ4LWs0AAlOM0VNrwdx8ntZ4lGHURqSM1Y14L/ TScLgA22CTbL4u+8BEOrsNCcjnp+5YALbfPv1DCdYvbRwi1J503w4ccwBfttb+1/ EaYh7nrWooa6R6qlkopmk1zprZGCgv3azYOqphcnrooeCC3ZqcBEWZNo/H1TnxWv kXfgxmZS3Rq5399umMOuWh2HDme2tO1OWTdY1+REfZh0Ex5v1rqYm/s+8d2FrEWm Oqk5Azstjt/l5OZfVg/WJd/iy1ob2m5yRUp5mhLFfkctIN/stxqbqLzO17dimdEn mhBwG/IkaGkMqQgEEZ65SXNyS+kW7hS8P4F0BuzmHIfaO3ALpCWOczyyiKHPHMng ZPYeV+roqRVeZ7TY8dfcUOh3eOKivfQBL921x4YdciCgPxBR7eRx8/aw8QL7VFot CRFMkS36Q2YqgfP9XH06AZdUEVJp/dpB1/f+EtR8e6YDdHSSgJvoV9pP0S2DhWnA o5V5efe12Jv3MQgiy5n0Ws4/mhcxthZSTcdBKQfyTsfqngCr1TTnGotN9GI1B0qe XX7pry5RkLnq/l/0T4d6JJceMnK5n/DebajHM+4B1rWQZS+4KUPDN5rYuo4OkI6L KZ2NcbK0Lfw= =5oM3 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 6) - i386, x86_64 3. =========================================================================== Ubuntu Security Notice USN-3181-1 January 31, 2017 openssl vulnerabilities =========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.10 - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: Several security issues were fixed in OpenSSL. Software Description: - openssl: Secure Socket Layer (SSL) cryptographic library and tools Details: Guido Vranken discovered that OpenSSL used undefined behaviour when performing pointer arithmetic. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS as other releases were fixed in a previous security update. (CVE-2016-2177) It was discovered that OpenSSL did not properly handle Montgomery multiplication, resulting in incorrect results leading to transient failures. This issue only applied to Ubuntu 16.04 LTS, and Ubuntu 16.10. (CVE-2016-7055) It was discovered that OpenSSL did not properly use constant-time operations when performing ECDSA P-256 signing. A remote attacker could possibly use this issue to perform a timing attack and recover private ECDSA keys. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-7056) Shi Lei discovered that OpenSSL incorrectly handled certain warning alerts. A remote attacker could possibly use this issue to cause OpenSSL to stop responding, resulting in a denial of service. (CVE-2016-8610) Robert =C5=9Awi=C4=99cki discovered that OpenSSL incorrectly handled certain truncated packets. While unlikely, a remote attacker could possibly use this issue to recover private keys. This issue only applied to Ubuntu 16.04 LTS, and Ubuntu 16.10. (CVE-2017-3732) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.10: libssl1.0.0 1.0.2g-1ubuntu9.1 Ubuntu 16.04 LTS: libssl1.0.0 1.0.2g-1ubuntu4.6 Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.22 Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.39 After a standard system update you need to reboot your computer to make all the necessary changes. OpenSSL Security Advisory [26 Jan 2017] ======================================== Truncated packet could crash via OOB read (CVE-2017-3731) ========================================================= Severity: Moderate If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305; users should upgrade to 1.1.0d For Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have not disabled that algorithm should update to 1.0.2k This issue was reported to OpenSSL on 13th November 2016 by Robert Święcki of Google. The fix was developed by Andy Polyakov of the OpenSSL development team. Bad (EC)DHE parameters cause a client crash (CVE-2017-3730) =========================================================== Severity: Moderate If a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be exploited in a Denial of Service attack. This means the git commit with the fix does not contain the CVE identifier. The relevant fix commit can be identified by commit hash efbe126e3. This issue was reported to OpenSSL on 14th January 2017 by Guido Vranken. The fix was developed by Matt Caswell of the OpenSSL development team. UPDATE 31 Jan 2017. This is not true. OpenSSL 1.1.0 users should upgrade to 1.1.0d OpenSSL 1.0.2 users should upgrade to 1.0.2k This issue was reported to OpenSSL on 15th January 2017 by the OSS-Fuzz project. The fix was developed by Andy Polyakov of the OpenSSL development team. Montgomery multiplication may produce incorrect results (CVE-2016-7055) ======================================================================= Severity: Low This issue was previously fixed in 1.1.0c and covered in security advisory https://www.openssl.org/news/secadv/20161110.txt OpenSSL 1.0.2 users should upgrade to 1.0.2k Note ==== Support for version 1.0.1 ended on 31st December 2016. Support for versions 0.9.8 and 1.0.0 ended on 31st December 2015. Those versions are no longer receiving security updates. References ========== URL for this Security Advisory: https://www.openssl.org/news/secadv/20170126.txt Note: the online version of the advisory may be updated with additional details over time. For details of OpenSSL severity classifications please see: https://www.openssl.org/policies/secpolicy.html . OpenSSL Security Advisory [07 Dec 2017] ======================================== Read/write after SSL object in error state (CVE-2017-3737) ========================================================== Severity: Moderate OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error. This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation). Due to the low severity of this issue we are not issuing a new release of OpenSSL 1.1.0 at this time. The issue was originally found via the OSS-Fuzz project

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

network

TYPE

Design Error

CONFIGURATIONS

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

OSS-Fuzz project

SOURCES

LAST UPDATE DATE

2024-11-06T21:28:41.525000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE