ID

VAR-202302-0195

CVE

CVE-2022-4450

TITLE

OpenSSL  Double release vulnerability in

DESCRIPTION

The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data. If the function succeeds then the "name_out", "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service attack. The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and therefore these functions are also directly affected. These functions are also called indirectly by a number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These locations include the PEM_read_bio_TYPE() functions as well as the decoders introduced in OpenSSL 3.0. The OpenSSL asn1parse command line application is also impacted by this issue. OpenSSL has payload data 0 become a part-time worker PEM When creating a file, PEM_read_bio_ex() A double free vulnerability exists because when returns a failure code, it introduces a pointer to an already freed buffer into the header argument.Malicious by attacker PEM Denial of service by providing files ( crash ) It may be in a state. ========================================================================== Ubuntu Security Notice USN-5844-1 February 07, 2023 openssl vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Several security issues were fixed in OpenSSL. Software Description: - openssl: Secure Socket Layer (SSL) cryptographic library and tools Details: David Benjamin discovered that OpenSSL incorrectly handled X.400 address processing. A remote attacker could possibly use this issue to read arbitrary memory contents or cause OpenSSL to crash, resulting in a denial of service. (CVE-2023-0286) Corey Bonnell discovered that OpenSSL incorrectly handled X.509 certificate verification. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS and Ubuntu 22.10. (CVE-2022-4203) Hubert Kario discovered that OpenSSL had a timing based side channel in the OpenSSL RSA Decryption implementation. A remote attacker could possibly use this issue to recover sensitive information. (CVE-2022-4304) Dawei Wang discovered that OpenSSL incorrectly handled parsing certain PEM data. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2022-4450) Octavio Galland and Marcel Böhme discovered that OpenSSL incorrectly handled streaming ASN.1 data. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2023-0215) Marc Schönefeld discovered that OpenSSL incorrectly handled malformed PKCS7 data. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS and Ubuntu 22.10. (CVE-2023-0216) Kurt Roeckx discovered that OpenSSL incorrectly handled validating certain DSA public keys. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS and Ubuntu 22.10. (CVE-2023-0217) Hubert Kario and Dmitry Belyavsky discovered that OpenSSL incorrectly validated certain signatures. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS and Ubuntu 22.10. (CVE-2023-0401) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.10: libssl3 3.0.5-2ubuntu2.1 Ubuntu 22.04 LTS: libssl3 3.0.2-0ubuntu1.8 Ubuntu 20.04 LTS: libssl1.1 1.1.1f-1ubuntu2.17 Ubuntu 18.04 LTS: libssl1.1 1.1.1-1ubuntu2.1~18.04.21 After a standard system update you need to reboot your computer to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5844-1 CVE-2022-4203, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0216, CVE-2023-0217, CVE-2023-0286, CVE-2023-0401 Package Information: https://launchpad.net/ubuntu/+source/openssl/3.0.5-2ubuntu2.1 https://launchpad.net/ubuntu/+source/openssl/3.0.2-0ubuntu1.8 https://launchpad.net/ubuntu/+source/openssl/1.1.1f-1ubuntu2.17 https://launchpad.net/ubuntu/+source/openssl/1.1.1-1ubuntu2.1~18.04.21 . This advisory contains OpenShift Virtualization 4.11.6 images. Bug Fix(es): * Requested TSC frequency outside tolerance range & TSC scaling not supported (BZ#2151169) * User cannot get resource "virtualmachineinstances/portforward" in API group "subresources.kubevirt.io" (BZ#2160673) * 4.11.4 containers (BZ#2173835) * VMI with x86_Icelake fail when mpx feature is missing (BZ#2218193) 3. Bugs fixed (https://bugzilla.redhat.com/): 2151169 - Requested TSC frequency outside tolerance range & TSC scaling not supported 2160673 - User cannot get resource "virtualmachineinstances/portforward" in API group "subresources.kubevirt.io" 2173835 - 4.11.4 containers 2212085 - CVE-2023-3089 openshift: OCP & FIPS mode 2218193 - VMI with x86_Icelake fail when mpx feature is missing 5. Bugs fixed (https://bugzilla.redhat.com/): 2161274 - CVE-2022-41717 golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests 5. Description: Security Fix(es) * CVE-2023-29017 vm2: Sandbox Escape * CVE-2023-29199 vm2: Sandbox Escape * CVE-2023-30547 vm2: Sandbox Escape when exception sanitization 3. See https://access.redhat.com/solutions/7007647 for instructions on how to apply this hotfix, as well as for information about when the hotfix has been superseded by a permanent fix and should be removed. Important: This hotfix is a temporary fix that will be supported until 30 days after the date when the next patch release of the product is released. After the 30-day period ends, you must either update to the latest patch release and remove this hotfix to continue receiving security updates and maintain support or upgrade to a newer feature release of the product. Bugs fixed (https://bugzilla.redhat.com/): 2185374 - CVE-2023-29017 vm2: sandbox escape 2187409 - CVE-2023-29199 vm2: Sandbox Escape 2187608 - CVE-2023-30547 vm2: Sandbox Escape when exception sanitization 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: openssl security update Advisory ID: RHSA-2023:1405-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:1405 Issue date: 2023-03-22 CVE Names: CVE-2022-4304 CVE-2022-4450 CVE-2023-0215 CVE-2023-0286 ===================================================================== 1. Summary: An update for openssl is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Security Fix(es): * openssl: X.400 address type confusion in X.509 GeneralName (CVE-2023-0286) * openssl: timing attack in RSA Decryption implementation (CVE-2022-4304) * openssl: double free after calling PEM_read_bio_ex (CVE-2022-4450) * openssl: use-after-free following BIO_new_NDEF (CVE-2023-0215) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. 5. Package List: Red Hat Enterprise Linux BaseOS (v. 8): Source: openssl-1.1.1k-9.el8_7.src.rpm aarch64: openssl-1.1.1k-9.el8_7.aarch64.rpm openssl-debuginfo-1.1.1k-9.el8_7.aarch64.rpm openssl-debugsource-1.1.1k-9.el8_7.aarch64.rpm openssl-devel-1.1.1k-9.el8_7.aarch64.rpm openssl-libs-1.1.1k-9.el8_7.aarch64.rpm openssl-libs-debuginfo-1.1.1k-9.el8_7.aarch64.rpm openssl-perl-1.1.1k-9.el8_7.aarch64.rpm ppc64le: openssl-1.1.1k-9.el8_7.ppc64le.rpm openssl-debuginfo-1.1.1k-9.el8_7.ppc64le.rpm openssl-debugsource-1.1.1k-9.el8_7.ppc64le.rpm openssl-devel-1.1.1k-9.el8_7.ppc64le.rpm openssl-libs-1.1.1k-9.el8_7.ppc64le.rpm openssl-libs-debuginfo-1.1.1k-9.el8_7.ppc64le.rpm openssl-perl-1.1.1k-9.el8_7.ppc64le.rpm s390x: openssl-1.1.1k-9.el8_7.s390x.rpm openssl-debuginfo-1.1.1k-9.el8_7.s390x.rpm openssl-debugsource-1.1.1k-9.el8_7.s390x.rpm openssl-devel-1.1.1k-9.el8_7.s390x.rpm openssl-libs-1.1.1k-9.el8_7.s390x.rpm openssl-libs-debuginfo-1.1.1k-9.el8_7.s390x.rpm openssl-perl-1.1.1k-9.el8_7.s390x.rpm x86_64: openssl-1.1.1k-9.el8_7.x86_64.rpm openssl-debuginfo-1.1.1k-9.el8_7.i686.rpm openssl-debuginfo-1.1.1k-9.el8_7.x86_64.rpm openssl-debugsource-1.1.1k-9.el8_7.i686.rpm openssl-debugsource-1.1.1k-9.el8_7.x86_64.rpm openssl-devel-1.1.1k-9.el8_7.i686.rpm openssl-devel-1.1.1k-9.el8_7.x86_64.rpm openssl-libs-1.1.1k-9.el8_7.i686.rpm openssl-libs-1.1.1k-9.el8_7.x86_64.rpm openssl-libs-debuginfo-1.1.1k-9.el8_7.i686.rpm openssl-libs-debuginfo-1.1.1k-9.el8_7.x86_64.rpm openssl-perl-1.1.1k-9.el8_7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZBxe+dzjgjWX9erEAQh31xAAjBvbabbNmffgkC9ZxiOaOr2NJ1g4tgd8 FDNwQp6+K8Qp7JlFw4GNKN9UbDkOKxfzAdjwyeYiO+d17g8O0aFWWfUSlfKjgZPF OCyBTbpuJFrAQiOjID2SyAnWRku6KoQvSvzh7elJT+25qsTNLbk+3a3EBghSsN3p GognFsBAkX9R+2gRoaDKhKOCrqAs1vb19SYbM7SCxd9GjhLKCeKzpElgYEKUhoLt GBfJRA/C5Pnbn1DLvQY2CCxfAVIReXCRGHBM/3RsCKHTfACYDDbjUTlPSWpZzfsL g2b8PPPsEG5Yg2TPR4yOjbKT1TeSPMCQnRX19eu9az+CuvOv8QOfTYIIqxJ2niKT WqJVHTe3mc2+s6rUfGv0TIk1FxXj8sOanLVXyzyzIIBd8Z40DbPa4Lckg3IJM92A GPIGvm+4MlZm74SFAZmcI5XqJ3tNu4IaVt8vJFEVMioJl797/q6sZArgVMa9WIvT 2Cc5N6P3eR2wggBy0ImZTGP2szCYxzfVHJCP/5ArvOSJLTHGVVU5vdoFEzTye2i/ Ff7g/jeLjKVX0Pke26J2Vt2vQ/dgSatIZ0JwYjS/1lTiRWtg034pm7kyZrIKEkX9 YLalEbV/bGaB8mCkY+JkvPypMqEapbyLUw5/UbFYDKZErJh+YbfqEEDM0xAkyiKo DxAoeBXV9B4= =qsre -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Description: Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. JIRA issues fixed (https://issues.redhat.com/): JWS-2933 - Update openssl from JBCS to versions from 2.4.51-SP2 6. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. Summary: The Migration Toolkit for Containers (MTC) 1.7.10 is now available. Description: The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Bugs fixed (https://bugzilla.redhat.com/): 2184481 - CVE-2023-24538 golang: html/template: backticks not treated as string delimiters 2184482 - CVE-2023-24536 golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption 2184483 - CVE-2023-24534 golang: net/http, net/textproto: denial of service from excessive memory allocation 2184484 - CVE-2023-24537 golang: go/parser: Infinite loop in parsing 2196027 - CVE-2023-24540 golang: html/template: improper handling of JavaScript whitespace 2204461 - Adjust rsync options in DVM 2210565 - Direct migration completes with warnings, failing on DVM phase 2212528 - Rsync pod fails due to error in starting client-server protocol (code 5) 5

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

arbitrary

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Red Hat

SOURCES

LAST UPDATE DATE

2025-02-09T22:25:48.085000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE