-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2015.2193
                     OpenSSL and SSLv3 vulnerabilities
                              21 August 2015

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           OpenSSL
Publisher:         NetBSD
Operating System:  NetBSD
Impact/Access:     Access Privileged Data         -- Remote/Unauthenticated
                   Denial of Service              -- Remote/Unauthenticated
                   Provide Misleading Information -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2015-4000 CVE-2015-1793 CVE-2015-1792
                   CVE-2015-1791 CVE-2015-1790 CVE-2015-1789
                   CVE-2015-1788 CVE-2015-0293 CVE-2015-0292
                   CVE-2015-0289 CVE-2015-0288 CVE-2015-0287
                   CVE-2015-0286 CVE-2015-0209 CVE-2015-0204
                   CVE-2014-8176  

Reference:         ASB-2015.0072
                   ASB-2015.0070
                   ASB-2015.0066
                   ASB-2015.0065
                   ASB-2015.0044
                   ASB-2015.0035
                   ASB-2015.0031
                   ASB-2015.0027
                   ESB-2015.2170
                   ESB-2015.2055
                   ESB-2015.1903
                   ESB-2015.1772

Original Bulletin: 
   http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2015-007.txt.asc
   http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc

Comment: This bulletin contains two (2) NetBSD security advisories.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

		NetBSD Security Advisory 2015-007
		=================================

Topic:		OpenSSL and SSLv3 vulnerabilities


Version:	NetBSD-current:		source prior to Mar 19th
		NetBSD 6.1 - 6.1.5:	affected
		NetBSD 6.0 - 6.0.6:	affected
		NetBSD 5.1 - 5.1.4:	affected
		NetBSD 5.2 - 5.2.2:	affected
		pkgsrc:			affected

Severity:	remote DoS, confidentiality compromise

Fixed:		NetBSD-current:		Mar 20th, 2015
		NetBSD-7 branch:	Mar 20th, 2015
		NetBSD-6-0 branch:	Mar 20th, 2015
		NetBSD-6-1 branch:	Mar 20th, 2015
		NetBSD-6 branch:	Mar 20th, 2015
		NetBSD-5-2 branch:	Mar 20th, 2015
		NetBSD-5-1 branch:	Mar 20th, 2015
		NetBSD-5 branch:	Mar 20th, 2015
		pkgsrc:			openssl-1.0.2a corrects this issue

Teeny versions released later than the fix date will contain the fix.

Please note that NetBSD releases prior to 5.1 are no longer supported.
It is recommended that all users upgrade to a supported release.


Abstract
========

This advisory covers the OpenSSL Security Advisory of Mar 19th, 2015
which lists eight different vulnerabilities that affect NetBSD releases:

RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204) (reclassified)
Segmentation fault in ASN1_TYPE_cmp (CVE-2015-0286)
ASN.1 structure reuse memory corruption (CVE-2015-0287)
PKCS7 NULL pointer dereferences (CVE-2015-0289)
Base64 decode (CVE-2015-0292) (fixed in January without advisory)
DoS via reachable assert in SSLv2 servers (CVE-2015-0293)
Use After Free following d2i_ECPrivatekey error (CVE-2015-0209)
X509_to_X509_REQ NULL pointer deref (CVE-2015-0288)


Technical Details
=================

See: https://www.openssl.org/news/secadv/20150319.txt


Solutions and Workarounds
=========================

Workarounds (partial) : the MiTM weakening of chosen encryption
will not work if the server does not allow weak encryption;
this is usually configurable on the server side.
This will incidentally also protect against CVE-2015-0293.

Solution:
Update the OpenSSL libraries and restart all affected services.

If you are on NetBSD 6.x or newer:
Please note that the versions below represent fixes of the vulnerabilities
against OpenSSL 1.0.1k; in the meantime the rest of OpenSSL 1.0.1m
has been applied, and we would suggest updating to that.

If you are using NetBSD 5.x:
Please be aware that while the crypto library from the OpenSSL in
NetBSD 5.x is still ok, that is not true for the ssl library.
The ssl library supports as newest and safest protocol TLS 1.0,
and that is no longer considered good enough. At the same time
we cannot just update OpenSSL on that branch to a newer version
since all available newer ones are incompatible.
Thus we would advise you to use OpenSSL from pkgsrc for all uses
where you actually want secure SSL connections.
Programs in base that use libssl are: amd, pkgtools, postfix,
hostapd, wpa_supplicant, httpd and the ldap client.
In cases where you use the encrypted communications feature of
these programs across an untrusted medium, using replacements
from pkgsrc is recommended as well.


- - From source:
+-----------
Update src and rebuild and install.

Changed files:
relative to src/crypto/external/bsd/openssl/dist:
File				HEAD	netbsd-7
+ + + + + + + + + + + + + + + + + + + + + + + + + + +
crypto/asn1/a_type.c		1.2	1.1.1.1.26.2
crypto/asn1/tasn_dec.c		1.2	1.1.1.2.22.2
crypto/pkcs7/pk7_doit.c		1.2	1.1.1.5.2.1
crypto/pkcs7/pk7_lib.c		1.2	1.1.1.2.22.1
doc/crypto/d2i_X509.pod		1.2	1.1.1.2.26.1
ssl/s2_lib.c			1.3	1.1.1.2.2.2
ssl/s2_srvr.c			1.2	1.1.1.4.10.2

File				netbsd-6	netbsd-6-1	netbsd-6-0
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
crypto/asn1/a_type.c		1.1.1.1.8.2	1.1.1.1.22.2	1.1.1.1.14.2
crypto/asn1/tasn_dec.c		1.1.1.2.4.2	1.1.1.2.18.2	1.1.1.2.10.2
crypto/pkcs7/pk7_doit.c		1.1.1.3.4.3	1.1.1.3.4.1.6.2	1.1.1.3.4.1.4.2
crypto/pkcs7/pk7_lib.c		1.1.1.2.4.1	1.1.1.2.18.1	1.1.1.2.10.1
doc/crypto/d2i_X509.pod		1.1.1.2.8.1	1.1.1.2.22.1	1.1.1.2.14.1
ssl/s2_lib.c			1.1.1.1.8.3	1.1.1.1.22.3	1.1.1.1.14.3
ssl/s2_srvr.c			1.1.1.3.4.3	1.1.1.3.12.3	1.1.1.3.10.3

relative to src/crypto/dist/openssl:
File				netbsd-5	netbsd-5-2	netbsd-5-1
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
crypto/asn1/a_type.c		1.1.1.7.4.2	1.1.1.7.2.2	1.1.1.7.12.2
crypto/asn1/tasn_dec.c		1.8.4.3		1.8.4.1.10.2	1.8.4.1.6.2
crypto/pkcs7/pk7_doit.c		1.6.4.1		1.6.2.1		1.6.12.1
crypto/pkcs7/pk7_lib.c		1.1.1.8.4.1	1.1.1.8.2.1	1.1.1.8.12.1
doc/crypto/d2i_X509.pod		1.1.1.2.26.1	1.1.1.2.38.1	1.1.1.2.34.1
ssl/s2_lib.c			1.12.4.2	1.12.2.2	1.12.12.2
ssl/s2_srvr.c			1.9.4.3		1.9.4.1.10.2	1.9.4.1.6.2


- - From tarballs:
+-------------
To obtain fixed binaries, fetch the appropriate base.tgz and comp.tgz
from a daily build later than the fix dates, from
http://nyftp.netbsd.org/pub/NetBSD-daily/<rel>/<date>/<arch>/binary/sets/
with a date later than the fix date for your branch as listed above,
and your release version and architecture
(e.g. http://nyftp.netbsd.org/pub/NetBSD-daily/netbsd-6-1/201503XXXX00Z/amd64/binary/sets/),
and then extract the files:

Shared libraries:

tar xzpf base.tgz \*libssl\* \*libcrypto\*

And static libraries and linker config files:

tar xzpf comp.tgz \*libssl\* \*libcrypto\*

Get the fixed library into use
+-----------------------------
Since the vulnerability is in a shared library, getting the old
library purged and the fixed one into use requires restarting
all programs that load libssl.
The easiest way to do this is to reboot the system.

Another method, using /bin/sh:

ps ax -o pid | (while read pid; do \
        pmap $pid | egrep '(libssl|libcrypto)' && echo found $pid ;\
done)

will find non-chrooted programs that have the affected libraries open;
you'll need to restart them.
sshd, ntp and named may not show up in this list since they may
run chrooted and re-exec'ed but they also would need to be restarted.
ldd <programname> will show the shared libraries a program will
want to use.


Thanks To
=========

Thanks to the OpenSSL development team for the advisory and fixes,
Karthikeyan Bhargavan of the PROSECCO team at INRIA for reporting
	CVE-2015-0204,
Emilia Käsper for reporting CVE-2015-0287,
Michal Zalewski (Google) for reporting CVE-2015-0289,
Robert Dugal and David Ramos for independently reporting CVE-2015-0292,
Sean Burford (Google) and Emilia Käsper (OpenSSL development team)
	for reporting CVE-2015-0293,
the BoringSSL project for detecting CVE-2015-0209,
and Brian Carpenter for reporting CVE-2015-0288.


Revision History
================

	2015-08-19	Initial release


More Information
================

Advisories may be updated as new information becomes available.
The most recent version of this advisory (PGP signed) can be found at 
  http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2015-007.txt.asc

Information about NetBSD and NetBSD security can be found at
http://www.NetBSD.org/ and http://www.NetBSD.org/Security/ .


Copyright 2015, The NetBSD Foundation, Inc.  All Rights Reserved.
Redistribution permitted only in full, unmodified form.

$NetBSD: NetBSD-SA2015-007.txt,v 1.1 2015/08/19 18:15:33 tonnerre Exp $

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJV1NnMAAoJEAZJc6xMSnBuM3QQAKuY5xLMlHt/lmK4bhRPzasf
rFlXtOeoUK1rAvbtxfFWSIVIT/PGmx8LZN5gS7I6oQnUdY6T8lle0us47f3LuU00
asHocE4+7FsY0qo/AwEZ0iiTHnf7obV3D6CXFWOhuUaKa1VL8JaiB5YjYVfuGqff
IcrhAKydj+zSkBm9U5zQq1EliWf0DZ2mlu1sZQiRTk2eBaOqNtVlKb9N/W3oPAKi
YWOoHjKfuiORRfnwhVRQGRZLJYJWug+hsvpGpM6lnLAh8gBejzlekaRGp0D2AUu8
e4THLzm9bBOTrLP9SZI9LHytQMPwtOLTryu1lsnQ/ei5jDSC+MARLsYdBSgmv8BQ
V8E29brDpyHHiLQU1VAMqSBUSUxzU20gz8eflpcS99urpVpIxmQ0JfSFjBPYHoOk
TAA3zCzI0eYDRYskaTRZMor2GUJ23oNGFoKQzxrMVpDnYstyFLBsHMxZ09irJHLz
V3nPoun6JTGmhacegXKmP3j3UEn76zwkWpV41r7Ln1cerq+vd8Vdlh3Hsq+VFgmM
xopjvChRFwD9YAn8vCF+/HJs/+1AuA4irsy0pzajNqI2oCgrGnWlwYZBEuZoVour
xMFYwaWgnHeMZgnDSZ3S1PFUwWkV1RdEBwLQhaUKAVjhagVC0yaOv8tI3fXh1iPe
fWpt/tcI7AXBp/Os/z4F
=yvyo
- -----END PGP SIGNATURE-----
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

		NetBSD Security Advisory 2015-008
		=================================

Topic:		OpenSSL and TLS protocol vulnerabilities


Version:	NetBSD-current:		source prior to July 7th
		NetBSD 6.1 - 6.1.5:	affected
		NetBSD 6.0 - 6.0.6:	affected
		NetBSD 5.1 - 5.1.4:	affected
		NetBSD 5.2 - 5.2.2:	affected
		pkgsrc:			affected

Severity:	remote DoS, confidentiality compromise

Fixed:		NetBSD-current:		Jul 7th, 2015
		NetBSD-7 branch:	Jul 11th, 2015
		NetBSD-6-0 branch:	Jul 12th, 2015
		NetBSD-6-1 branch:	Jul 12th, 2015
		NetBSD-6 branch:	Jul 12th, 2015
		NetBSD-5-2 branch:	Aug 14th, 2015
		NetBSD-5-1 branch:	Aug 14th, 2015
		NetBSD-5 branch:	Aug 14th, 2015
		pkgsrc:			openssl-1.0.2d corrects these issues

Teeny versions released later than the fix date will contain the fix.

Please note that NetBSD releases prior to 5.1 are no longer supported.
It is recommended that all users upgrade to a supported release.


Abstract
========

This advisory covers the OpenSSL Security Advisory of June 11th, 2015
which lists seven different vulnerabilities that affect NetBSD releases;
also, the OpenSSL Security Advisory of July 9th, 2015 with one vulnerability
that affected only NetBSD-current:

DHE man-in-the-middle protection (Logjam, CVE-2015-4000)
Malformed ECParameters causes infinite loop (CVE-2015-1788)
Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789)
PKCS7 crash with missing EnvelopedContent (CVE-2015-1790)
CMS verify infinite loop with unknown hash function (CVE-2015-1792)
Race condition handling NewSessionTicket (CVE-2015-1791)
Invalid free in DTLS (CVE-2014-8176)

and
Alternative chains certificate forgery (CVE-2015-1793)

Also, in NetBSD 5 a regression was introduced October 19th last year
concerning the SSL server code.


Technical Details
=================

See https://www.openssl.org/news/secadv/20150611.txt
and https://www.openssl.org/news/secadv/20150709.txt

The regression in NetBSD 5.* was due to a faulty application
of the POODLE mitigation code, and made the SSL server fail
the client handshake request, with the exception of SSLv3
and TLS1 handshakes where RC4_MD5 was an acceptable cipher,
which would then be the cipher getting used.
In summary this caused a comparably weak cipher to be used
if the connection succeeded as all.

Fixing this problem provides only limited help, though:
Please be aware that while the crypto library from the OpenSSL in
NetBSD 5.x is still ok, that is not true for the ssl library. 
The ssl library supports as newest and safest protocol TLS 1.0,
and that is no longer considered good enough. At the same time
we cannot just update OpenSSL on that branch to a newer version
since all available newer ones are incompatible.


Solutions and Workarounds
=========================

Solution:
Update the OpenSSL libraries and restart all affected services.

Users of NetBSD 5.*:
Please consider using OpenSSL from pkgsrc for all uses where you
actually want secure SSL connections.
Programs in that use libssl are: amd, pkgtools, postfix, hostapd,
wpa_supplicant, httpd and the ldap client.
In cases where you use the encrypted communications feature of
these programs across an untrusted medium, using replacements
from pkgsrc is recommended as well.


- - From source:
+-----------
Update src and rebuild and install.

For NetBSD-6*, NetBSD-7* and NetBSD-current:
cvs update -dP -r <branch> crypto/external/bsd/openssl

- - From tarballs:
+-------------
To obtain fixed binaries, fetch the appropriate base.tgz and comp.tgz
from a daily build later than the fix dates, from
http://nyftp.netbsd.org/pub/NetBSD-daily/<rel>/<date>/<arch>/binary/sets/
with a date later than the fix date for your branch as listed above,
and your release version and architecture
(e.g. http://nyftp.netbsd.org/pub/NetBSD-daily/netbsd-6-1/201503XXXX00Z/amd64/binary/sets/),
and then extract the files:

Shared libraries:

tar xzpf base.tgz \*libssl\* \*libcrypto\*

And static libraries and linker config files:

tar xzpf comp.tgz \*libssl\* \*libcrypto\*

Get the fixed library into use
+-----------------------------
Since the vulnerability is in a shared library, getting the old
library purged and the fixed one into use requires restarting
all programs that load libssl.
The easiest way to do this is to reboot the system.

Another method, using /bin/sh:

ps ax -o pid | (while read pid; do \
        pmap $pid | egrep '(libssl|libcrypto)' && echo found $pid ;\
done)

will find non-chrooted programs that have the affected libraries open;
you'll need to restart them.
sshd, ntp and named may not show up in this list since they may
run chrooted and re-exec'ed but they also would need to be restarted.
ldd <programname> will show the shared libraries a program will
want to use.


Thanks To
=========

Thanks to the OpenSSL development team for the advisory and fixes.
OpenSSL also credits:
Joseph Birr-Pixton for reporting CVE-2015-1788
Robert Swiecki (Google) and Hanno Böck for reporting CVE-2015-1789
Michal Zalewski (Google) for reporting CVE-2015-1790
Johannes Bauer for reporting CVE-2015-1792
Praveen Kariyanahalli, Ivan Fratric (Google) and Felix Groebert (Google)
	for reporting CVE-2014-8176
Adam Langley (Google/BoringSSL), David Benjamin (Google/BoringSSL) for
	reporting CVE-2015-1793

Revision History
================

	2015-08-19	Initial release


More Information
================

Advisories may be updated as new information becomes available.
The most recent version of this advisory (PGP signed) can be found at 
  http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc

Information about NetBSD and NetBSD security can be found at
http://www.NetBSD.org/ and http://www.NetBSD.org/Security/ .


Copyright 2015, The NetBSD Foundation, Inc.  All Rights Reserved.
Redistribution permitted only in full, unmodified form.

$NetBSD: NetBSD-SA2015-008.txt,v 1.1 2015/08/19 18:15:33 tonnerre Exp $

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJV1NmoAAoJEAZJc6xMSnBuZ9YP/jnYE8sOgl5xRlZ+VkDdKwOX
qNlbU9yJHV2rDX3OV35jiR7dkcbF0itg9ZCqIEi+v3Shnv9WwEHE4y5miPUwb6fp
tPL77MIvPx0J3fshVQYgg27jMJWekQZLGSxC4wO2iYKWxKlZsVjsoiTtosJw9Toe
kPh7VVjK5u2I/DfISSHuzm6pLMkuudZxm5DuUN3KcQnvd6i4MPPlEEo1D8nT39hr
bSycxfRHk0wKxI/Yw5RmNprgjM2BQUig89abvFd+7RqnXE3rRiAM86g64L4LmcxH
o1IoSzGqWJ8gaqVcZqJLEt7Za4oe0O8cD108m5BaftHmOTUNA4ecVABtyJyRqDxs
jv03MCVZm1CH9qIG8mMKb+N+f4xHyLNzD8XwrMFBrUl2WSh8n+6RSK1r4XVMIW2+
YJb1z6/GHp7LId5Fv2fDrLGLEY0TVP9ts5tNOEqCkzozPe4zuWI4PeowXFqqdBnq
BBiP0uKz/uGFS9XoRO/a28EuOgMrzZhegzsvraZBzXyDiPrGH2B21aysWci5W/nG
mqcnTHUnQRtWnKBfJQj9hy9Zqm+O6ZyRe/Q9jwgStpMHksxbJETl49dX2TqOMBG7
M/hqpz10ddUO/0PEOeDiDLK/eH7qQrTdY03zB2z/iB6DNqBqzziRsvTGYIIoI3MF
JUFxcYt5UFrwsjQpDtks
=O68Q
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBVdaVlH6ZAP0PgtI9AQJrXQ/+IYP0RNVaTXkG4Le74Lf6lR7XiPLUo6bt
MVznAjw/ArvHKIWm0UKg3XNkLLcTm5PIDOjqdBeQwubx+HZn9P97wqzYdRnZ2xkn
eeNSwA57xaf2LUH0QgrYlcW0G7gkKBzkr7mWM+dYguFSDTDQDNPgy5vZ5yhH7XEk
wNEHXUMm26Q/qVhpKYZBK6IDgj8r1o4Ku+daJw2HLk0QhmVQnT4CSS6I5y5ipTZk
DAeNgYixk1CIBtag/vMgByXy6sS7l8G5TW566tMe041nuEe72bnC7fiHEjMp8kU1
I9qgrWrkTIQd7DFc+eRQKyyqz9hriXo46ts+nM69KX38WwP67H2D751NeDjfQ6Z+
Auo2hpDIfPUCKC9ejChkCgirzf0+UKojNU3J86AwQ/Ah86Hw6WGrOKwrNpXnsQrp
n6f9w7Mc3abbBUAYm8If2TJUTuy9XF8nKNgQs6BjADoPlOkagGwghA6P0RXQFvs+
NzWZTZN/8jYyml8OdhpVu7+b9YtBCPVhbrH+nLjLDKyx3TwvehroqiABgUOVN0c4
Y6r4DiBbna4M5yP1tmk3xk7iBrp7a7X5kCsLkZ/WjNkkIY58ZGWUnMf9aI3ZyGnE
m3CGE0D+6pRvjjuAvt7nUpm5uvMMSJgG0b9/HxNIGMF4+xONCgUJXGOnOq5E5ZyL
lw5N71yZMP0=
=MqLW
-----END PGP SIGNATURE-----