Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2015.3042
OpenSSL Security Advisory [3 Dec 2015]
7 December 2015
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: OpenSSL
Publisher: OpenSSL
Operating System: UNIX variants (UNIX, Linux, OSX)
Windows
Impact/Access: Access Privileged Data -- Existing Account
Denial of Service -- Remote with User Interaction
Access Confidential Data -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2015-3196 CVE-2015-3195 CVE-2015-3194
CVE-2015-3193 CVE-2015-1794
Original Bulletin:
https://www.openssl.org/news/secadv/20151203.txt
- --------------------------BEGIN INCLUDED TEXT--------------------
OpenSSL Security Advisory [3 Dec 2015] - Updated [4 Dec 2015]
=============================================================
[Updated 4 Dec 2015]: This advisory has been updated to include the details of
CVE-2015-1794, a Low severity issue affecting OpenSSL 1.0.2 which had a fix
included in the released packages but was missed from the advisory text.
NOTE: WE ANTICIPATE THAT 1.0.0t AND 0.9.8zh WILL BE THE LAST RELEASES FOR THE
0.9.8 AND 1.0.0 VERSIONS AND THAT NO MORE SECURITY FIXES WILL BE PROVIDED (AS
PER PREVIOUS ANNOUNCEMENTS). USERS ARE ADVISED TO UPGRADE TO LATER VERSIONS.
BN_mod_exp may produce incorrect results on x86_64 (CVE-2015-3193)
==================================================================
Severity: Moderate
There is a carry propagating bug in the x86_64 Montgomery squaring procedure.
No EC algorithms are affected. Analysis suggests that attacks against RSA and
DSA as a result of this defect would be very difficult to perform and are not
believed likely. Attacks against DH are considered just feasible (although
very difficult) because most of the work necessary to deduce information about
a private key may be performed offline. The amount of resources required for
such an attack would be very significant and likely only accessible to a
limited number of attackers. An attacker would additionally need online access
to an unpatched system using the target private key in a scenario with
persistent DH parameters and a private key that is shared between multiple
clients. For example this can occur by default in OpenSSL DHE based SSL/TLS
ciphersuites.
This issue affects OpenSSL version 1.0.2.
OpenSSL 1.0.2 users should upgrade to 1.0.2e
This issue was reported to OpenSSL on August 13 2015 by Hanno Bock. The fix
was developed by Andy Polyakov of the OpenSSL development team.
Certificate verify crash with missing PSS parameter (CVE-2015-3194)
===================================================================
Severity: Moderate
The signature verification routines will crash with a NULL pointer dereference
if presented with an ASN.1 signature using the RSA PSS algorithm and absent
mask generation function parameter. Since these routines are used to verify
certificate signature algorithms this can be used to crash any certificate
verification operation and exploited in a DoS attack. Any application which
performs certificate verification is vulnerable including OpenSSL clients and
servers which enable client authentication.
This issue affects OpenSSL versions 1.0.2 and 1.0.1.
OpenSSL 1.0.2 users should upgrade to 1.0.2e
OpenSSL 1.0.1 users should upgrade to 1.0.1q
This issue was reported to OpenSSL on August 27 2015 by Loic Jonas Etienne
(Qnective AG). The fix was developed by Dr. Stephen Henson of the OpenSSL
development team.
X509_ATTRIBUTE memory leak (CVE-2015-3195)
==========================================
Severity: Moderate
When presented with a malformed X509_ATTRIBUTE structure OpenSSL will leak
memory. This structure is used by the PKCS#7 and CMS routines so any
application which reads PKCS#7 or CMS data from untrusted sources is affected.
SSL/TLS is not affected.
This issue affects OpenSSL versions 1.0.2 and 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.2 users should upgrade to 1.0.2e
OpenSSL 1.0.1 users should upgrade to 1.0.1q
OpenSSL 1.0.0 users should upgrade to 1.0.0t
OpenSSL 0.9.8 users should upgrade to 0.9.8zh
This issue was reported to OpenSSL on November 9 2015 by Adam Langley
(Google/BoringSSL) using libFuzzer. The fix was developed by Dr. Stephen
Henson of the OpenSSL development team.
Race condition handling PSK identify hint (CVE-2015-3196)
=========================================================
Severity: Low
If PSK identity hints are received by a multi-threaded client then the values
are wrongly updated in the parent SSL_CTX structure. This can result in a race
condition potentially leading to a double free of the identify hint data.
This issue was fixed in OpenSSL 1.0.2d and 1.0.1p but has not been previously
listed in an OpenSSL security advisory. This issue also affects OpenSSL 1.0.0
and has not been previously fixed in an OpenSSL 1.0.0 release.
OpenSSL 1.0.2 users should upgrade to 1.0.2d
OpenSSL 1.0.1 users should upgrade to 1.0.1p
OpenSSL 1.0.0 users should upgrade to 1.0.0t
The fix for this issue can be identified in the OpenSSL git repository by
commit ids 3c66a669dfc7 (1.0.2), d6be3124f228 (1.0.1) and 1392c238657e
(1.0.0).
The fix was developed by Dr. Stephen Henson of the OpenSSL development team.
Anon DH ServerKeyExchange with 0 p parameter (CVE-2015-1794)
============================================================
Severity: Low
If a client receives a ServerKeyExchange for an anonymous DH ciphersuite with
the value of p set to 0 then a seg fault can occur leading to a possible
denial of service attack.
This issue affects OpenSSL version 1.0.2.
OpenSSL 1.0.2 users should upgrade to 1.0.2e
This issue was reported to OpenSSL on August 3 2015 by Guy Leaver (Cisco). The
fix was developed by Matt Caswell of the OpenSSL development team.
Note ====
As per our previous announcements and our Release Strategy
(https://www.openssl.org/about/releasestrat.html), support for OpenSSL
versions 1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates
for these versions will be provided after that date. In the absence of
significant security issues being identified prior to that date, the 1.0.0t
and 0.9.8zh releases will be the last for those versions. Users of these
versions are advised to upgrade.
References ==========
URL for this Security Advisory:
https://www.openssl.org/news/secadv/20151203.txt
Note: the online version of the advisory may be updated with additional
details over time.
For details of OpenSSL severity classifications please see:
https://www.openssl.org/about/secpolicy.html
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBVmUKdH6ZAP0PgtI9AQJ3yg//VKlVRasn603ZGPtxGnu4GYZ0Kk4+Cb1J
f80hjUEJhMJjAT90xbHi9PbJBNCD9TLLe5hLwXe8Lz/k6RA07B8304r2YYzTprhc
RQZZ6p9RlCNf1RISbDr3KvmTXBAQWuK6KaXNQjf5XUDGYDruqvQU70y+P1Vyg2Tk
GXZRwI+SpvMiI9QGjqRVj5wXrD5tpvt5sfdCsqD8LWGDWutifzGK3PDXyrT2r68/
LjlkRP2jtup6BxibToeOKfJKocm5wjBG1wEzRjkvzef6MMtrMx1NYeR5r3IwaIar
cUMzT4ToMBoXo/yv7yd/qgkSHayI4BoVuJSBdD8+UfTsYKDU6BWxE4O+XkW8oTtt
MVTyS0JYNrknZgO2Gdhe3hK9nJeVuylbjcsQtK9tZV7Y13H3GjlJapSQa5cyu4mo
6T8+nbOt33F4g+h0qJQ38A9i/Ga4ZOJDbHK4Iw58+wWSf7kVfnIadFAMrrJWiK38
ekEzaFjvB5KYy6dKo09dzTetnNogL8KHWliBk4PWL9XTJAWbavzbS5t/hbYEOjeA
UYbgqleamO1KsWJorg2xRYbW+jDAMojplT//fIvsDptDK8+Z6Jj2M1zgbg9pLjl9
FdEHYz/3RtCWHvrLxMx9HKVO1J9DK58kwshXEeHeI/wJ2bn92EiRfoidy/QzgsfJ
bAEcydMV+zw=
=hOuC
-----END PGP SIGNATURE-----