OpenSSL: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2018.0896
                  OpenSSL Security Advisory [27 Mar 2018]
                               28 March 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           OpenSSL
Publisher:         OpenSSL
Operating System:  UNIX variants (UNIX, Linux, OSX)
                   Windows
Impact/Access:     Access Privileged Data         -- Remote/Unauthenticated
                   Denial of Service              -- Remote/Unauthenticated
                   Provide Misleading Information -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2018-0739 CVE-2018-0733 CVE-2017-3738

Reference:         ASB-2018.0013
                   ESB-2018.0852
                   ESB-2018.0480
                   ESB-2018.0426
                   ESB-2018.0174
                   ESB-2017.3217
                   ESB-2017.3209

Original Bulletin: 
   https://www.openssl.org/news/secadv/20180327.txt

- --------------------------BEGIN INCLUDED TEXT--------------------

OpenSSL Security Advisory [27 Mar 2018]
========================================

Constructed ASN.1 types with a recursive definition could exceed the stack (CVE-2018-0739)
==========================================================================================

Severity: Moderate

Constructed ASN.1 types with a recursive definition (such as can be found in
PKCS7) could eventually exceed the stack given malicious input with
excessive recursion. This could result in a Denial Of Service attack. There are
no such structures used within SSL/TLS that come from untrusted sources so this
is considered safe.

OpenSSL 1.1.0 users should upgrade to 1.1.0h
OpenSSL 1.0.2 users should upgrade to 1.0.2o

This issue was reported to OpenSSL on 4th January 2018 by the OSS-fuzz project.
The fix was developed by Matt Caswell of the OpenSSL development team.

Incorrect CRYPTO_memcmp on HP-UX PA-RISC (CVE-2018-0733)
========================================================

Severity: Moderate

Because of an implementation bug the PA-RISC CRYPTO_memcmp function is
effectively reduced to only comparing the least significant bit of each byte.
This allows an attacker to forge messages that would be considered as
authenticated in an amount of tries lower than that guaranteed by the security
claims of the scheme. The module can only be compiled by the HP-UX assembler, so
that only HP-UX PA-RISC targets are affected.

OpenSSL 1.1.0 users should upgrade to 1.1.0h

This issue was reported to OpenSSL on 2nd March 2018 by Peter Waltenberg (IBM).
The fix was developed by Andy Polyakov of the OpenSSL development team.

rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738)
=========================================================

Severity: Low

This issue has been reported in a previous OpenSSL security advisory and a fix
was provided for OpenSSL 1.0.2. Due to the low severity no fix was released at
that time for OpenSSL 1.1.0. The fix is now available in OpenSSL 1.1.0h.

There is an overflow bug in the AVX2 Montgomery multiplication procedure
used in exponentiation with 1024-bit moduli. No EC algorithms are affected.
Analysis suggests that attacks against RSA and DSA as a result of this defect
would be very difficult to perform and are not believed likely. Attacks
against DH1024 are considered just feasible, because most of the work
necessary to deduce information about a private key may be performed offline.
The amount of resources required for such an attack would be significant.
However, for an attack on TLS to be meaningful, the server would have to share
the DH1024 private key among multiple clients, which is no longer an option
since CVE-2016-0701.

This only affects processors that support the AVX2 but not ADX extensions
like Intel Haswell (4th generation).

Note: The impact from this issue is similar to CVE-2017-3736, CVE-2017-3732
and CVE-2015-3193.

OpenSSL 1.1.0 users should upgrade to 1.1.0h
OpenSSL 1.0.2 users should upgrade to 1.0.2n

This issue was reported to OpenSSL on 22nd November 2017 by David Benjamin
(Google). The issue was originally found via the OSS-Fuzz project. The fix was
developed by Andy Polyakov of the OpenSSL development team.

References
==========

URL for this Security Advisory:
https://www.openssl.org/news/secadv/20180327.txt

Note: the online version of the advisory may be updated with additional details
over time.

For details of OpenSSL severity classifications please see:
https://www.openssl.org/policies/secpolicy.html

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWrsh4Ix+lLeg9Ub1AQhZ3BAArJbK82Iy1gkH37t4xH276velpl9aVTvH
wFU54jmOD2WWFNki58U1y5zysq6HCAPYX6SN7SkTIX2lysiqrvbWbl50yce1WDo6
El/NVDwMsZAfIrBHHHV42Sv6u7n0WFc3OESIkiznYPIzAZUVAItknzJJoRAL2b/R
qA834Ta8AvpIAFbdj/vO8hs6qaV1JlKm+ykPrDAeQUlxKpOXD4RhEPmhuS8YzXpb
jNUk9IVwRwCyma7SrxjKBYa8dkwmrsdZXLcfx/66NvFUveTbV1n2B2vKW0IcUPC/
f3DsTTQM4RwNmj6eyRwz6YxRiFUat/hNTn2HbtYR8VSmR+81sSlkkHHK2QXwO4OJ
uMLtdAGu3zWN6sMMJ9+3bUNz8jXxmYOciQ2Z2PSAMZsRmxoxnERl8a77513l0eIL
+wTLDUtPjQd0N0zBStyQkZtSEsKE9iKZk1orD2t5539a5WE5tP0aoi0u1Hhmc9fe
ZCtX4lT1sBAAAnavYnk/gW7H18DIJyDQk0K8maBBr1JQFC8ci7paCn2T5mr+RrFH
4GSVTgc8XoiDA0TBhNF2xHwjwoqFkzuoIA2RfYVTClVw2uZI4i6N1j0XuIgl5W/6
ULNN6t6d4LDsQdDLK5Oui0Ic7CBkcxH1gE09ubYQVDxkzLkovZDs+RAlzfIDaNLu
YHDpeFYqfYE=
=G7a1
-----END PGP SIGNATURE-----