Bug 35579 - openssl: Multiple issues (3.2)
openssl: Multiple issues (3.2)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UNSTABLE
Other Linux
: P5 normal (vote)
: UCS 3.2-2-errata
Assigned To: Janek Walkenhorst
Arvid Requate
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-08-07 10:44 CEST by Moritz Mühlenhoff
Modified: 2014-08-07 17:50 CEST (History)
0 users

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Moritz Mühlenhoff 2014-08-07 10:44:22 CEST
Information leak in pretty printing functions (CVE-2014-3508)
Crash with SRP ciphersuite in Server Hello message (CVE-2014-5139)
Race condition in ssl_parse_serverhello_tlsext (CVE-2014-3509)
Double Free when processing DTLS packets (CVE-2014-3505)
DTLS memory exhaustion (CVE-2014-3506)
DTLS memory leak from zero-length fragments (CVE-2014-3507)
OpenSSL DTLS anonymous EC(DH) denial of service (CVE-2014-3510)
OpenSSL TLS protocol downgrade attack (CVE-2014-3511)
SRP buffer overrun (CVE-2014-3512)
Comment 1 Janek Walkenhorst univentionstaff 2014-08-07 12:20:41 CEST
(In reply to Moritz Mühlenhoff from comment #0)
> Crash with SRP ciphersuite in Server Hello message (CVE-2014-5139)
This only applies to 1.0.1
> Race condition in ssl_parse_serverhello_tlsext (CVE-2014-3509)
This only applies to 1.0.0 and 1.0.1
> OpenSSL TLS protocol downgrade attack (CVE-2014-3511)
This only applies to 1.0.1
> SRP buffer overrun (CVE-2014-3512)
This only applies to 1.0.1

<https://www.openssl.org/news/secadv_20140806.txt>
Comment 2 Janek Walkenhorst univentionstaff 2014-08-07 12:56:03 CEST
(In reply to Moritz Mühlenhoff from comment #0)
> Information leak in pretty printing functions (CVE-2014-3508)
> Double Free when processing DTLS packets (CVE-2014-3505)
> DTLS memory exhaustion (CVE-2014-3506)
> DTLS memory leak from zero-length fragments (CVE-2014-3507)
> OpenSSL DTLS anonymous EC(DH) denial of service (CVE-2014-3510)
Fixed with new version.

This version also includes:
 Fix CVE-2012-4929 (CRiME) by disabling zlib compression by default.
 It can be enabled again by setting the environment variable
 OPENSSL_NO_DEFAULT_ZLIB.

Advisory: 2014-08-07-openssl.yaml

Tests (amd64): OK
Comment 3 Arvid Requate univentionstaff 2014-08-07 13:34:19 CEST
Verified:

* 0.9.8o-4squeeze17 has been imported from upstream squeeze repo and replaces 0.9.8o-4squeeze15 (imported for errata 124).
* The upstream version contains patches for the CVEs in the advisory.
* The advisory is up to date and the errata will be published into errata3.2-1 and errata3.2-2.
* Installation was successful.
Comment 4 Janek Walkenhorst univentionstaff 2014-08-07 17:50:13 CEST
http://errata.univention.de/ucs/3.2/177.html