Univention Bugzilla – Full Text Bug Listing |
Summary: | openssl: Denial of service (4.0) | ||
---|---|---|---|
Product: | UCS | Reporter: | Moritz Muehlenhoff <jmm> |
Component: | Security updates | Assignee: | Moritz Muehlenhoff <jmm> |
Status: | CLOSED FIXED | QA Contact: | Philipp Hahn <hahn> |
Severity: | normal | ||
Priority: | P3 | CC: | requate, walkenhorst |
Version: | UCS 4.0 | ||
Target Milestone: | UCS 4.0-1-errata | ||
Hardware: | Other | ||
OS: | Linux | ||
What kind of report is it?: | --- | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | ||
Max CVSS v3 score: |
Description
Moritz Muehlenhoff
2015-03-06 12:57:46 CET
Handshake with unseeded PRNG (CVE-2015-0285) Cherrypicked from errata4.0-0 (==ucs4.0-1) to errata4.0-1 CVE-2015-0285 does not apply to 1.0.1e, introduced later via upstream git commit 173e72e64c6a07ae97660c322396b66215009f33 (Mon Mar 11 15:34:28 2013) Advisory: 2015-03-18-openssl.yaml OK: aptitude install '?source-package(openssl)?installed' # amd64 i386 OK: dpkg-query -W openssl # 1.0.1e-2.88.201503181219 OK: openssl x509 -noout -text -in /etc/univention/ssl/ucsCA/CAcert.pem OK: openssl s_client -host www.univention.de -port 443 <<<'GET /' OK: r14492 patch OK: r59166 YAML OK: errata-announce -V 2015-03-18-openssl.yaml FIXED: 2015-03-18-openssl.yaml -> r59187 Additional issues: Denial of service during certificate signature algorithm verification in ASN1_TYPE_cmp function (CVE-2015-0286) Memory corruption in ASN.1 parsing. Only affects applications with rarely found strongly discouraged ASN.1 parsing flaw (CVE-2015-0287) Denial of service due to NULL pointer dereference in the PKCS#7 parsing code. Quote: "Applications that verify PKCS#7 signatures, decrypt PKCS#7 data or otherwise parse PKCS#7 structures from untrusted sources are affected. OpenSSL clients and servers are not affected." (CVE-2015-0289) Memory corruption due to missing input sanitising in base64 decoding. Could be exploited by maliciously crafted base64 data. Quote: "Any code path that reads base64 data from an untrusted source could be affected (such as the PEM processing routines). (CVE-2015-0292) Updated upstream wheezy package imported and built in errata4.0-1. Advisory is updated. (In reply to Philipp Hahn from comment #3) OK: apt-cache policy openssl # 1.0.1e-2.92.201503200950 OK: aptitude install '?source-package(openssl)?installed' # amd64 i386 OK: zless /usr/share/doc/openssl/changelog.Debian.gz OK: CVE-2015-0292 CVE-2015-0289 CVE-2015-0287 CVE-2015-0286 CVE-2015-0209 CVE-2015-0288 OK: diff -urN openssl-1.0.1e openssl-1.0.1e.fixed OK: openssl x509 -noout -text -in /etc/univention/ssl/ucsCA/CAcert.pem OK: openssl s_client -host www.univention.de -port 443 <<<'GET /' OK: univention-certificate new -name test.qa.intranet OK: univention-certificate renew -name test.qa.intranet -days 3560 OK: univention-certificate revoke -name test.qa.intranet OK: errata-announce -V 2015-03-18-openssl.yaml OK: 2015-03-18-openssl.yaml There's been a regression update in Debian, we should incorporate that update: https://lists.debian.org/debian-security-announce/2015/msg00090.html (In reply to Moritz Muehlenhoff from comment #7) > There's been a regression update in Debian, we should incorporate that > update: > https://lists.debian.org/debian-security-announce/2015/msg00090.html The version in 3.2 is ok, the faulty patch isn't present there. The update package has been built. YAML also updated. OK: r59369 OK: apt-cache policy openssl # 1.0.1e-2.99.201503250939 OK: aptitude install '?source-package(openssl)?installed' # amd64 i386 OK: zless /usr/share/doc/openssl/changelog.Debian.gz # 1.0.1e-2+deb7u16 OK: openssl x509 -noout -text -in /etc/univention/ssl/ucsCA/CAcert.pem OK: openssl s_client -host www.univention.de -port 443 <<<'GET /' OK: univention-certificate new -name test.qa.intranet OK: univention-certificate renew -name test.qa.intranet -days 3560 OK: univention-certificate revoke -name test.qa.intranet OK: echo ZW5jb2RlIG1lCg================================================================== | openssl enc -d -base64 OK: errata-announce -V 2015-03-18-openssl.yaml OK: 2015-03-18-openssl.yaml |