Bug 38691

Summary:	openssl: Multiple issues (4.0)
Product:	UCS	Reporter:	Arvid Requate <requate>
Component:	Security updates	Assignee:	Stefan Gohmann <gohmann>
Status:	CLOSED FIXED	QA Contact:	Janek Walkenhorst <walkenhorst>
Severity:	normal
Priority:	P5	CC:	gohmann
Version:	UCS 4.0	Flags:	requate: Patch_Available+
Target Milestone:	UCS 4.0-3-errata
Hardware:	Other
OS:	Linux
What kind of report is it?:	---	What type of bug is this?:	---
Who will be affected by this bug?:	---	How will those affected feel about the bug?:	---
User Pain:		Enterprise Customer affected?:
School Customer affected?:		ISV affected?:
Waiting Support:		Flags outvoted (downgraded) after PO Review:
Ticket number:		Bug group (optional):	Security
Max CVSS v3 score:

Description Arvid Requate

2015-06-11 21:24:33 CEST

New issues have been discovered in openssl:

* Invalid free in DTLS (CVE-2014-8176)
* Malformed ECParameters causes infinite loop (CVE-2015-1788)
* Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789)
* PKCS7 crash with missing EnvelopedContent (CVE-2015-1790)
* race condition in NewSessionTicket (CVE-2015-1791)
* CMS verify infinite loop with unknown hash function (CVE-2015-1792)

* The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue. (CVE-2015-4000)

Comment 1 Arvid Requate

2015-06-22 19:03:03 CEST

Upstream Debian package version 1.0.1e-2+deb7u17 fixes all issues noted above.

Comment 2 Stefan Gohmann

2015-08-29 00:28:18 CEST

The packages has been build.

YAML: 2015-08-29-openssl.yaml

Comment 3 Janek Walkenhorst

2015-09-01 15:48:41 CEST

Tests (amd64): OK
Advisory: OK

Comment 4 Janek Walkenhorst

2015-09-02 14:08:11 CEST

<http://errata.univention.de/ucs/4.0/302.html>