Univention Bugzilla – Bug 40189
openssl: Denial of service (3.2)
Last modified: 2016-03-30 13:30:25 CEST
Upstream Debian package version 0.9.8o-4squeeze22 fixes this issue: * PKCS#7 and CMS routines: malformed X509_ATTRIBUTE structure OpenSSL will leak memory (CVE-2015-3195)
Upstream Debian package version 0.9.8o-4squeeze23 fixes this issue: * A malicious client can negotiate SSLv2 ciphers that have been disabled on the server and complete SSLv2 handshakes even if all SSLv2 ciphers have been disabled, provided that the SSLv2 protocol was not also disabled via SSL_OP_NO_SSLv2 (CVE-2015-3197) * Additionally, when using a DHE cipher suite a new DH key will always be generated for each connection.
The following new issues have been identified (see https://www.openssl.org/news/secadv/20160301.txt): * Cross-protocol attack on TLS using SSLv2 (DROWN) (CVE-2016-0800) * Memory leak in SRP database lookups (CVE-2016-0798) * BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption (CVE-2016-0797) * Memory issues in BIO_*printf functions (CVE-2016-0799) * Side channel attack on modular exponentiation (CVE-2016-0702) * Divide-and-conquer session key recovery in SSLv2 (CVE-2016-0703) * Bleichenbacher oracle in SSLv2 (CVE-2016-0704)
Please note that CVE-2016-0703, CVE-2016-0704 and CVE-2016-0800 exploit SSLv2. By default UCS 3.2 univention-apache disables SSLv2 (Bug 36173#c5, UCS 3.2 erratum 225) as well as export-grade ciphers (Bug 38632, UCS 3.2 erratum 345). An univention-mail-postfix configuration disabling SSLv2 is available in errata 4.0-1 (Bug 38044).
Created attachment 7509 [details] CVE-2016-0800.patch
Created attachment 7510 [details] CVE-2016-0798.patch
Created attachment 7511 [details] CVE-2016-0797.patch
Created attachment 7512 [details] CVE-2016-0799.patch
Created attachment 7513 [details] CVE-2016-0702.patch
I imported the latest squeeze-lts version and added patches for CVE-2016-0797 CVE-2016-0799 and CVE-2016-0800. The first two are from the wheezy package and the last one is taken from https://git.openssl.org/?p=openssl.git;a=commitdiff;h=56f1acf5ef8a432992497a04792ff4b3b2c6f286 . I compared the patch to what CentOS and RHEL6 did. Backporting CVE-2016-0702 is too hard (non-applicable assembler patches) and CVE-2016-0703 as well as CVE-2016-0704 should be mitigated by the patch for CVE-2016-0800. This also matches the response of CentOS / RHEL. Advisory: openssl.yaml
amd64/i396 OK - built with patches (CVE-2015-3195, CVE-2015-3197, CVE-2016-0797, CVE-2016-0799, CVE-2016-0800) OK - ucs-test-base OK - ucs-test-apache (from 4.1) OK - openssl s_client -connect 443 636 993 OK - ldapsearch -ZZZ OK - certificate creation OK - openssl cert verify (openssl verify -CAfile /etc/univention/ssl/ucsCA/CAcert.pem /etc/univention/ssl/master/cert.pem ) OK - ssl2 disabled (openssl s_client -connect hostname:443 -ssl2) OK - imap/smtp with tls (univention-mail-horde, horde login, horde mail) OK - libssl-dev OK - YAML
<http://errata.software-univention.de/ucs/3.2/410.html>