From rsalz at mta.openssl.org Thu Sep 15 15:52:32 2016 From: rsalz at mta.openssl.org (Rich Salz) Date: Thu, 15 Sep 2016 11:52:32 -0400 Subject: [openssl-announce] FTP access being taken down Message-ID: <20160915155232.D2437203D7@mta.openssl.org> In a couple of weeks we will be taking down FTP access to the tarballs and snapshots. We will evaluate RYNC later. The definitive description of where to find source distributions is here: https://www.openssl.org/source (or click the "Downloads" item at the top of every page). Please update any FTP-using scripts that you have. From openssl at openssl.org Mon Sep 19 12:57:49 2016 From: openssl at openssl.org (OpenSSL) Date: Mon, 19 Sep 2016 13:57:49 +0100 (BST) Subject: [openssl-announce] Forthcoming OpenSSL releases Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Forthcoming OpenSSL releases ============================ The OpenSSL project team would like to announce the forthcoming release of OpenSSL versions 1.1.0a, 1.0.2i, 1.0.1u. These releases will be made available on 22nd September 2016 at approximately 0800 UTC. They will fix several security defects: one classfied as severity "high", one as "moderate", and the rest "low". Please see the following page for further details of severity levels: https://www.openssl.org/policies/secpolicy.html Please also note that, as per our previous announcements, support for 1.0.1 will end on 31st December 2016. Yours The OpenSSL Project Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBCAAGBQJX3+BCAAoJEAEKUEB8TIy9nfIH/1E4FiVRQggShTN1CZgLv0rl YDh2t71b96K9UOf7wmK073Kzu+oKB7jNvwtEmLqc7SNK7CD/Zl3ExebF9ncvgN3E 45+LJ5MtLw6wyPofzEwpB/v/t1h2123UHQ90ijKZKJE8RR/Z7Md0BsLpZiFMTIDt hfQznqSVSvS6jRS7G8w3c33wMWd4d/iUk5yulylMyicgt/KOWAwp5aAUVgPTIIOQ kmDgU5Ypd9MVxJ6qXV5EL8EZEfneau9Ggp0bbQYfitpYSg1R86SjUBz0Octeobmw tXOeTglXtY0TFllChc/1Gkr9kqqSX4HpWTB9Nj+Ngy888l0AZI7R7zHScIj8tL4= =wHYV -----END PGP SIGNATURE----- From openssl at openssl.org Thu Sep 22 10:56:19 2016 From: openssl at openssl.org (OpenSSL) Date: Thu, 22 Sep 2016 10:56:19 +0000 Subject: [openssl-announce] OpenSSL version 1.0.1u published Message-ID: <20160922105619.GA14190@openssl.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 OpenSSL version 1.0.1u released =============================== OpenSSL - The Open Source toolkit for SSL/TLS https://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 1.0.1u of our open source toolkit for SSL/TLS. For details of changes and known issues see the release notes at: https://www.openssl.org/news/openssl-1.0.1-notes.html OpenSSL 1.0.1u is available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under https://www.openssl.org/source/mirror.html): * https://www.openssl.org/source/ * ftp://ftp.openssl.org/source/ The distribution file name is: o openssl-1.0.1u.tar.gz Size: 4567068 SHA1 checksum: 93e542696598517862115fbe76a93ab66369661d SHA256 checksum: 4312b4ca1215b6f2c97007503d80db80d5157f76f8f7d3febbe6b4c56ff26739 The checksums were calculated using the following commands: openssl sha1 openssl-1.0.1u.tar.gz openssl sha256 openssl-1.0.1u.tar.gz Yours, The OpenSSL Project Team. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJX47LHAAoJENnE0m0OYESRBtwH/3+HUEkaq0AjniBI23BI3e42 AiU2dCKv4DvHo4x1lNHw79GCywY06saybIcdsIri8exR7JJqi2IJ5n7inL5GA0ss 3ts98r7mDmu3qd0Qo559avsb5ChVN4PIgAXbI76uoohmbpFYowHO7pVX75kXu6Eh STzjVxjlzkM7ka2CmE/D19x1sRWvlpwaWoBQ/DwUOC+1qpyMbTzqM/RODBucwT3T pqjivwSM6mgMYoWuAUMq/r4pvFCvS08GBOSf8XLNqLVNEgmO5b3FkuxxXnoR1m2R IjDqtn3d0aRTSruKsUXfVSwWgk+la3m8Hr8sCNACRZu03GSa0NwLXrc8vYH2iMM= =Ozj3 -----END PGP SIGNATURE----- From openssl at openssl.org Thu Sep 22 10:56:45 2016 From: openssl at openssl.org (OpenSSL) Date: Thu, 22 Sep 2016 10:56:45 +0000 Subject: [openssl-announce] OpenSSL version 1.0.2i published Message-ID: <20160922105645.GA14378@openssl.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 OpenSSL version 1.0.2i released =============================== OpenSSL - The Open Source toolkit for SSL/TLS https://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 1.0.2i of our open source toolkit for SSL/TLS. For details of changes and known issues see the release notes at: https://www.openssl.org/news/openssl-1.0.2-notes.html OpenSSL 1.0.2i is available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under https://www.openssl.org/source/mirror.html): * https://www.openssl.org/source/ * ftp://ftp.openssl.org/source/ The distribution file name is: o openssl-1.0.2i.tar.gz Size: 5308232 SHA1 checksum: 25a92574ebad029dcf2fa26c02e10400a0882111 SHA256 checksum: 9287487d11c9545b6efb287cdb70535d4e9b284dd10d51441d9b9963d000de6f The checksums were calculated using the following commands: openssl sha1 openssl-1.0.2i.tar.gz openssl sha256 openssl-1.0.2i.tar.gz Yours, The OpenSSL Project Team. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJX47F5AAoJENnE0m0OYESRetYH/18tGdVDBTKEEhDxYQZ+UYCk CQpQK9Bjamv8/zD8uhj+jN92gSccTR3cPZGA88lMu5SbM48G+eU5znA8xopeHtcQ nLhiQ4XTq/Y31nGXpyAwXQElRAiEXix5QP7CA3kSAJDLF18TTzbzJWXv4wFfUPKS /5smGDQyv+40P82uo0KcS0ZRGJTH933LQCK8qqrtduxxtQRdBMU+BYuLPJZrMyFt iN05WawKk1527tqN4pmqzEVBghzd1lGe/D5VKnm77UH8zYXYPWeVXNoUoKGldMFv QCnuZ1thYCLnaolLvfzM9L4bRtIT0cOsermmes6myjRJBXUQhipjcRm4z8UGQlY= =6DTt -----END PGP SIGNATURE----- From openssl at openssl.org Thu Sep 22 10:57:15 2016 From: openssl at openssl.org (OpenSSL) Date: Thu, 22 Sep 2016 10:57:15 +0000 Subject: [openssl-announce] OpenSSL version 1.1.0a published Message-ID: <20160922105715.GA14577@openssl.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 OpenSSL version 1.1.0a released =============================== OpenSSL - The Open Source toolkit for SSL/TLS https://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 1.1.0a of our open source toolkit for SSL/TLS. For details of changes and known issues see the release notes at: https://www.openssl.org/news/openssl-1.1.0-notes.html OpenSSL 1.1.0a is available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under https://www.openssl.org/source/mirror.html): * https://www.openssl.org/source/ * ftp://ftp.openssl.org/source/ The distribution file name is: o openssl-1.1.0a.tar.gz Size: 5161414 SHA1 checksum: 335d7168b612efd3cf16f621b09d4cd5af4232a6 SHA256 checksum: c2e696e34296cde2c9ec5dcdad9e4f042cd703932591d395c389de488302442b The checksums were calculated using the following commands: openssl sha1 openssl-1.1.0a.tar.gz openssl sha256 openssl-1.1.0a.tar.gz Yours, The OpenSSL Project Team. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJX468gAAoJENnE0m0OYESRMCUIAK+hb9xpoYbWNbGBm1rwp75G 9O0uBRCNtHEgyNcnrSW9bV0HT4v/EG64IFR9KmcTYn8Jc9GIh9176I/kb233V/sI 1MJ7sUmPXODKLp1Pjz8p8dcUrS1I+rO9QfLkgZD8LEEv3yaAzku4XVNPvyJ3v2Dg MYdz5qMvzEJBYtY2BlXbsTAlWj2h5kRvQpOTxS3jsNBEyU9o7HtQClFfHffcf80j tjiBw/oKmawQQSyz9ZcamUEd7YS3BAzCbdRXJd7halXfcJcEwu6ZcI7pNm+g6lHI WI0bxgX8K8olXzboWeF4AybfRgH5Y1hiMwpCrCjFWqWHbNA6A8lhJOb7NsOpOH4= =OiyL -----END PGP SIGNATURE----- From openssl at openssl.org Thu Sep 22 10:58:09 2016 From: openssl at openssl.org (OpenSSL) Date: Thu, 22 Sep 2016 10:58:09 +0000 Subject: [openssl-announce] OpenSSL Security Advisory Message-ID: <20160922105809.GA15135@openssl.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 OpenSSL Security Advisory [22 Sep 2016] ======================================== OCSP Status Request extension unbounded memory growth (CVE-2016-6304) ===================================================================== Severity: High A malicious client can send an excessively large OCSP Status Request extension. If that client continually requests renegotiation, sending a large OCSP Status Request extension each time, then there will be unbounded memory growth on the server. This will eventually lead to a Denial Of Service attack through memory exhaustion. Servers with a default configuration are vulnerable even if they do not support OCSP. Builds using the "no-ocsp" build time option are not affected. Servers using OpenSSL versions prior to 1.0.1g are not vulnerable in a default configuration, instead only if an application explicitly enables OCSP stapling support. OpenSSL 1.1.0 users should upgrade to 1.1.0a OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u This issue was reported to OpenSSL on 29th August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL development team. SSL_peek() hang on empty record (CVE-2016-6305) =============================================== Severity: Moderate OpenSSL 1.1.0 SSL/TLS will hang during a call to SSL_peek() if the peer sends an empty record. This could be exploited by a malicious peer in a Denial Of Service attack. OpenSSL 1.1.0 users should upgrade to 1.1.0a This issue was reported to OpenSSL on 10th September 2016 by Alex Gaynor. The fix was developed by Matt Caswell of the OpenSSL development team. SWEET32 Mitigation (CVE-2016-2183) ================================== Severity: Low SWEET32 (https://sweet32.info) is an attack on older block cipher algorithms that use a block size of 64 bits. In mitigation for the SWEET32 attack DES based ciphersuites have been moved from the HIGH cipherstring group to MEDIUM in OpenSSL 1.0.1 and OpenSSL 1.0.2. OpenSSL 1.1.0 since release has had these ciphersuites disabled by default. OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u This issue was reported to OpenSSL on 16th August 2016 by Karthikeyan Bhargavan and Gaetan Leurent (INRIA). The fix was developed by Rich Salz of the OpenSSL development team. OOB write in MDC2_Update() (CVE-2016-6303) ========================================== Severity: Low An overflow can occur in MDC2_Update() either if called directly or through the EVP_DigestUpdate() function using MDC2. If an attacker is able to supply very large amounts of input data after a previous call to EVP_EncryptUpdate() with a partial block then a length check can overflow resulting in a heap corruption. The amount of data needed is comparable to SIZE_MAX which is impractical on most platforms. OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u This issue was reported to OpenSSL on 11th August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team. Malformed SHA512 ticket DoS (CVE-2016-6302) =========================================== Severity: Low If a server uses SHA512 for TLS session ticket HMAC it is vulnerable to a DoS attack where a malformed ticket will result in an OOB read which will ultimately crash. The use of SHA512 in TLS session tickets is comparatively rare as it requires a custom server callback and ticket lookup mechanism. OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u This issue was reported to OpenSSL on 19th August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team. OOB write in BN_bn2dec() (CVE-2016-2182) ======================================== Severity: Low The function BN_bn2dec() does not check the return value of BN_div_word(). This can cause an OOB write if an application uses this function with an overly large BIGNUM. This could be a problem if an overly large certificate or CRL is printed out from an untrusted source. TLS is not affected because record limits will reject an oversized certificate before it is parsed. OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u This issue was reported to OpenSSL on 2nd August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team. OOB read in TS_OBJ_print_bio() (CVE-2016-2180) ============================================== Severity: Low The function TS_OBJ_print_bio() misuses OBJ_obj2txt(): the return value is the total length the OID text representation would use and not the amount of data written. This will result in OOB reads when large OIDs are presented. OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u This issue was reported to OpenSSL on 21st July 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team. Pointer arithmetic undefined behaviour (CVE-2016-2177) ====================================================== Severity: Low Avoid some undefined pointer arithmetic A common idiom in the codebase is to check limits in the following manner: "p + len > limit" Where "p" points to some malloc'd data of SIZE bytes and limit == p + SIZE "len" here could be from some externally supplied data (e.g. from a TLS message). The rules of C pointer arithmetic are such that "p + len" is only well defined where len <= SIZE. Therefore the above idiom is actually undefined behaviour. For example this could cause problems if some malloc implementation provides an address for "p" such that "p + len" actually overflows for values of len that are too big and therefore p + len < limit. OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u This issue was reported to OpenSSL on 4th May 2016 by Guido Vranken. The fix was developed by Matt Caswell of the OpenSSL development team. Constant time flag not preserved in DSA signing (CVE-2016-2178) =============================================================== Severity: Low Operations in the DSA signing algorithm should run in constant time in order to avoid side channel attacks. A flaw in the OpenSSL DSA implementation means that a non-constant time codepath is followed for certain operations. This has been demonstrated through a cache-timing attack to be sufficient for an attacker to recover the private DSA key. OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u This issue was reported to OpenSSL on 23rd May 2016 by C??sar Pereida (Aalto University), Billy Brumley (Tampere University of Technology), and Yuval Yarom (The University of Adelaide and NICTA). The fix was developed by C??sar Pereida. DTLS buffered message DoS (CVE-2016-2179) ========================================= Severity: Low In a DTLS connection where handshake messages are delivered out-of-order those messages that OpenSSL is not yet ready to process will be buffered for later use. Under certain circumstances, a flaw in the logic means that those messages do not get removed from the buffer even though the handshake has been completed. An attacker could force up to approx. 15 messages to remain in the buffer when they are no longer required. These messages will be cleared when the DTLS connection is closed. The default maximum size for a message is 100k. Therefore the attacker could force an additional 1500k to be consumed per connection. By opening many simulataneous connections an attacker could cause a DoS attack through memory exhaustion. OpenSSL 1.0.2 DTLS users should upgrade to 1.0.2i OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1u This issue was reported to OpenSSL on 22nd June 2016 by Quan Luo. The fix was developed by Matt Caswell of the OpenSSL development team. DTLS replay protection DoS (CVE-2016-2181) ========================================== Severity: Low A flaw in the DTLS replay attack protection mechanism means that records that arrive for future epochs update the replay protection "window" before the MAC for the record has been validated. This could be exploited by an attacker by sending a record for the next epoch (which does not have to decrypt or have a valid MAC), with a very large sequence number. This means that all subsequent legitimate packets are dropped causing a denial of service for a specific DTLS connection. OpenSSL 1.0.2 DTLS users should upgrade to 1.0.2i OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1u This issue was reported to OpenSSL on 21st November 2015 by the OCAP audit team. The fix was developed by Matt Caswell of the OpenSSL development team. Certificate message OOB reads (CVE-2016-6306) ============================================= Severity: Low In OpenSSL 1.0.2 and earlier some missing message length checks can result in OOB reads of up to 2 bytes beyond an allocated buffer. There is a theoretical DoS risk but this has not been observed in practice on common platforms. The messages affected are client certificate, client certificate request and server certificate. As a result the attack can only be performed against a client or a server which enables client authentication. OpenSSL 1.1.0 is not affected. OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u This issue was reported to OpenSSL on 22nd August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team. Excessive allocation of memory in tls_get_message_header() (CVE-2016-6307) ========================================================================== Severity: Low A TLS message includes 3 bytes for its length in the header for the message. This would allow for messages up to 16Mb in length. Messages of this length are excessive and OpenSSL includes a check to ensure that a peer is sending reasonably sized messages in order to avoid too much memory being consumed to service a connection. A flaw in the logic of version 1.1.0 means that memory for the message is allocated too early, prior to the excessive message length check. Due to way memory is allocated in OpenSSL this could mean an attacker could force up to 21Mb to be allocated to service a connection. This could lead to a Denial of Service through memory exhaustion. However, the excessive message length check still takes place, and this would cause the connection to immediately fail. Assuming that the application calls SSL_free() on the failed conneciton in a timely manner then the 21Mb of allocated memory will then be immediately freed again. Therefore the excessive memory allocation will be transitory in nature. This then means that there is only a security impact if: 1) The application does not call SSL_free() in a timely manner in the event that the connection fails or 2) The application is working in a constrained environment where there is very little free memory or 3) The attacker initiates multiple connection attempts such that there are multiple connections in a state where memory has been allocated for the connection; SSL_free() has not yet been called; and there is insufficient memory to service the multiple requests. Except in the instance of (1) above any Denial Of Service is likely to be transitory because as soon as the connection fails the memory is subsequently freed again in the SSL_free() call. However there is an increased risk during this period of application crashes due to the lack of memory - which would then mean a more serious Denial of Service. This issue does not affect DTLS users. OpenSSL 1.1.0 TLS users should upgrade to 1.1.0a This issue was reported to OpenSSL on 18th September 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL development team. Excessive allocation of memory in dtls1_preprocess_fragment() (CVE-2016-6308) ============================================================================= Severity: Low This issue is very similar to CVE-2016-6307. The underlying defect is different but the security analysis and impacts are the same except that it impacts DTLS. A DTLS message includes 3 bytes for its length in the header for the message. This would allow for messages up to 16Mb in length. Messages of this length are excessive and OpenSSL includes a check to ensure that a peer is sending reasonably sized messages in order to avoid too much memory being consumed to service a connection. A flaw in the logic of version 1.1.0 means that memory for the message is allocated too early, prior to the excessive message length check. Due to way memory is allocated in OpenSSL this could mean an attacker could force up to 21Mb to be allocated to service a connection. This could lead to a Denial of Service through memory exhaustion. However, the excessive message length check still takes place, and this would cause the connection to immediately fail. Assuming that the application calls SSL_free() on the failed conneciton in a timely manner then the 21Mb of allocated memory will then be immediately freed again. Therefore the excessive memory allocation will be transitory in nature. This then means that there is only a security impact if: 1) The application does not call SSL_free() in a timely manner in the event that the connection fails or 2) The application is working in a constrained environment where there is very little free memory or 3) The attacker initiates multiple connection attempts such that there are multiple connections in a state where memory has been allocated for the connection; SSL_free() has not yet been called; and there is insufficient memory to service the multiple requests. Except in the instance of (1) above any Denial Of Service is likely to be transitory because as soon as the connection fails the memory is subsequently freed again in the SSL_free() call. However there is an increased risk during this period of application crashes due to the lack of memory - which would then mean a more serious Denial of Service. This issue does not affect TLS users. OpenSSL 1.1.0 DTLS users should upgrade to 1.1.0a This issue was reported to OpenSSL on 18th September 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL development team. Note ==== As per our previous announcements and our Release Strategy (https://www.openssl.org/policies/releasestrat.html), support for OpenSSL version 1.0.1 will cease on 31st December 2016. No security updates for that version will be provided after that date. Users of 1.0.1 are advised to upgrade. Support for versions 0.9.8 and 1.0.0 ended on 31st December 2015. Those versions are no longer receiving security updates. References ========== URL for this Security Advisory: https://www.openssl.org/news/secadv/20160922.txt Note: the online version of the advisory may be updated with additional details over time. For details of OpenSSL severity classifications please see: https://www.openssl.org/policies/secpolicy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJX465bAAoJENnE0m0OYESRfvoIAIWUhH3TgJvgh+0N4Z3FODmK CjytKRsk13F6tGPocXab5kesm602tQvjF4re9bcSHfzgDKqdrsBcGvX0ouyLzIeK Smsa/CLP2X6BH8oGa2UIbnyA4dRssnO0HPXDUC69SvplYZbhXFD3sBDK6mVudq3G N+WZ7Rba5FpcybR4ha6h13man/ArVY2p24qr0pxrlOivsTDPKHdDsY2JfezoNCKM H12Zsds5bmDxepNaRj8DNvjGJqsXENc8LLMQ1R/djp/R7yNi6OO3IDxA74JXBDsN OR+sPxlyaO7TZcktSk6YOZ5tVACxtbQmo9Tac61Pbx1QwgffK1scq/WNGsjQ1XY= =JPtf -----END PGP SIGNATURE----- From openssl at openssl.org Mon Sep 26 10:32:20 2016 From: openssl at openssl.org (OpenSSL) Date: Mon, 26 Sep 2016 10:32:20 +0000 Subject: [openssl-announce] OpenSSL version 1.0.2j published Message-ID: <20160926103220.GA15647@openssl.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 OpenSSL version 1.0.2j released =============================== OpenSSL - The Open Source toolkit for SSL/TLS https://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 1.0.2j of our open source toolkit for SSL/TLS. For details of changes and known issues see the release notes at: https://www.openssl.org/news/openssl-1.0.2-notes.html OpenSSL 1.0.2j is available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under https://www.openssl.org/source/mirror.html): * https://www.openssl.org/source/ * ftp://ftp.openssl.org/source/ The distribution file name is: o openssl-1.0.2j.tar.gz Size: 5307912 SHA1 checksum: bdfbdb416942f666865fa48fe13c2d0e588df54f SHA256 checksum: e7aff292be21c259c6af26469c7a9b3ba26e9abaaffd325e3dccc9785256c431 The checksums were calculated using the following commands: openssl sha1 openssl-1.0.2j.tar.gz openssl sha256 openssl-1.0.2j.tar.gz Yours, The OpenSSL Project Team. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJX6O9BAAoJENnE0m0OYESRsT8H/R7NWjLkFqUOwOTjyiqOKDWa YUAUNtSM+NWgHBS8GZwNlYyvCv7oIPIuJ1cG4mwTnWc2qpUFbbOkc6bhn/VhPWi5 bW6xOlof5Xbn86G5KM5HPe9t5Gay4RiU9+ePVa8Vkn4c3UcPNYVrYdDXEjv3UvJq 3VSOJDlAndaqMyBTtX5uK82pfd63kZWi9p2a+NCEojGcBSD/cyUYQpMUdomGU5K+ ZaRh2bHLNUjGUDLDqlgTDMv8p+OYUtQ6bgGpwBYw5zQeTZy7c43yTqUjvmuEaxaj XEeJqkv59Jty5uKqYmasVHgFY+EGsE0vw3troBrNFq2ZbVCqBx41C/kOZ3828HQ= =fLO/ -----END PGP SIGNATURE----- From openssl at openssl.org Mon Sep 26 10:32:40 2016 From: openssl at openssl.org (OpenSSL) Date: Mon, 26 Sep 2016 10:32:40 +0000 Subject: [openssl-announce] OpenSSL version 1.1.0b published Message-ID: <20160926103240.GA15835@openssl.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 OpenSSL version 1.1.0b released =============================== OpenSSL - The Open Source toolkit for SSL/TLS https://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 1.1.0b of our open source toolkit for SSL/TLS. For details of changes and known issues see the release notes at: https://www.openssl.org/news/openssl-1.1.0-notes.html OpenSSL 1.1.0b is available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under https://www.openssl.org/source/mirror.html): * https://www.openssl.org/source/ * ftp://ftp.openssl.org/source/ The distribution file name is: o openssl-1.1.0b.tar.gz Size: 5162355 SHA1 checksum: cbf391d0d68a9f144c24c5c3c5028c07fa00264c SHA256 checksum: a45de072bf9be4dea437230aaf036000f0e68c6a665931c57e76b5b036cef6f7 The checksums were calculated using the following commands: openssl sha1 openssl-1.1.0b.tar.gz openssl sha256 openssl-1.1.0b.tar.gz Yours, The OpenSSL Project Team. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJX6O5iAAoJENnE0m0OYESRdEUIAKzNLCT+L0z6R6mUoHYMFT/4 jctbb93RX1nu3wx9ssRdlBikpVBa6vfsS2U4MWwyYSkRTbBHVlHuezq1/2FduXPF nsLT/tjPNmXqQPPTsceKx/p7nDAnSdapz6e36HJ/8erUR7nngHKUdalV0OqoQLeX Lz6ncYVH42qFPATMM4xJzcunmY3g+CXTORHAGBZLOM0HfSgAka/iQVC8aUlYWOMO E0pMalw9yRHzsFcR++9I/vpr9TcBj/falISsaGrgAxVNMkINYRITU8wWSO3+0y+N EkSi079/CNQx2LwoVW2qTPWdbbqMgYrUG3jsBlZUeVwvLfcXsVy2FHUep+FIb4k= =SQB4 -----END PGP SIGNATURE----- From openssl at openssl.org Mon Sep 26 10:35:38 2016 From: openssl at openssl.org (OpenSSL) Date: Mon, 26 Sep 2016 10:35:38 +0000 Subject: [openssl-announce] OpenSSL Security Advisory Message-ID: <20160926103538.GA17557@openssl.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 OpenSSL Security Advisory [26 Sep 2016] ======================================== This security update addresses issues that were caused by patches included in our previous security update, released on 22nd September 2016. Given the Critical severity of one of these flaws we have chosen to release this advisory immediately to prevent upgrades to the affected version, rather than delaying in order to provide our usual public pre-notification. Fix Use After Free for large message sizes (CVE-2016-6309) ========================================================== Severity: Critical This issue only affects OpenSSL 1.1.0a, released on 22nd September 2016. The patch applied to address CVE-2016-6307 resulted in an issue where if a message larger than approx 16k is received then the underlying buffer to store the incoming message is reallocated and moved. Unfortunately a dangling pointer to the old location is left which results in an attempt to write to the previously freed location. This is likely to result in a crash, however it could potentially lead to execution of arbitrary code. OpenSSL 1.1.0 users should upgrade to 1.1.0b This issue was reported to OpenSSL on 23rd September 2016 by Robert ??wi??cki (Google Security Team), and was found using honggfuzz. The fix was developed by Matt Caswell of the OpenSSL development team. Missing CRL sanity check (CVE-2016-7052) ======================================== Severity: Moderate This issue only affects OpenSSL 1.0.2i, released on 22nd September 2016. A bug fix which included a CRL sanity check was added to OpenSSL 1.1.0 but was omitted from OpenSSL 1.0.2i. As a result any attempt to use CRLs in OpenSSL 1.0.2i will crash with a null pointer exception. OpenSSL 1.0.2i users should upgrade to 1.0.2j The issue was reported to OpenSSL on 22nd September 2016 by Bruce Stephens and Thomas Jakobi. The fix was developed by Matt Caswell of the OpenSSL development team. References ========== URL for this Security Advisory: https://www.openssl.org/news/secadv/20160926.txt Note: the online version of the advisory may be updated with additional details over time. For details of OpenSSL severity classifications please see: https://www.openssl.org/policies/secpolicy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJX6PBJAAoJENnE0m0OYESRGacIALa7/Vg0SQzqjhD/KphCdKos BjkDcEO00y3JDyYqqQxfcrM9jSwBbrNzmHdEzBcPlvvDq9qhGwsODKbGylI2St5r zVHw1qA60/+Hu9PjaGT24a8MX+fPjA4RObB/BGZ7ViucZzCxqqtJob73InKwM8+9 OyjTmrphbyFa/Hk/OUWVzjatzQjEN+a5QplRTR2Sd4fBZDWowrtOdPGmbBQfRRgm AbEO5ZPaVKBoRuMk6JsR3LFymZ2FpHjLs9HNBtSmLLdzfIXxVE+uOb9b5wdAMP/3 4cTMkhfeS3RF0GuMT3EyH/EuZS6KkjuE8y/aVTq5s3yhK3ah5kT85IO1ps0yDx0= =WJwY -----END PGP SIGNATURE-----