[openssl-commits] [web] master update
Matt Caswell
matt at openssl.org
Thu Dec 3 15:35:54 UTC 2015
The branch master has been updated
via fda590f8c6af8c40f522e3f62a67b6b5f39f5dde (commit)
from 76e25ea3709538ce2b534e6bde4f897942146e93 (commit)
- Log -----------------------------------------------------------------
commit fda590f8c6af8c40f522e3f62a67b6b5f39f5dde
Author: Matt Caswell <matt at openssl.org>
Date: Thu Dec 3 15:29:34 2015 +0000
Add release and vulnerabilities information to website for release
-----------------------------------------------------------------------
Summary of changes:
news/newsflash.txt | 5 ++
news/secadv/20151203.txt | 123 +++++++++++++++++++++++++++
news/vulnerabilities.xml | 214 ++++++++++++++++++++++++++++++++++++++++++++++-
3 files changed, 341 insertions(+), 1 deletion(-)
create mode 100644 news/secadv/20151203.txt
diff --git a/news/newsflash.txt b/news/newsflash.txt
index 44b973c..cf51a94 100644
--- a/news/newsflash.txt
+++ b/news/newsflash.txt
@@ -4,6 +4,11 @@
# Format is two fields, colon-separated; the first line is the column
# headings. URL paths must all be absolute.
Date: Item
+03-Dec-2015: <a href="/news/secadv/20151203.txt">Security Advisory</a>: four security fixes
+03-Dec-2015: OpenSSL 1.0.2e is now available, including bug and security fixes
+03-Dec-2015: OpenSSL 1.0.1q is now available, including bug and security fixes
+03-Dec-2015: OpenSSL 1.0.0t is now available, including bug and security fixes
+03-Dec-2015: OpenSSL 0.9.8zh is now available, including bug and security fixes
09-Jul-2015: <a href="/news/secadv/20150709.txt">Security Advisory</a>: one security fix
09-Jul-2015: OpenSSL 1.0.2d is now available, including bug and security fixes
09-Jul-2015: OpenSSL 1.0.1p is now available, including bug and security fixes
diff --git a/news/secadv/20151203.txt b/news/secadv/20151203.txt
new file mode 100644
index 0000000..44051a2
--- /dev/null
+++ b/news/secadv/20151203.txt
@@ -0,0 +1,123 @@
+OpenSSL Security Advisory [3 Dec 2015]
+=======================================
+
+NOTE: WE ANTICIPATE THAT 1.0.0t AND 0.9.8zh WILL BE THE LAST RELEASES FOR THE
+0.9.8 AND 1.0.0 VERSIONS AND THAT NO MORE SECURITY FIXES WILL BE PROVIDED (AS
+PER PREVIOUS ANNOUNCEMENTS). USERS ARE ADVISED TO UPGRADE TO LATER VERSIONS.
+
+BN_mod_exp may produce incorrect results on x86_64 (CVE-2015-3193)
+==================================================================
+
+Severity: Moderate
+
+There is a carry propagating bug in the x86_64 Montgomery squaring procedure. No
+EC algorithms are affected. Analysis suggests that attacks against RSA and DSA
+as a result of this defect would be very difficult to perform and are not
+believed likely. Attacks against DH are considered just feasible (although very
+difficult) because most of the work necessary to deduce information
+about a private key may be performed offline. The amount of resources
+required for such an attack would be very significant and likely only
+accessible to a limited number of attackers. An attacker would
+additionally need online access to an unpatched system using the target
+private key in a scenario with persistent DH parameters and a private
+key that is shared between multiple clients. For example this can occur by
+default in OpenSSL DHE based SSL/TLS ciphersuites.
+
+This issue affects OpenSSL version 1.0.2.
+
+OpenSSL 1.0.2 users should upgrade to 1.0.2e
+
+This issue was reported to OpenSSL on August 13 2015 by Hanno
+Böck. The fix was developed by Andy Polyakov of the OpenSSL
+development team.
+
+Certificate verify crash with missing PSS parameter (CVE-2015-3194)
+===================================================================
+
+Severity: Moderate
+
+The signature verification routines will crash with a NULL pointer dereference
+if presented with an ASN.1 signature using the RSA PSS algorithm and absent
+mask generation function parameter. Since these routines are used to verify
+certificate signature algorithms this can be used to crash any certificate
+verification operation and exploited in a DoS attack. Any application which
+performs certificate verification is vulnerable including OpenSSL clients and
+servers which enable client authentication.
+
+This issue affects OpenSSL versions 1.0.2 and 1.0.1.
+
+OpenSSL 1.0.2 users should upgrade to 1.0.2e
+OpenSSL 1.0.1 users should upgrade to 1.0.1q
+
+This issue was reported to OpenSSL on August 27 2015 by Loïc Jonas Etienne
+(Qnective AG). The fix was developed by Dr. Stephen Henson of the OpenSSL
+development team.
+
+X509_ATTRIBUTE memory leak (CVE-2015-3195)
+==========================================
+
+Severity: Moderate
+
+When presented with a malformed X509_ATTRIBUTE structure OpenSSL will leak
+memory. This structure is used by the PKCS#7 and CMS routines so any
+application which reads PKCS#7 or CMS data from untrusted sources is affected.
+SSL/TLS is not affected.
+
+This issue affects OpenSSL versions 1.0.2 and 1.0.1, 1.0.0 and 0.9.8.
+
+OpenSSL 1.0.2 users should upgrade to 1.0.2e
+OpenSSL 1.0.1 users should upgrade to 1.0.1q
+OpenSSL 1.0.0 users should upgrade to 1.0.0t
+OpenSSL 0.9.8 users should upgrade to 0.9.8zh
+
+This issue was reported to OpenSSL on November 9 2015 by Adam Langley
+(Google/BoringSSL) using libFuzzer. The fix was developed by Dr. Stephen
+Henson of the OpenSSL development team.
+
+Race condition handling PSK identify hint (CVE-2015-3196)
+=========================================================
+
+Severity: Low
+
+If PSK identity hints are received by a multi-threaded client then
+the values are wrongly updated in the parent SSL_CTX structure. This can
+result in a race condition potentially leading to a double free of the
+identify hint data.
+
+This issue was fixed in OpenSSL 1.0.2d and 1.0.1p but has not been previously
+listed in an OpenSSL security advisory. This issue also affects OpenSSL 1.0.0
+and has not been previously fixed in an OpenSSL 1.0.0 release.
+
+OpenSSL 1.0.2 users should upgrade to 1.0.2d
+OpenSSL 1.0.1 users should upgrade to 1.0.1p
+OpenSSL 1.0.0 users should upgrade to 1.0.0t
+
+The fix for this issue can be identified in the OpenSSL git repository by commit
+ids 3c66a669dfc7 (1.0.2), d6be3124f228 (1.0.1) and 1392c238657e (1.0.0).
+
+The fix was developed by Dr. Stephen Henson of the OpenSSL development team.
+
+Note
+====
+
+As per our previous announcements and our Release Strategy
+(https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions
+1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these
+versions will be provided after that date. In the absence of significant
+security issues being identified prior to that date, the 1.0.0t and 0.9.8zh
+releases will be the last for those versions. Users of these versions are
+advised to upgrade.
+
+
+References
+==========
+
+URL for this Security Advisory:
+https://www.openssl.org/news/secadv/20151203.txt
+
+Note: the online version of the advisory may be updated with additional
+details over time.
+
+For details of OpenSSL severity classifications please see:
+https://www.openssl.org/about/secpolicy.html
+
diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml
index 8dbb358..b2629d7 100644
--- a/news/vulnerabilities.xml
+++ b/news/vulnerabilities.xml
@@ -5,7 +5,219 @@
1.0.0 on 20100329
-->
-<security updated="20150709">
+<security updated="20151203">
+ <issue public="20151203">
+ <cve name="2015-3193"/>
+ <affects base="1.0.2" version="1.0.2"/>
+ <affects base="1.0.2" version="1.0.2a"/>
+ <affects base="1.0.2" version="1.0.2b"/>
+ <affects base="1.0.2" version="1.0.2c"/>
+ <affects base="1.0.2" version="1.0.2d"/>
+ <fixed base="1.0.2" version="1.0.2e" date="20151203"/>
+
+ <description>
+ There is a carry propagating bug in the x86_64 Montgomery squaring procedure. No
+ EC algorithms are affected. Analysis suggests that attacks against RSA and DSA
+ as a result of this defect would be very difficult to perform and are not
+ believed likely. Attacks against DH are considered just feasible (although very
+ difficult) because most of the work necessary to deduce information
+ about a private key may be performed offline. The amount of resources
+ required for such an attack would be very significant and likely only
+ accessible to a limited number of attackers. An attacker would
+ additionally need online access to an unpatched system using the target
+ private key in a scenario with persistent DH parameters and a private
+ key that is shared between multiple clients. For example this can occur by
+ default in OpenSSL DHE based SSL/TLS ciphersuites.
+ </description>
+ <advisory url="/news/secadv/20151203.txt"/>
+ <reported source="Hanno Böck"/>
+ </issue>
+ <issue public="20151203">
+ <cve name="2015-3194"/>
+ <affects base="1.0.1" version="1.0.1"/>
+ <affects base="1.0.1" version="1.0.1a"/>
+ <affects base="1.0.1" version="1.0.1b"/>
+ <affects base="1.0.1" version="1.0.1c"/>
+ <affects base="1.0.1" version="1.0.1d"/>
+ <affects base="1.0.1" version="1.0.1e"/>
+ <affects base="1.0.1" version="1.0.1f"/>
+ <affects base="1.0.1" version="1.0.1g"/>
+ <affects base="1.0.1" version="1.0.1h"/>
+ <affects base="1.0.1" version="1.0.1i"/>
+ <affects base="1.0.1" version="1.0.1j"/>
+ <affects base="1.0.1" version="1.0.1k"/>
+ <affects base="1.0.1" version="1.0.1l"/>
+ <affects base="1.0.1" version="1.0.1m"/>
+ <affects base="1.0.1" version="1.0.1n"/>
+ <affects base="1.0.1" version="1.0.1o"/>
+ <affects base="1.0.1" version="1.0.1p"/>
+ <affects base="1.0.2" version="1.0.2"/>
+ <affects base="1.0.2" version="1.0.2a"/>
+ <affects base="1.0.2" version="1.0.2b"/>
+ <affects base="1.0.2" version="1.0.2c"/>
+ <affects base="1.0.2" version="1.0.2d"/>
+ <fixed base="1.0.2" version="1.0.2e" date="20151203"/>
+ <fixed base="1.0.1" version="1.0.1q" date="20151203"/>
+
+ <description>
+ The signature verification routines will crash with a NULL pointer dereference
+ if presented with an ASN.1 signature using the RSA PSS algorithm and absent
+ mask generation function parameter. Since these routines are used to verify
+ certificate signature algorithms this can be used to crash any certificate
+ verification operation and exploited in a DoS attack. Any application which
+ performs certificate verification is vulnerable including OpenSSL clients and
+ servers which enable client authentication.
+ </description>
+ <advisory url="/news/secadv/20151203.txt"/>
+ <reported source="Loïc Jonas Etienne (Qnective AG)"/>
+ </issue>
+ <issue public="20151203">
+ <cve name="2015-3195"/>
+ <affects base="0.9.8" version="0.9.8"/>
+ <affects base="0.9.8" version="0.9.8a"/>
+ <affects base="0.9.8" version="0.9.8b"/>
+ <affects base="0.9.8" version="0.9.8c"/>
+ <affects base="0.9.8" version="0.9.8d"/>
+ <affects base="0.9.8" version="0.9.8e"/>
+ <affects base="0.9.8" version="0.9.8f"/>
+ <affects base="0.9.8" version="0.9.8g"/>
+ <affects base="0.9.8" version="0.9.8h"/>
+ <affects base="0.9.8" version="0.9.8i"/>
+ <affects base="0.9.8" version="0.9.8j"/>
+ <affects base="0.9.8" version="0.9.8k"/>
+ <affects base="0.9.8" version="0.9.8l"/>
+ <affects base="0.9.8" version="0.9.8m"/>
+ <affects base="0.9.8" version="0.9.8n"/>
+ <affects base="0.9.8" version="0.9.8o"/>
+ <affects base="0.9.8" version="0.9.8p"/>
+ <affects base="0.9.8" version="0.9.8q"/>
+ <affects base="0.9.8" version="0.9.8r"/>
+ <affects base="0.9.8" version="0.9.8s"/>
+ <affects base="0.9.8" version="0.9.8t"/>
+ <affects base="0.9.8" version="0.9.8u"/>
+ <affects base="0.9.8" version="0.9.8v"/>
+ <affects base="0.9.8" version="0.9.8w"/>
+ <affects base="0.9.8" version="0.9.8x"/>
+ <affects base="0.9.8" version="0.9.8y"/>
+ <affects base="0.9.8" version="0.9.8za"/>
+ <affects base="0.9.8" version="0.9.8zb"/>
+ <affects base="0.9.8" version="0.9.8zc"/>
+ <affects base="0.9.8" version="0.9.8zd"/>
+ <affects base="0.9.8" version="0.9.8ze"/>
+ <affects base="0.9.8" version="0.9.8zf"/>
+ <affects base="0.9.8" version="0.9.8zg"/>
+ <affects base="1.0.0" version="1.0.0"/>
+ <affects base="1.0.0" version="1.0.0a"/>
+ <affects base="1.0.0" version="1.0.0b"/>
+ <affects base="1.0.0" version="1.0.0c"/>
+ <affects base="1.0.0" version="1.0.0d"/>
+ <affects base="1.0.0" version="1.0.0e"/>
+ <affects base="1.0.0" version="1.0.0f"/>
+ <affects base="1.0.0" version="1.0.0g"/>
+ <affects base="1.0.0" version="1.0.0h"/>
+ <affects base="1.0.0" version="1.0.0i"/>
+ <affects base="1.0.0" version="1.0.0j"/>
+ <affects base="1.0.0" version="1.0.0k"/>
+ <affects base="1.0.0" version="1.0.0l"/>
+ <affects base="1.0.0" version="1.0.0m"/>
+ <affects base="1.0.0" version="1.0.0n"/>
+ <affects base="1.0.0" version="1.0.0o"/>
+ <affects base="1.0.0" version="1.0.0p"/>
+ <affects base="1.0.0" version="1.0.0q"/>
+ <affects base="1.0.0" version="1.0.0r"/>
+ <affects base="1.0.0" version="1.0.0s"/>
+ <affects base="1.0.1" version="1.0.1"/>
+ <affects base="1.0.1" version="1.0.1a"/>
+ <affects base="1.0.1" version="1.0.1b"/>
+ <affects base="1.0.1" version="1.0.1c"/>
+ <affects base="1.0.1" version="1.0.1d"/>
+ <affects base="1.0.1" version="1.0.1e"/>
+ <affects base="1.0.1" version="1.0.1f"/>
+ <affects base="1.0.1" version="1.0.1g"/>
+ <affects base="1.0.1" version="1.0.1h"/>
+ <affects base="1.0.1" version="1.0.1i"/>
+ <affects base="1.0.1" version="1.0.1j"/>
+ <affects base="1.0.1" version="1.0.1k"/>
+ <affects base="1.0.1" version="1.0.1l"/>
+ <affects base="1.0.1" version="1.0.1m"/>
+ <affects base="1.0.1" version="1.0.1n"/>
+ <affects base="1.0.1" version="1.0.1o"/>
+ <affects base="1.0.1" version="1.0.1p"/>
+ <affects base="1.0.2" version="1.0.2"/>
+ <affects base="1.0.2" version="1.0.2a"/>
+ <affects base="1.0.2" version="1.0.2b"/>
+ <affects base="1.0.2" version="1.0.2c"/>
+ <affects base="1.0.2" version="1.0.2d"/>
+ <fixed base="1.0.2" version="1.0.2e" date="20151203"/>
+ <fixed base="1.0.1" version="1.0.1q" date="20151203"/>
+ <fixed base="1.0.0" version="1.0.0t" date="20151203"/>
+ <fixed base="0.9.8" version="0.9.8zh" date="20151203"/>
+
+ <description>
+ When presented with a malformed X509_ATTRIBUTE structure OpenSSL will leak
+ memory. This structure is used by the PKCS#7 and CMS routines so any
+ application which reads PKCS#7 or CMS data from untrusted sources is affected.
+ SSL/TLS is not affected.
+ </description>
+ <advisory url="/news/secadv/20151203.txt"/>
+ <reported source="Adam Langley (Google/BoringSSL) using libFuzzer"/>
+ </issue>
+ <issue public="20151203">
+ <cve name="2015-3196"/>
+ <affects base="1.0.0" version="1.0.0"/>
+ <affects base="1.0.0" version="1.0.0a"/>
+ <affects base="1.0.0" version="1.0.0b"/>
+ <affects base="1.0.0" version="1.0.0c"/>
+ <affects base="1.0.0" version="1.0.0d"/>
+ <affects base="1.0.0" version="1.0.0e"/>
+ <affects base="1.0.0" version="1.0.0f"/>
+ <affects base="1.0.0" version="1.0.0g"/>
+ <affects base="1.0.0" version="1.0.0h"/>
+ <affects base="1.0.0" version="1.0.0i"/>
+ <affects base="1.0.0" version="1.0.0j"/>
+ <affects base="1.0.0" version="1.0.0k"/>
+ <affects base="1.0.0" version="1.0.0l"/>
+ <affects base="1.0.0" version="1.0.0m"/>
+ <affects base="1.0.0" version="1.0.0n"/>
+ <affects base="1.0.0" version="1.0.0o"/>
+ <affects base="1.0.0" version="1.0.0p"/>
+ <affects base="1.0.0" version="1.0.0q"/>
+ <affects base="1.0.0" version="1.0.0r"/>
+ <affects base="1.0.0" version="1.0.0s"/>
+ <affects base="1.0.1" version="1.0.1"/>
+ <affects base="1.0.1" version="1.0.1a"/>
+ <affects base="1.0.1" version="1.0.1b"/>
+ <affects base="1.0.1" version="1.0.1c"/>
+ <affects base="1.0.1" version="1.0.1d"/>
+ <affects base="1.0.1" version="1.0.1e"/>
+ <affects base="1.0.1" version="1.0.1f"/>
+ <affects base="1.0.1" version="1.0.1g"/>
+ <affects base="1.0.1" version="1.0.1h"/>
+ <affects base="1.0.1" version="1.0.1i"/>
+ <affects base="1.0.1" version="1.0.1j"/>
+ <affects base="1.0.1" version="1.0.1k"/>
+ <affects base="1.0.1" version="1.0.1l"/>
+ <affects base="1.0.1" version="1.0.1m"/>
+ <affects base="1.0.1" version="1.0.1n"/>
+ <affects base="1.0.1" version="1.0.1o"/>
+ <affects base="1.0.2" version="1.0.2"/>
+ <affects base="1.0.2" version="1.0.2a"/>
+ <affects base="1.0.2" version="1.0.2b"/>
+ <affects base="1.0.2" version="1.0.2c"/>
+ <fixed base="1.0.2" version="1.0.2d" date="20150709"/>
+ <fixed base="1.0.1" version="1.0.1p" date="20150709"/>
+ <fixed base="1.0.0" version="1.0.0t" date="20151203"/>
+
+ <description>
+ If PSK identity hints are received by a multi-threaded client then
+ the values are wrongly updated in the parent SSL_CTX structure. This can
+ result in a race condition potentially leading to a double free of the
+ identify hint data.
+ </description>
+ <advisory url="/news/secadv/20151203.txt"/>
+ <reported source="Stephen Henson (OpenSSL)"/>
+ </issue>
+
<issue public="20150709">
<cve name="2015-1793"/>
<affects base="1.0.1" version="1.0.1n"/>
More information about the openssl-commits
mailing list