[openssl-commits] [web] master update
Matt Caswell
matt at openssl.org
Thu Nov 2 15:02:31 UTC 2017
The branch master has been updated
via ca5d922f412dadca207e610fd35716ff6bff0279 (commit)
from 87a92cb495c375dd68c94ab9fc8b93728acaa5d1 (commit)
- Log -----------------------------------------------------------------
commit ca5d922f412dadca207e610fd35716ff6bff0279
Author: Matt Caswell <matt at openssl.org>
Date: Thu Nov 2 14:47:35 2017 +0000
Updates for new release
Reviewed-by: Andy Polyakov <appro at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
news/newsflash.txt | 2 ++
news/secadv/20171102.txt | 64 ++++++++++++++++++++++++++++++++++++++++++++++++
news/vulnerabilities.xml | 53 ++++++++++++++++++++++++++++++++++++---
3 files changed, 116 insertions(+), 3 deletions(-)
create mode 100644 news/secadv/20171102.txt
diff --git a/news/newsflash.txt b/news/newsflash.txt
index ad793ab..29252cf 100644
--- a/news/newsflash.txt
+++ b/news/newsflash.txt
@@ -4,6 +4,8 @@
# Format is two fields, colon-separated; the first line is the column
# headings. URL paths must all be absolute.
Date: Item
+02-Nov-2017: OpenSSL 1.1.0g is now available, including bug and security fixes
+02-Nov-2017: OpenSSL 1.0.2m is now available, including bug and security fixes
27-Oct-2017: <a href="/policies/trademark.html">Trademark policy created</a>
28-Aug-2017: <a href="/news/secadv/20170828.txt">Security Advisory</a>: Buffer overread
25-May-2017: OpenSSL 1.1.0f is now available, including various bug fixes (no security fixes)
diff --git a/news/secadv/20171102.txt b/news/secadv/20171102.txt
new file mode 100644
index 0000000..00323c5
--- /dev/null
+++ b/news/secadv/20171102.txt
@@ -0,0 +1,64 @@
+
+OpenSSL Security Advisory [02 Nov 2017]
+========================================
+
+bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)
+======================================================
+
+Severity: Moderate
+
+There is a carry propagating bug in the x86_64 Montgomery squaring procedure. No
+EC algorithms are affected. Analysis suggests that attacks against RSA and DSA
+as a result of this defect would be very difficult to perform and are not
+believed likely. Attacks against DH are considered just feasible (although very
+difficult) because most of the work necessary to deduce information
+about a private key may be performed offline. The amount of resources
+required for such an attack would be very significant and likely only
+accessible to a limited number of attackers. An attacker would
+additionally need online access to an unpatched system using the target
+private key in a scenario with persistent DH parameters and a private
+key that is shared between multiple clients.
+
+This only affects processors that support the BMI1, BMI2 and ADX extensions like
+Intel Broadwell (5th generation) and later or AMD Ryzen.
+
+Note: This issue is very similar to CVE-2017-3732 and CVE-2015-3193 but must be
+treated as a separate problem.
+
+OpenSSL 1.1.0 users should upgrade to 1.1.0g
+OpenSSL 1.0.2 users should upgrade to 1.0.2m
+
+This issue was reported to OpenSSL on 10th August 2017 by the OSS-Fuzz project.
+The fix was developed by Andy Polyakov of the OpenSSL development team.
+
+Malformed X.509 IPAddressFamily could cause OOB read (CVE-2017-3735)
+====================================================================
+
+Severity: Low
+
+This issue was previously announced in security advisory
+https://www.openssl.org/news/secadv/20170828.txt, but the fix has not previously
+been included in a release due to its low severity.
+
+OpenSSL 1.1.0 users should upgrade to 1.1.0g
+OpenSSL 1.0.2 users should upgrade to 1.0.2m
+
+
+Note
+====
+
+Support for version 1.0.1 ended on 31st December 2016. Support for versions
+0.9.8 and 1.0.0 ended on 31st December 2015. Those versions are no longer
+receiving security updates.
+
+References
+==========
+
+URL for this Security Advisory:
+https://www.openssl.org/news/secadv/20171102.txt
+
+Note: the online version of the advisory may be updated with additional details
+over time.
+
+For details of OpenSSL severity classifications please see:
+https://www.openssl.org/policies/secpolicy.html
diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml
index 940c152..5812fb7 100644
--- a/news/vulnerabilities.xml
+++ b/news/vulnerabilities.xml
@@ -7,7 +7,53 @@
<!-- The updated attribute should be the same as the first public issue,
unless an old entry was updated. -->
-<security updated="20170828">
+<security updated="20171102">
+ <issue public="20171102">
+ <impact severity="Moderate"/>
+ <cve name="2017-3736"/>
+ <affects base="1.1.0" version="1.1.0"/>
+ <affects base="1.1.0" version="1.1.0a"/>
+ <affects base="1.1.0" version="1.1.0b"/>
+ <affects base="1.1.0" version="1.1.0c"/>
+ <affects base="1.1.0" version="1.1.0d"/>
+ <affects base="1.1.0" version="1.1.0e"/>
+ <affects base="1.1.0" version="1.1.0f"/>
+ <affects base="1.0.2" version="1.0.2"/>
+ <affects base="1.0.2" version="1.0.2a"/>
+ <affects base="1.0.2" version="1.0.2b"/>
+ <affects base="1.0.2" version="1.0.2c"/>
+ <affects base="1.0.2" version="1.0.2d"/>
+ <affects base="1.0.2" version="1.0.2e"/>
+ <affects base="1.0.2" version="1.0.2f"/>
+ <affects base="1.0.2" version="1.0.2g"/>
+ <affects base="1.0.2" version="1.0.2h"/>
+ <affects base="1.0.2" version="1.0.2i"/>
+ <affects base="1.0.2" version="1.0.2j"/>
+ <affects base="1.0.2" version="1.0.2k"/>
+ <affects base="1.0.2" version="1.0.2l"/>
+ <fixed base="1.0.2" version="1.0.2m" date="20171102"/>
+ <fixed base="1.1.0" version="1.1.0g" date="20171102"/>
+ <problemtype>carry-propagating bug</problemtype>
+ <title>bn_sqrx8x_internal carry bug on x86_64</title>
+ <description>
+ There is a carry propagating bug in the x86_64 Montgomery squaring procedure. No
+ EC algorithms are affected. Analysis suggests that attacks against RSA and DSA
+ as a result of this defect would be very difficult to perform and are not
+ believed likely. Attacks against DH are considered just feasible (although very
+ difficult) because most of the work necessary to deduce information
+ about a private key may be performed offline. The amount of resources
+ required for such an attack would be very significant and likely only
+ accessible to a limited number of attackers. An attacker would
+ additionally need online access to an unpatched system using the target
+ private key in a scenario with persistent DH parameters and a private
+ key that is shared between multiple clients.
+
+ This only affects processors that support the BMI1, BMI2 and ADX extensions like
+ Intel Broadwell (5th generation) and later or AMD Ryzen.
+ </description>
+ <advisory url="/news/secadv/20171102.txt"/>
+ <reported source="Google OSS-Fuzz"/>
+ </issue>
<issue public="20170828">
<impact severity="Low"/>
<cve name="2017-3735"/>
@@ -18,6 +64,7 @@
<affects base="1.1.0" version="1.1.0d"/>
<affects base="1.1.0" version="1.1.0e"/>
<affects base="1.1.0" version="1.1.0f"/>
+ <affects base="1.0.2" version="1.0.2"/>
<affects base="1.0.2" version="1.0.2a"/>
<affects base="1.0.2" version="1.0.2b"/>
<affects base="1.0.2" version="1.0.2c"/>
@@ -30,8 +77,8 @@
<affects base="1.0.2" version="1.0.2j"/>
<affects base="1.0.2" version="1.0.2k"/>
<affects base="1.0.2" version="1.0.2l"/>
- <fixed base="1.0.2" version="1.0.2m-dev" date="20170828"/>
- <fixed base="1.1.0" version="1.1.0g-dev" date="20170828"/>
+ <fixed base="1.0.2" version="1.0.2m" date="20171102"/>
+ <fixed base="1.1.0" version="1.1.0g" date="20171102"/>
<problemtype>out-of-bounds read</problemtype>
<title>Possible Overread in parsing X.509 IPAdressFamily</title>
<description>
More information about the openssl-commits
mailing list