[openssl-commits] [web] master update

Matt Caswell matt at openssl.org
Thu Nov 2 15:02:31 UTC 2017


The branch master has been updated
       via  ca5d922f412dadca207e610fd35716ff6bff0279 (commit)
      from  87a92cb495c375dd68c94ab9fc8b93728acaa5d1 (commit)


- Log -----------------------------------------------------------------
commit ca5d922f412dadca207e610fd35716ff6bff0279
Author: Matt Caswell <matt at openssl.org>
Date:   Thu Nov 2 14:47:35 2017 +0000

    Updates for new release
    
    Reviewed-by: Andy Polyakov <appro at openssl.org>

-----------------------------------------------------------------------

Summary of changes:
 news/newsflash.txt       |  2 ++
 news/secadv/20171102.txt | 64 ++++++++++++++++++++++++++++++++++++++++++++++++
 news/vulnerabilities.xml | 53 ++++++++++++++++++++++++++++++++++++---
 3 files changed, 116 insertions(+), 3 deletions(-)
 create mode 100644 news/secadv/20171102.txt

diff --git a/news/newsflash.txt b/news/newsflash.txt
index ad793ab..29252cf 100644
--- a/news/newsflash.txt
+++ b/news/newsflash.txt
@@ -4,6 +4,8 @@
 # Format is two fields, colon-separated; the first line is the column
 # headings.  URL paths must all be absolute.
 Date: Item
+02-Nov-2017: OpenSSL 1.1.0g is now available, including bug and security fixes
+02-Nov-2017: OpenSSL 1.0.2m is now available, including bug and security fixes
 27-Oct-2017: <a href="/policies/trademark.html">Trademark policy created</a>
 28-Aug-2017: <a href="/news/secadv/20170828.txt">Security Advisory</a>: Buffer overread
 25-May-2017: OpenSSL 1.1.0f is now available, including various bug fixes (no security fixes)
diff --git a/news/secadv/20171102.txt b/news/secadv/20171102.txt
new file mode 100644
index 0000000..00323c5
--- /dev/null
+++ b/news/secadv/20171102.txt
@@ -0,0 +1,64 @@
+
+OpenSSL Security Advisory [02 Nov 2017]
+========================================
+
+bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)
+======================================================
+
+Severity: Moderate
+
+There is a carry propagating bug in the x86_64 Montgomery squaring procedure. No
+EC algorithms are affected. Analysis suggests that attacks against RSA and DSA
+as a result of this defect would be very difficult to perform and are not
+believed likely. Attacks against DH are considered just feasible (although very
+difficult) because most of the work necessary to deduce information
+about a private key may be performed offline. The amount of resources
+required for such an attack would be very significant and likely only
+accessible to a limited number of attackers. An attacker would
+additionally need online access to an unpatched system using the target
+private key in a scenario with persistent DH parameters and a private
+key that is shared between multiple clients.
+
+This only affects processors that support the BMI1, BMI2 and ADX extensions like
+Intel Broadwell (5th generation) and later or AMD Ryzen.
+
+Note: This issue is very similar to CVE-2017-3732 and CVE-2015-3193 but must be
+treated as a separate problem.
+
+OpenSSL 1.1.0 users should upgrade to 1.1.0g
+OpenSSL 1.0.2 users should upgrade to 1.0.2m
+
+This issue was reported to OpenSSL on 10th August 2017 by the OSS-Fuzz project.
+The fix was developed by Andy Polyakov of the OpenSSL development team.
+
+Malformed X.509 IPAddressFamily could cause OOB read (CVE-2017-3735)
+====================================================================
+
+Severity: Low
+
+This issue was previously announced in security advisory
+https://www.openssl.org/news/secadv/20170828.txt, but the fix has not previously
+been included in a release due to its low severity.
+
+OpenSSL 1.1.0 users should upgrade to 1.1.0g
+OpenSSL 1.0.2 users should upgrade to 1.0.2m
+
+
+Note
+====
+
+Support for version 1.0.1 ended on 31st December 2016. Support for versions
+0.9.8 and 1.0.0 ended on 31st December 2015. Those versions are no longer
+receiving security updates.
+
+References
+==========
+
+URL for this Security Advisory:
+https://www.openssl.org/news/secadv/20171102.txt
+
+Note: the online version of the advisory may be updated with additional details
+over time.
+
+For details of OpenSSL severity classifications please see:
+https://www.openssl.org/policies/secpolicy.html
diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml
index 940c152..5812fb7 100644
--- a/news/vulnerabilities.xml
+++ b/news/vulnerabilities.xml
@@ -7,7 +7,53 @@
 
 <!-- The updated attribute should be the same as the first public issue,
      unless an old entry was updated. -->
-<security updated="20170828">
+<security updated="20171102">
+  <issue public="20171102">
+    <impact severity="Moderate"/>
+    <cve name="2017-3736"/>
+    <affects base="1.1.0" version="1.1.0"/>
+    <affects base="1.1.0" version="1.1.0a"/>
+    <affects base="1.1.0" version="1.1.0b"/>
+    <affects base="1.1.0" version="1.1.0c"/>
+    <affects base="1.1.0" version="1.1.0d"/>
+    <affects base="1.1.0" version="1.1.0e"/>
+    <affects base="1.1.0" version="1.1.0f"/>
+    <affects base="1.0.2" version="1.0.2"/>
+    <affects base="1.0.2" version="1.0.2a"/>
+    <affects base="1.0.2" version="1.0.2b"/>
+    <affects base="1.0.2" version="1.0.2c"/>
+    <affects base="1.0.2" version="1.0.2d"/>
+    <affects base="1.0.2" version="1.0.2e"/>
+    <affects base="1.0.2" version="1.0.2f"/>
+    <affects base="1.0.2" version="1.0.2g"/>
+    <affects base="1.0.2" version="1.0.2h"/>
+    <affects base="1.0.2" version="1.0.2i"/>
+    <affects base="1.0.2" version="1.0.2j"/>
+    <affects base="1.0.2" version="1.0.2k"/>
+    <affects base="1.0.2" version="1.0.2l"/>
+    <fixed base="1.0.2" version="1.0.2m" date="20171102"/>
+    <fixed base="1.1.0" version="1.1.0g" date="20171102"/>
+    <problemtype>carry-propagating bug</problemtype>
+    <title>bn_sqrx8x_internal carry bug on x86_64</title>
+    <description>
+      There is a carry propagating bug in the x86_64 Montgomery squaring procedure. No
+      EC algorithms are affected. Analysis suggests that attacks against RSA and DSA
+      as a result of this defect would be very difficult to perform and are not
+      believed likely. Attacks against DH are considered just feasible (although very
+      difficult) because most of the work necessary to deduce information
+      about a private key may be performed offline. The amount of resources
+      required for such an attack would be very significant and likely only
+      accessible to a limited number of attackers. An attacker would
+      additionally need online access to an unpatched system using the target
+      private key in a scenario with persistent DH parameters and a private
+      key that is shared between multiple clients.
+
+      This only affects processors that support the BMI1, BMI2 and ADX extensions like
+      Intel Broadwell (5th generation) and later or AMD Ryzen.
+    </description>
+    <advisory url="/news/secadv/20171102.txt"/>
+    <reported source="Google OSS-Fuzz"/>
+  </issue>
   <issue public="20170828">
     <impact severity="Low"/>
     <cve name="2017-3735"/>
@@ -18,6 +64,7 @@
     <affects base="1.1.0" version="1.1.0d"/>
     <affects base="1.1.0" version="1.1.0e"/>
     <affects base="1.1.0" version="1.1.0f"/>
+    <affects base="1.0.2" version="1.0.2"/>
     <affects base="1.0.2" version="1.0.2a"/>
     <affects base="1.0.2" version="1.0.2b"/>
     <affects base="1.0.2" version="1.0.2c"/>
@@ -30,8 +77,8 @@
     <affects base="1.0.2" version="1.0.2j"/>
     <affects base="1.0.2" version="1.0.2k"/>
     <affects base="1.0.2" version="1.0.2l"/>
-    <fixed base="1.0.2" version="1.0.2m-dev" date="20170828"/>
-    <fixed base="1.1.0" version="1.1.0g-dev" date="20170828"/>
+    <fixed base="1.0.2" version="1.0.2m" date="20171102"/>
+    <fixed base="1.1.0" version="1.1.0g" date="20171102"/>
     <problemtype>out-of-bounds read</problemtype>
     <title>Possible Overread in parsing X.509 IPAdressFamily</title>
     <description>


More information about the openssl-commits mailing list