[openssl-commits] [web] master update
Matt Caswell
matt at openssl.org
Tue Mar 27 14:06:51 UTC 2018
The branch master has been updated
via b142b6fc2b1787bac79b0823c7a1cc37c301c68c (commit)
via 8af698d4de2c19b45f702d03560c8045fc1bbec5 (commit)
from ba28d8470fba25cac99a94b7b9fa27bddbd1622a (commit)
- Log -----------------------------------------------------------------
commit b142b6fc2b1787bac79b0823c7a1cc37c301c68c
Author: Matt Caswell <matt at openssl.org>
Date: Tue Mar 27 14:25:09 2018 +0100
Publish security advisory
commit 8af698d4de2c19b45f702d03560c8045fc1bbec5
Author: Matt Caswell <matt at openssl.org>
Date: Tue Mar 27 14:10:47 2018 +0100
Update news for new release
-----------------------------------------------------------------------
Summary of changes:
news/newsflash.txt | 2 ++
news/secadv/20180327.txt | 82 ++++++++++++++++++++++++++++++++++++++++++++++++
news/vulnerabilities.xml | 73 ++++++++++++++++++++++++++++++++++++++++--
3 files changed, 155 insertions(+), 2 deletions(-)
create mode 100644 news/secadv/20180327.txt
diff --git a/news/newsflash.txt b/news/newsflash.txt
index 572c8db..f7fd9a1 100644
--- a/news/newsflash.txt
+++ b/news/newsflash.txt
@@ -4,6 +4,8 @@
# Format is two fields, colon-separated; the first line is the column
# headings. URL paths must all be absolute.
Date: Item
+27-Mar-2018: OpenSSL 1.1.0h is now available, including bug and security fixes
+27-Mar-2018: OpenSSL 1.0.2o is now available, including bug and security fixes
20-Mar-2018: OpenSSL 1.1.0h, 1.0.2o <a href="https://mta.openssl.org/pipermail/openssl-announce/2018-March/000116.html">security release due on 27th March 2018</a>
20-Mar-2018: Beta 1 of OpenSSL 1.1.1 is now available: please download and test it
01-Mar-2018: New Blog post: <a href="https://www.openssl.org/blog/blog/2018/03/01/last-license/">Seeking Last Group of Contributors</a>
diff --git a/news/secadv/20180327.txt b/news/secadv/20180327.txt
new file mode 100644
index 0000000..bddf0a6
--- /dev/null
+++ b/news/secadv/20180327.txt
@@ -0,0 +1,82 @@
+
+OpenSSL Security Advisory [27 Mar 2018]
+========================================
+
+Constructed ASN.1 types with a recursive definition could exceed the stack (CVE-2018-0739)
+==========================================================================================
+
+Severity: Moderate
+
+Constructed ASN.1 types with a recursive definition (such as can be found in
+PKCS7) could eventually exceed the stack given malicious input with
+excessive recursion. This could result in a Denial Of Service attack. There are
+no such structures used within SSL/TLS that come from untrusted sources so this
+is considered safe.
+
+OpenSSL 1.1.0 users should upgrade to 1.1.0h
+OpenSSL 1.0.2 users should upgrade to 1.0.2o
+
+This issue was reported to OpenSSL on 4th January 2018 by the OSS-fuzz project.
+The fix was developed by Matt Caswell of the OpenSSL development team.
+
+Incorrect CRYPTO_memcmp on HP-UX PA-RISC (CVE-2018-0733)
+========================================================
+
+Severity: Moderate
+
+Because of an implementation bug the PA-RISC CRYPTO_memcmp function is
+effectively reduced to only comparing the least significant bit of each byte.
+This allows an attacker to forge messages that would be considered as
+authenticated in an amount of tries lower than that guaranteed by the security
+claims of the scheme. The module can only be compiled by the HP-UX assembler, so
+that only HP-UX PA-RISC targets are affected.
+
+OpenSSL 1.1.0 users should upgrade to 1.1.0h
+
+This issue was reported to OpenSSL on 2nd March 2018 by Peter Waltenberg (IBM).
+The fix was developed by Andy Polyakov of the OpenSSL development team.
+
+rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738)
+=========================================================
+
+Severity: Low
+
+This issue has been reported in a previous OpenSSL security advisory and a fix
+was provided for OpenSSL 1.0.2. Due to the low severity no fix was released at
+that time for OpenSSL 1.1.0. The fix is now available in OpenSSL 1.1.0h.
+
+There is an overflow bug in the AVX2 Montgomery multiplication procedure
+used in exponentiation with 1024-bit moduli. No EC algorithms are affected.
+Analysis suggests that attacks against RSA and DSA as a result of this defect
+would be very difficult to perform and are not believed likely. Attacks
+against DH1024 are considered just feasible, because most of the work
+necessary to deduce information about a private key may be performed offline.
+The amount of resources required for such an attack would be significant.
+However, for an attack on TLS to be meaningful, the server would have to share
+the DH1024 private key among multiple clients, which is no longer an option
+since CVE-2016-0701.
+
+This only affects processors that support the AVX2 but not ADX extensions
+like Intel Haswell (4th generation).
+
+Note: The impact from this issue is similar to CVE-2017-3736, CVE-2017-3732
+and CVE-2015-3193.
+
+OpenSSL 1.1.0 users should upgrade to 1.1.0h
+OpenSSL 1.0.2 users should upgrade to 1.0.2n
+
+This issue was reported to OpenSSL on 22nd November 2017 by David Benjamin
+(Google). The issue was originally found via the OSS-Fuzz project. The fix was
+developed by Andy Polyakov of the OpenSSL development team.
+
+References
+==========
+
+URL for this Security Advisory:
+https://www.openssl.org/news/secadv/20180327.txt
+
+Note: the online version of the advisory may be updated with additional details
+over time.
+
+For details of OpenSSL severity classifications please see:
+https://www.openssl.org/policies/secpolicy.html
diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml
index 026afc0..b565e18 100644
--- a/news/vulnerabilities.xml
+++ b/news/vulnerabilities.xml
@@ -7,7 +7,76 @@
<!-- The updated attribute should be the same as the first public issue,
unless an old entry was updated. -->
-<security updated="20171102">
+<security updated="20180327">
+ <issue public="20180327">
+ <impact severity="Moderate"/>
+ <cve name="2018-0739"/>
+ <affects base="1.1.0" version="1.1.0"/>
+ <affects base="1.1.0" version="1.1.0a"/>
+ <affects base="1.1.0" version="1.1.0b"/>
+ <affects base="1.1.0" version="1.1.0c"/>
+ <affects base="1.1.0" version="1.1.0d"/>
+ <affects base="1.1.0" version="1.1.0e"/>
+ <affects base="1.1.0" version="1.1.0f"/>
+ <affects base="1.1.0" version="1.1.0g"/>
+ <affects base="1.0.2" version="1.0.2b"/>
+ <affects base="1.0.2" version="1.0.2c"/>
+ <affects base="1.0.2" version="1.0.2d"/>
+ <affects base="1.0.2" version="1.0.2e"/>
+ <affects base="1.0.2" version="1.0.2f"/>
+ <affects base="1.0.2" version="1.0.2g"/>
+ <affects base="1.0.2" version="1.0.2h"/>
+ <affects base="1.0.2" version="1.0.2i"/>
+ <affects base="1.0.2" version="1.0.2j"/>
+ <affects base="1.0.2" version="1.0.2k"/>
+ <affects base="1.0.2" version="1.0.2l"/>
+ <affects base="1.0.2" version="1.0.2m"/>
+ <affects base="1.0.2" version="1.0.2n"/>
+ <fixed base="1.1.0" version="1.1.0h" date="20180327">
+ <git hash="2ac4c6f7b2b2af20c0e2b0ba05367e454cd11b33"/>
+ </fixed>
+ <fixed base="1.0.2" version="1.0.2o" date="20180327">
+ <git hash="9310d45087ae546e27e61ddf8f6367f29848220d"/>
+ </fixed>
+ <problemtype>Stack overflow</problemtype>
+ <title>Constructed ASN.1 types with a recursive definition could exceed the stack</title>
+ <description>
+ Constructed ASN.1 types with a recursive definition (such as can be found
+ in PKCS7) could eventually exceed the stack given malicious input with
+ excessive recursion. This could result in a Denial Of Service attack.
+ There are no such structures used within SSL/TLS that come from untrusted
+ sources so this is considered safe.
+ </description>
+ <advisory url="/news/secadv/20180327.txt"/>
+ <reported source="OSS-fuzz"/>
+ </issue>
+ <issue public="20180327">
+ <impact severity="Moderate"/>
+ <cve name="2018-0733"/>
+ <affects base="1.1.0" version="1.1.0"/>
+ <affects base="1.1.0" version="1.1.0a"/>
+ <affects base="1.1.0" version="1.1.0b"/>
+ <affects base="1.1.0" version="1.1.0c"/>
+ <affects base="1.1.0" version="1.1.0d"/>
+ <affects base="1.1.0" version="1.1.0e"/>
+ <affects base="1.1.0" version="1.1.0f"/>
+ <affects base="1.1.0" version="1.1.0g"/>
+ <fixed base="1.1.0" version="1.1.0h" date="20180327">
+ <git hash="56d5a4bfcaf37fa420aef2bb881aa55e61cf5f2f"/>
+ </fixed>
+ <problemtype>Message forgery</problemtype>
+ <title>Incorrect CRYPTO_memcmp on HP-UX PA-RISC</title>
+ <description>
+ Because of an implementation bug the PA-RISC CRYPTO_memcmp function is
+ effectively reduced to only comparing the least significant bit of each
+ byte. This allows an attacker to forge messages that would be considered
+ as authenticated in an amount of tries lower than that guaranteed by the
+ security claims of the scheme. The module can only be compiled by the
+ HP-UX assembler, so that only HP-UX PA-RISC targets are affected.
+ </description>
+ <advisory url="/news/secadv/20180327.txt"/>
+ <reported source="Peter Waltenberg (IBM)"/>
+ </issue>
<issue public="20171207">
<impact severity="Moderate"/>
<cve name="2017-3737"/>
@@ -76,7 +145,7 @@
<fixed base="1.0.2" version="1.0.2n" date="20171207">
<git hash="ca51bafc1a88d8b8348f5fd97adc5d6ca93f8e76"/>
</fixed>
- <fixed base="1.1.0" version="1.1.0h-dev" date="20171207">
+ <fixed base="1.1.0" version="1.1.0h" date="20180327">
<git hash="e502cc86df9dafded1694fceb3228ee34d11c11a"/>
</fixed>
<problemtype>carry-propagating bug</problemtype>
More information about the openssl-commits
mailing list