[web] master update

Matt Caswell matt at openssl.org
Fri Dec 6 16:40:15 UTC 2019 

The branch master has been updated
       via  420fb543c12b2a4a18aae85315f8eaefefcd1c33 (commit)
       via  af80178dcbad3919595cbbf7b7c1837c6ef68d67 (commit)
      from  4139e6e2815280bdd6fe1618a793918c1c7156f2 (commit)


- Log -----------------------------------------------------------------
commit 420fb543c12b2a4a18aae85315f8eaefefcd1c33
Author: Matt Caswell <matt at openssl.org>
Date:   Fri Dec 6 14:33:26 2019 +0000

    Update newsflash for security advisory
    
    Reviewed-by: Mark J. Cox <mark at awe.com>
    (Merged from https://github.com/openssl/web/pull/144)

commit af80178dcbad3919595cbbf7b7c1837c6ef68d67
Author: Matt Caswell <matt at openssl.org>
Date:   Fri Dec 6 14:26:44 2019 +0000

    Add security advisory for CVE-2019-1551
    
    Reviewed-by: Mark J. Cox <mark at awe.com>
    (Merged from https://github.com/openssl/web/pull/144)

-----------------------------------------------------------------------

Summary of changes:
 news/newsflash.txt       |  1 +
 news/secadv/20191206.txt | 49 +++++++++++++++++++++++++++++++++++++++++++++
 news/vulnerabilities.xml | 52 +++++++++++++++++++++++++++++++++++++++++++++++-
 3 files changed, 101 insertions(+), 1 deletion(-)
 create mode 100644 news/secadv/20191206.txt

diff --git a/news/newsflash.txt b/news/newsflash.txt
index 896266b..0b6d94f 100644
--- a/news/newsflash.txt
+++ b/news/newsflash.txt
@@ -4,6 +4,7 @@
 # Format is two fields, colon-separated; the first line is the column
 # headings.  URL paths must all be absolute.
 Date: Item
+06-Dec-2019: <a href="/news/secadv/20191206.txt">Security Advisory</a>: one low severity fix
 07-Nov-2019: New Blog post: <a href="https://www.openssl.org/blog/blog/2019/11/07/3.0-update/">Update on 3.0 Development, FIPS and 1.0.2 EOL</a>
 10-Sep-2019: <a href="/news/secadv/20190910.txt">Security Advisory</a>: three low severity fixes
 10-Sep-2019: OpenSSL 1.1.1d is now available, including bug and security fixes
diff --git a/news/secadv/20191206.txt b/news/secadv/20191206.txt
new file mode 100644
index 0000000..3141f78
--- /dev/null
+++ b/news/secadv/20191206.txt
@@ -0,0 +1,49 @@
+OpenSSL Security Advisory [6 December 2019]
+===========================================
+
+rsaz_512_sqr overflow bug on x86_64 (CVE-2019-1551)
+===================================================
+
+Severity: Low
+
+There is an overflow bug in the x64_64 Montgomery squaring procedure used in
+exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis
+suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a
+result of this defect would be very difficult to perform and are not believed
+likely. Attacks against DH512 are considered just feasible. However, for an
+attack the target would have to re-use the DH512 private key, which is not
+recommended anyway. Also applications directly using the low level API
+BN_mod_exp may be affected if they use BN_FLG_CONSTTIME.
+
+OpenSSL versions 1.1.1 and 1.0.2 are affected by this issue. However due to the
+low severity of this issue we are not creating new releases at this time. The
+1.1.1 mitigation for this issue can be found in commit 419102400. The 1.0.2
+mitigation for this issue can be found in commit f1c5eea8a.
+
+This issue was found by OSS-Fuzz and Guido Vranken and reported to OpenSSL on
+12th September 2019. The fix was developed by Andy Polyakov with additional
+analysis by Bernd Edlinger.
+
+Note
+=====
+
+OpenSSL 1.0.2 is currently only receiving security updates. Support for 1.0.2
+will end on 31st December 2019. Extended support is available for premium
+support customers: https://www.openssl.org/support/contracts.html
+
+OpenSSL 1.1.0 is out of support and no longer receiving updates. It is unknown
+whether issues in this advisory affect it.
+
+Users of these versions should upgrade to OpenSSL 1.1.1.
+
+References
+==========
+
+URL for this Security Advisory:
+https://www.openssl.org/news/secadv/20191206.txt
+
+Note: the online version of the advisory may be updated with additional details
+over time.
+
+For details of OpenSSL severity classifications please see:
+https://www.openssl.org/policies/secpolicy.html
diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml
index c3532a5..7409a4d 100644
--- a/news/vulnerabilities.xml
+++ b/news/vulnerabilities.xml
@@ -7,7 +7,57 @@
 
 <!-- The updated attribute should be the same as the first public issue,
      unless an old entry was updated. -->
-<security updated="20190910">
+<security updated="20191206">
+  <issue public="20191206">
+    <impact severity="Low"/>
+    <cve name="2019-1551"/>
+    <affects base="1.1.1" version="1.1.1"/>
+    <affects base="1.1.1" version="1.1.1a"/>
+    <affects base="1.1.1" version="1.1.1b"/>
+    <affects base="1.1.1" version="1.1.1c"/>
+    <affects base="1.1.1" version="1.1.1d"/>
+    <affects base="1.0.2" version="1.0.2"/>
+    <affects base="1.0.2" version="1.0.2a"/>
+    <affects base="1.0.2" version="1.0.2b"/>
+    <affects base="1.0.2" version="1.0.2c"/>
+    <affects base="1.0.2" version="1.0.2d"/>
+    <affects base="1.0.2" version="1.0.2e"/>
+    <affects base="1.0.2" version="1.0.2f"/>
+    <affects base="1.0.2" version="1.0.2g"/>
+    <affects base="1.0.2" version="1.0.2h"/>
+    <affects base="1.0.2" version="1.0.2i"/>
+    <affects base="1.0.2" version="1.0.2j"/>
+    <affects base="1.0.2" version="1.0.2k"/>
+    <affects base="1.0.2" version="1.0.2l"/>
+    <affects base="1.0.2" version="1.0.2m"/>
+    <affects base="1.0.2" version="1.0.2n"/>
+    <affects base="1.0.2" version="1.0.2o"/>
+    <affects base="1.0.2" version="1.0.2p"/>
+    <affects base="1.0.2" version="1.0.2q"/>
+    <affects base="1.0.2" version="1.0.2r"/>
+    <affects base="1.0.2" version="1.0.2s"/>
+    <affects base="1.0.2" version="1.0.2t"/>
+    <fixed base="1.1.1" version="1.1.1e-dev" date="20191206">
+      <git hash="419102400a2811582a7a3d4a4e317d72e5ce0a8f"/>
+    </fixed>
+    <fixed base="1.0.2" version="1.0.2u-dev" date="20191206">
+      <git hash="f1c5eea8a817075d31e43f5876993c6710238c98"/>
+    </fixed>
+    <problemtype>Integer overflow bug</problemtype>
+    <title>rsaz_512_sqr overflow bug on x86_64</title>
+    <description>
+      There is an overflow bug in the x64_64 Montgomery squaring procedure used in
+      exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis
+      suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a
+      result of this defect would be very difficult to perform and are not believed
+      likely. Attacks against DH512 are considered just feasible. However, for an
+      attack the target would have to re-use the DH512 private key, which is not
+      recommended anyway. Also applications directly using the low level API
+      BN_mod_exp may be affected if they use BN_FLG_CONSTTIME.
+    </description>
+    <advisory url="/news/secadv/20191206.txt"/>
+    <reported source="OSS-Fuzz and Guido Vranken"/>
+  </issue>
   <issue public="20190910">
     <impact severity="Low"/>
     <cve name="2019-1547"/>

More information about the openssl-commits mailing list