[web] master update
Matt Caswell
matt at openssl.org
Tue Feb 26 14:39:52 UTC 2019
The branch master has been updated
via 6f4edf054e16bec8cb590de4b77c523334ebfe28 (commit)
from 604491061a61f0e554cdd38354df341f57ee9fc1 (commit)
- Log -----------------------------------------------------------------
commit 6f4edf054e16bec8cb590de4b77c523334ebfe28
Author: Matt Caswell <matt at openssl.org>
Date: Tue Feb 26 14:31:17 2019 +0000
Updates for new releases
Reviewed-by: Richard Levitte <levitte at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
news/newsflash.txt | 2 ++
news/secadv/20190226.txt | 48 ++++++++++++++++++++++++++++++++++++++++++++++++
news/vulnerabilities.xml | 46 +++++++++++++++++++++++++++++++++++++++++++++-
3 files changed, 95 insertions(+), 1 deletion(-)
create mode 100644 news/secadv/20190226.txt
diff --git a/news/newsflash.txt b/news/newsflash.txt
index 5ded4d4..b458dc4 100644
--- a/news/newsflash.txt
+++ b/news/newsflash.txt
@@ -4,6 +4,8 @@
# Format is two fields, colon-separated; the first line is the column
# headings. URL paths must all be absolute.
Date: Item
+26-Feb-2019: OpenSSL 1.1.1b is now available, including bug fixes
+26-Feb-2019: OpenSSL 1.0.2r is now available, including bug and security fixes
11-Feb-2019: <a href="/docs/OpenSSL300Design.html">3.0.0 Design (draft)</a> is now available
11-Feb-2019: <a href="/docs/OpenSSLStrategicArchitecture.html">Strategic Architecture</a> for OpenSSL 3.0.0 and beyond is now available
20-Nov-2018: OpenSSL 1.1.1a is now available, including bug and security fixes
diff --git a/news/secadv/20190226.txt b/news/secadv/20190226.txt
new file mode 100644
index 0000000..8a4a6dd
--- /dev/null
+++ b/news/secadv/20190226.txt
@@ -0,0 +1,48 @@
+OpenSSL Security Advisory [26 February 2019]
+============================================
+
+0-byte record padding oracle (CVE-2019-1559)
+============================================
+
+Severity: Moderate
+
+If an application encounters a fatal protocol error and then calls
+SSL_shutdown() twice (once to send a close_notify, and once to receive one) then
+OpenSSL can respond differently to the calling application if a 0 byte record is
+received with invalid padding compared to if a 0 byte record is received with an
+invalid MAC. If the application then behaves differently based on that in a way
+that is detectable to the remote peer, then this amounts to a padding oracle
+that could be used to decrypt data.
+
+In order for this to be exploitable "non-stitched" ciphersuites must be in use.
+Stitched ciphersuites are optimised implementations of certain commonly used
+ciphersuites. Also the application must call SSL_shutdown() twice even if a
+protocol error has occurred (applications should not do this but some do
+anyway).
+
+This issue does not impact OpenSSL 1.1.1 or 1.1.0.
+
+OpenSSL 1.0.2 users should upgrade to 1.0.2r.
+
+This issue was discovered by Juraj Somorovsky, Robert Merget and Nimrod Aviram,
+with additional investigation by Steven Collison and Andrew Hourselt. It was
+reported to OpenSSL on 10th December 2018.
+
+Note
+====
+
+OpenSSL 1.0.2 and 1.1.0 are currently only receiving security updates. Support
+for 1.0.2 will end on 31st December 2019. Support for 1.1.0 will end on 11th
+September 2019. Users of these versions should upgrade to OpenSSL 1.1.1.
+
+References
+==========
+
+URL for this Security Advisory:
+https://www.openssl.org/news/secadv/20190226.txt
+
+Note: the online version of the advisory may be updated with additional details
+over time.
+
+For details of OpenSSL severity classifications please see:
+https://www.openssl.org/policies/secpolicy.html
diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml
index d9b42bd..1732db5 100644
--- a/news/vulnerabilities.xml
+++ b/news/vulnerabilities.xml
@@ -7,7 +7,51 @@
<!-- The updated attribute should be the same as the first public issue,
unless an old entry was updated. -->
-<security updated="20181112">
+<security updated="20190226">
+ <issue public="20190226">
+ <impact severity="Moderate"/>
+ <cve name="2019-1559"/>
+ <affects base="1.0.2" version="1.0.2"/>
+ <affects base="1.0.2" version="1.0.2a"/>
+ <affects base="1.0.2" version="1.0.2b"/>
+ <affects base="1.0.2" version="1.0.2c"/>
+ <affects base="1.0.2" version="1.0.2d"/>
+ <affects base="1.0.2" version="1.0.2e"/>
+ <affects base="1.0.2" version="1.0.2f"/>
+ <affects base="1.0.2" version="1.0.2g"/>
+ <affects base="1.0.2" version="1.0.2h"/>
+ <affects base="1.0.2" version="1.0.2i"/>
+ <affects base="1.0.2" version="1.0.2j"/>
+ <affects base="1.0.2" version="1.0.2k"/>
+ <affects base="1.0.2" version="1.0.2l"/>
+ <affects base="1.0.2" version="1.0.2m"/>
+ <affects base="1.0.2" version="1.0.2n"/>
+ <affects base="1.0.2" version="1.0.2o"/>
+ <affects base="1.0.2" version="1.0.2p"/>
+ <affects base="1.0.2" version="1.0.2q"/>
+ <fixed base="1.0.2" version="1.0.2r" date="20190226">
+ <git hash="e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e"/>
+ </fixed>
+ <problemtype>Padding Oracle</problemtype>
+ <title>0-byte record padding oracle</title>
+ <description>
+ If an application encounters a fatal protocol error and then calls
+ SSL_shutdown() twice (once to send a close_notify, and once to receive one) then
+ OpenSSL can respond differently to the calling application if a 0 byte record is
+ received with invalid padding compared to if a 0 byte record is received with an
+ invalid MAC. If the application then behaves differently based on that in a way
+ that is detectable to the remote peer, then this amounts to a padding oracle
+ that could be used to decrypt data.
+
+ In order for this to be exploitable "non-stitched" ciphersuites must be in use.
+ Stitched ciphersuites are optimised implementations of certain commonly used
+ ciphersuites. Also the application must call SSL_shutdown() twice even if a
+ protocol error has occurred (applications should not do this but some do
+ anyway).
+ </description>
+ <advisory url="/news/secadv/20190226.txt"/>
+ <reported source="Juraj Somorovsky, Robert Merget and Nimrod Aviram, with additional investigation by Steven Collison and Andrew Hourselt"/>
+ </issue>
<issue public="20181102">
<impact severity="Low"/>
<cve name="2018-5407"/>
More information about the openssl-commits
mailing list