[web] master update

Matt Caswell matt at openssl.org
Tue Feb 26 14:39:52 UTC 2019


The branch master has been updated
       via  6f4edf054e16bec8cb590de4b77c523334ebfe28 (commit)
      from  604491061a61f0e554cdd38354df341f57ee9fc1 (commit)


- Log -----------------------------------------------------------------
commit 6f4edf054e16bec8cb590de4b77c523334ebfe28
Author: Matt Caswell <matt at openssl.org>
Date:   Tue Feb 26 14:31:17 2019 +0000

    Updates for new releases
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>

-----------------------------------------------------------------------

Summary of changes:
 news/newsflash.txt       |  2 ++
 news/secadv/20190226.txt | 48 ++++++++++++++++++++++++++++++++++++++++++++++++
 news/vulnerabilities.xml | 46 +++++++++++++++++++++++++++++++++++++++++++++-
 3 files changed, 95 insertions(+), 1 deletion(-)
 create mode 100644 news/secadv/20190226.txt

diff --git a/news/newsflash.txt b/news/newsflash.txt
index 5ded4d4..b458dc4 100644
--- a/news/newsflash.txt
+++ b/news/newsflash.txt
@@ -4,6 +4,8 @@
 # Format is two fields, colon-separated; the first line is the column
 # headings.  URL paths must all be absolute.
 Date: Item
+26-Feb-2019: OpenSSL 1.1.1b is now available, including bug fixes
+26-Feb-2019: OpenSSL 1.0.2r is now available, including bug and security fixes
 11-Feb-2019: <a href="/docs/OpenSSL300Design.html">3.0.0 Design (draft)</a> is now available
 11-Feb-2019: <a href="/docs/OpenSSLStrategicArchitecture.html">Strategic Architecture</a> for OpenSSL 3.0.0 and beyond is now available
 20-Nov-2018: OpenSSL 1.1.1a is now available, including bug and security fixes
diff --git a/news/secadv/20190226.txt b/news/secadv/20190226.txt
new file mode 100644
index 0000000..8a4a6dd
--- /dev/null
+++ b/news/secadv/20190226.txt
@@ -0,0 +1,48 @@
+OpenSSL Security Advisory [26 February 2019]
+============================================
+
+0-byte record padding oracle (CVE-2019-1559)
+============================================
+
+Severity: Moderate
+
+If an application encounters a fatal protocol error and then calls
+SSL_shutdown() twice (once to send a close_notify, and once to receive one) then
+OpenSSL can respond differently to the calling application if a 0 byte record is
+received with invalid padding compared to if a 0 byte record is received with an
+invalid MAC. If the application then behaves differently based on that in a way
+that is detectable to the remote peer, then this amounts to a padding oracle
+that could be used to decrypt data.
+
+In order for this to be exploitable "non-stitched" ciphersuites must be in use.
+Stitched ciphersuites are optimised implementations of certain commonly used
+ciphersuites. Also the application must call SSL_shutdown() twice even if a
+protocol error has occurred (applications should not do this but some do
+anyway).
+
+This issue does not impact OpenSSL 1.1.1 or 1.1.0.
+
+OpenSSL 1.0.2 users should upgrade to 1.0.2r.
+
+This issue was discovered by Juraj Somorovsky, Robert Merget and Nimrod Aviram,
+with additional investigation by Steven Collison and Andrew Hourselt. It was
+reported to OpenSSL on 10th December 2018.
+
+Note
+====
+
+OpenSSL 1.0.2 and 1.1.0 are currently only receiving security updates. Support
+for 1.0.2 will end on 31st December 2019. Support for 1.1.0 will end on 11th
+September 2019. Users of these versions should upgrade to OpenSSL 1.1.1.
+
+References
+==========
+
+URL for this Security Advisory:
+https://www.openssl.org/news/secadv/20190226.txt
+
+Note: the online version of the advisory may be updated with additional details
+over time.
+
+For details of OpenSSL severity classifications please see:
+https://www.openssl.org/policies/secpolicy.html
diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml
index d9b42bd..1732db5 100644
--- a/news/vulnerabilities.xml
+++ b/news/vulnerabilities.xml
@@ -7,7 +7,51 @@
 
 <!-- The updated attribute should be the same as the first public issue,
      unless an old entry was updated. -->
-<security updated="20181112">
+<security updated="20190226">
+  <issue public="20190226">
+    <impact severity="Moderate"/>
+    <cve name="2019-1559"/>
+    <affects base="1.0.2" version="1.0.2"/>
+    <affects base="1.0.2" version="1.0.2a"/>
+    <affects base="1.0.2" version="1.0.2b"/>
+    <affects base="1.0.2" version="1.0.2c"/>
+    <affects base="1.0.2" version="1.0.2d"/>
+    <affects base="1.0.2" version="1.0.2e"/>
+    <affects base="1.0.2" version="1.0.2f"/>
+    <affects base="1.0.2" version="1.0.2g"/>
+    <affects base="1.0.2" version="1.0.2h"/>
+    <affects base="1.0.2" version="1.0.2i"/>
+    <affects base="1.0.2" version="1.0.2j"/>
+    <affects base="1.0.2" version="1.0.2k"/>
+    <affects base="1.0.2" version="1.0.2l"/>
+    <affects base="1.0.2" version="1.0.2m"/>
+    <affects base="1.0.2" version="1.0.2n"/>
+    <affects base="1.0.2" version="1.0.2o"/>
+    <affects base="1.0.2" version="1.0.2p"/>
+    <affects base="1.0.2" version="1.0.2q"/>
+    <fixed base="1.0.2" version="1.0.2r" date="20190226">
+      <git hash="e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e"/>
+    </fixed>
+    <problemtype>Padding Oracle</problemtype>
+    <title>0-byte record padding oracle</title>
+    <description>
+      If an application encounters a fatal protocol error and then calls
+      SSL_shutdown() twice (once to send a close_notify, and once to receive one) then
+      OpenSSL can respond differently to the calling application if a 0 byte record is
+      received with invalid padding compared to if a 0 byte record is received with an
+      invalid MAC. If the application then behaves differently based on that in a way
+      that is detectable to the remote peer, then this amounts to a padding oracle
+      that could be used to decrypt data.
+
+      In order for this to be exploitable "non-stitched" ciphersuites must be in use.
+      Stitched ciphersuites are optimised implementations of certain commonly used
+      ciphersuites. Also the application must call SSL_shutdown() twice even if a
+      protocol error has occurred (applications should not do this but some do
+      anyway).
+    </description>
+    <advisory url="/news/secadv/20190226.txt"/>
+    <reported source="Juraj Somorovsky, Robert Merget and Nimrod Aviram, with additional investigation by Steven Collison and Andrew Hourselt"/>
+  </issue>
   <issue public="20181102">
     <impact severity="Low"/>
     <cve name="2018-5407"/>


More information about the openssl-commits mailing list