[web] master update

Mark J. Cox mark at openssl.org
Wed Sep 9 12:31:31 UTC 2020 

The branch master has been updated
       via  4a2dac4738e42fc30f7f38d9292a9391f715757e (commit)
      from  9b73985f37ba01f63b9aeb5c25560d2f6409dba4 (commit)


- Log -----------------------------------------------------------------
commit 4a2dac4738e42fc30f7f38d9292a9391f715757e
Author: Mark J. Cox <mark at awe.com>
Date:   Wed Sep 9 12:59:40 2020 +0100

    Add Racoon advisory, vulnerability db entry, and newsflash pointing to the advisory

-----------------------------------------------------------------------

Summary of changes:
 news/newsflash.txt       |  1 +
 news/secadv/20200909.txt | 76 ++++++++++++++++++++++++++++++++++++++++++++++++
 news/vulnerabilities.xml | 47 +++++++++++++++++++++++++++++-
 3 files changed, 123 insertions(+), 1 deletion(-)
 create mode 100644 news/secadv/20200909.txt

diff --git a/news/newsflash.txt b/news/newsflash.txt
index edc8cc8..c1820fa 100644
--- a/news/newsflash.txt
+++ b/news/newsflash.txt
@@ -5,6 +5,7 @@
 # headings.  URL paths must all be absolute.
 Date: Item
 
+09-Sep-2020: <a href="/news/secadv/20200909.txt">Security Advisory</a>: Raccoon attack</a>
 05-Sep-2020: New Blog post: <a href="/blog/blog/2020/09/05/OpenSSL.ProjectAdminRole/">OpenSSL Is Looking for a Full Time Administrator and Manager</a>
 06-Aug-2020: Alpha 6 of OpenSSL 3.0 is now available: please download and test it
 16-Jul-2020: Alpha 5 of OpenSSL 3.0 is now available: please download and test it
diff --git a/news/secadv/20200909.txt b/news/secadv/20200909.txt
new file mode 100644
index 0000000..bbe32dd
--- /dev/null
+++ b/news/secadv/20200909.txt
@@ -0,0 +1,76 @@
+OpenSSL Security Advisory [09 September 2020]
+=============================================
+
+Raccoon Attack (CVE-2020-1968)
+==============================
+
+Severity: Low
+
+The Raccoon attack exploits a flaw in the TLS specification which can lead to
+an attacker being able to compute the pre-master secret in connections which
+have used a Diffie-Hellman (DH) based ciphersuite. In such a case this would
+result in the attacker being able to eavesdrop on all encrypted communications
+sent over that TLS connection. The attack can only be exploited if an
+implementation re-uses a DH secret across multiple TLS connections. Note that
+this issue only impacts DH ciphersuites and not ECDH ciphersuites.
+
+OpenSSL 1.1.1 is not vulnerable to this issue: it never reuses a DH secret and
+does not implement any "static" DH ciphersuites.
+
+OpenSSL 1.0.2f and above will only reuse a DH secret if a "static" DH
+ciphersuite is used. These static "DH" ciphersuites are ones that start with the
+text "DH-" (for example "DH-RSA-AES256-SHA"). The standard IANA names for these
+ciphersuites all start with "TLS_DH_" but excludes those that start with
+"TLS_DH_anon_".
+
+OpenSSL 1.0.2e and below would reuse the DH secret across multiple TLS
+connections in server processes unless the SSL_OP_SINGLE_DH_USE option was
+explicitly configured. Therefore all ciphersuites that use DH in servers
+(including ephemeral DH) are vulnerable in these versions. In OpenSSL 1.0.2f
+SSL_OP_SINGLE_DH_USE was made the default and it could not be turned off as a
+response to CVE-2016-0701.
+
+Since the vulnerability lies in the TLS specification, fixing the affected
+ciphersuites is not viable. For this reason 1.0.2w moves the affected
+ciphersuites into the "weak-ssl-ciphers" list. Support for the
+"weak-ssl-ciphers" is not compiled in by default. This is unlikely to cause
+interoperability problems in most cases since use of these ciphersuites is rare.
+Support for the "weak-ssl-ciphers" can be added back by configuring OpenSSL at
+compile time with the "enable-weak-ssl-ciphers" option. This is not recommended.
+
+OpenSSL 1.0.2 is out of support and no longer receiving public updates.
+
+Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2w.  If
+upgrading is not viable then users of OpenSSL 1.0.2v or below should ensure
+that affected ciphersuites are disabled through runtime configuration. Also
+note that the affected ciphersuites are only available on the server side if a
+DH certificate has been configured. These certificates are very rarely used and
+for this reason this issue has been classified as LOW severity.
+
+This issue was found by Robert Merget, Marcus Brinkmann, Nimrod Aviram and Juraj
+Somorovsky and reported to OpenSSL on 28th May 2020 under embargo in order to
+allow co-ordinated disclosure with other implementations.
+
+Note
+====
+
+OpenSSL 1.0.2 is out of support and no longer receiving public updates. Extended
+support is available for premium support customers:
+https://www.openssl.org/support/contracts.html
+
+OpenSSL 1.1.0 is out of support and no longer receiving updates of any kind.
+The impact of this issue on OpenSSL 1.1.0 has not been analysed.
+
+Users of these versions should upgrade to OpenSSL 1.1.1.
+
+References
+==========
+
+URL for this Security Advisory:
+https://www.openssl.org/news/secadv/20200909.txt
+
+Note: the online version of the advisory may be updated with additional details
+over time.
+
+For details of OpenSSL severity classifications please see:
+https://www.openssl.org/policies/secpolicy.html
diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml
index 697c3c9..9b7dcb6 100644
--- a/news/vulnerabilities.xml
+++ b/news/vulnerabilities.xml
@@ -7,7 +7,52 @@
 
 <!-- The updated attribute should be the same as the first public issue,
      unless an old entry was updated. -->
-<security updated="20200421">
+<security updated="20200909">
+  <issue public="20200909">
+    <impact severity="Low"/>
+    <cve name="2020-1968"/>
+    <affects base="1.0.2" version="1.0.2"/>
+    <affects base="1.0.2" version="1.0.2a"/>
+    <affects base="1.0.2" version="1.0.2b"/>
+    <affects base="1.0.2" version="1.0.2c"/>
+    <affects base="1.0.2" version="1.0.2d"/>
+    <affects base="1.0.2" version="1.0.2e"/>
+    <affects base="1.0.2" version="1.0.2f"/>
+    <affects base="1.0.2" version="1.0.2g"/>
+    <affects base="1.0.2" version="1.0.2h"/>
+    <affects base="1.0.2" version="1.0.2i"/>
+    <affects base="1.0.2" version="1.0.2j"/>
+    <affects base="1.0.2" version="1.0.2k"/>
+    <affects base="1.0.2" version="1.0.2l"/>
+    <affects base="1.0.2" version="1.0.2m"/>
+    <affects base="1.0.2" version="1.0.2n"/>
+    <affects base="1.0.2" version="1.0.2o"/>
+    <affects base="1.0.2" version="1.0.2p"/>
+    <affects base="1.0.2" version="1.0.2q"/>
+    <affects base="1.0.2" version="1.0.2r"/>
+    <affects base="1.0.2" version="1.0.2s"/>
+    <affects base="1.0.2" version="1.0.2t"/>
+    <affects base="1.0.2" version="1.0.2u"/>
+    <affects base="1.0.2" version="1.0.2v"/>    
+    <fixed base="1.0.2" version="1.0.2w" date="20200909"></fixed>
+    <problemtype>Protocol flaw</problemtype>
+    <title>Raccoon attack</title>
+    <description>
+The Raccoon attack exploits a flaw in the TLS specification which can lead to
+an attacker being able to compute the pre-master secret in connections which
+have used a Diffie-Hellman (DH) based ciphersuite. In such a case this would
+result in the attacker being able to eavesdrop on all encrypted communications
+sent over that TLS connection. The attack can only be exploited if an
+implementation re-uses a DH secret across multiple TLS connections. Note that
+this issue only impacts DH ciphersuites and not ECDH ciphersuites.
+
+This issue affects OpenSSL 1.0.2 which is out of support and no longer
+receiving public updates.  OpenSSL 1.1.1 is not vulnerable to this
+issue.
+    </description>
+    <advisory url="/news/secadv/20200909.txt"/>
+    <reported source="Robert Merget, Marcus Brinkmann, Nimrod Aviram, and Juraj Somorovsky"/>
+  </issue>
   <issue public="20200421">
     <impact severity="High"/>
     <cve name="2020-1967"/>

More information about the openssl-commits mailing list