[web] master update

Matt Caswell matt at openssl.org
Thu Mar 25 13:49:07 UTC 2021


The branch master has been updated
       via  dd5f38e589cf996a273ab78b9ef741e7d78f2eb7 (commit)
      from  15064d72540a2d5405d749acd74caeb8683ae886 (commit)


- Log -----------------------------------------------------------------
commit dd5f38e589cf996a273ab78b9ef741e7d78f2eb7
Author: Matt Caswell <matt at openssl.org>
Date:   Thu Mar 25 10:53:37 2021 +0000

    Updates for the 1.1.1k release
    
    Reviewed-by: Tim Hudson <tjh at openssl.org>

-----------------------------------------------------------------------

Summary of changes:
 news/newsflash.txt       |  1 +
 news/secadv/20210325.txt | 90 ++++++++++++++++++++++++++++++++++++++++++++++++
 news/vulnerabilities.xml | 86 ++++++++++++++++++++++++++++++++++++++++++++-
 3 files changed, 176 insertions(+), 1 deletion(-)
 create mode 100644 news/secadv/20210325.txt

diff --git a/news/newsflash.txt b/news/newsflash.txt
index 1bbcaf2..648a68a 100644
--- a/news/newsflash.txt
+++ b/news/newsflash.txt
@@ -5,6 +5,7 @@
 # headings.  URL paths must all be absolute.
 Date: Item
 
+25-Mar-2021: OpenSSL 1.1.1k is now available, including bug and security fixes
 11-Mar-2021: Alpha 13 of OpenSSL 3.0 is now available: please download and test it
 18-Feb-2021: Alpha 12 of OpenSSL 3.0 is now available: please download and test it
 16-Feb-2021: OpenSSL 1.1.1j is now available, including bug and security fixes
diff --git a/news/secadv/20210325.txt b/news/secadv/20210325.txt
new file mode 100644
index 0000000..2ffb50c
--- /dev/null
+++ b/news/secadv/20210325.txt
@@ -0,0 +1,90 @@
+OpenSSL Security Advisory [25 March 2021]
+=========================================
+
+CA certificate check bypass with X509_V_FLAG_X509_STRICT (CVE-2021-3450)
+========================================================================
+
+Severity: High
+
+The X509_V_FLAG_X509_STRICT flag enables additional security checks of the
+certificates present in a certificate chain. It is not set by default.
+
+Starting from OpenSSL version 1.1.1h a check to disallow certificates in
+the chain that have explicitly encoded elliptic curve parameters was added
+as an additional strict check.
+
+An error in the implementation of this check meant that the result of a
+previous check to confirm that certificates in the chain are valid CA
+certificates was overwritten. This effectively bypasses the check
+that non-CA certificates must not be able to issue other certificates.
+
+If a "purpose" has been configured then there is a subsequent opportunity
+for checks that the certificate is a valid CA.  All of the named "purpose"
+values implemented in libcrypto perform this check.  Therefore, where
+a purpose is set the certificate chain will still be rejected even when the
+strict flag has been used. A purpose is set by default in libssl client and
+server certificate verification routines, but it can be overridden or
+removed by an application.
+
+In order to be affected, an application must explicitly set the
+X509_V_FLAG_X509_STRICT verification flag and either not set a purpose
+for the certificate verification or, in the case of TLS client or server
+applications, override the default purpose.
+
+OpenSSL versions 1.1.1h and newer are affected by this issue. Users of these
+versions should upgrade to OpenSSL 1.1.1k.
+
+OpenSSL 1.0.2 is not impacted by this issue.
+
+This issue was reported to OpenSSL on 18th March 2021 by Benjamin Kaduk
+from Akamai and was discovered by Xiang Ding and others at Akamai. The fix was
+developed by Tomáš Mráz.
+
+
+NULL pointer deref in signature_algorithms processing (CVE-2021-3449)
+=====================================================================
+
+Severity: High
+
+An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation
+ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits
+the signature_algorithms extension (where it was present in the initial
+ClientHello), but includes a signature_algorithms_cert extension then a NULL
+pointer dereference will result, leading to a crash and a denial of service
+attack.
+
+A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which
+is the default configuration). OpenSSL TLS clients are not impacted by this
+issue.
+
+All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions
+should upgrade to OpenSSL 1.1.1k.
+
+OpenSSL 1.0.2 is not impacted by this issue.
+
+This issue was reported to OpenSSL on 17th March 2021 by Nokia. The fix was
+developed by Peter Kästle and Samuel Sapalski from Nokia.
+
+Note
+====
+
+OpenSSL 1.0.2 is out of support and no longer receiving public updates. Extended
+support is available for premium support customers:
+https://www.openssl.org/support/contracts.html
+
+OpenSSL 1.1.0 is out of support and no longer receiving updates of any kind.
+The impact of these issues on OpenSSL 1.1.0 has not been analysed.
+
+Users of these versions should upgrade to OpenSSL 1.1.1.
+
+References
+==========
+
+URL for this Security Advisory:
+https://www.openssl.org/news/secadv/20210325.txt
+
+Note: the online version of the advisory may be updated with additional details
+over time.
+
+For details of OpenSSL severity classifications please see:
+https://www.openssl.org/policies/secpolicy.html
diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml
index 255c8e2..c1b47e2 100644
--- a/news/vulnerabilities.xml
+++ b/news/vulnerabilities.xml
@@ -7,7 +7,91 @@
 
 <!-- The updated attribute should be the same as the first public issue,
      unless an old entry was updated. -->
-<security updated="20210216">
+<security updated="20210325">
+  <issue public="20210325">
+    <impact severity="High"/>
+    <cve name="2021-3450"/>
+    <affects base="1.1.1" version="1.1.1h"/>
+    <affects base="1.1.1" version="1.1.1i"/>
+    <affects base="1.1.1" version="1.1.1j"/>
+    <fixed base="1.1.1" version="1.1.1k" date="20210325">
+      <git hash="2a40b7bc7b94dd7de897a74571e7024f0cf0d63b"/>
+    </fixed>
+    <problemtype>Invalid Certificate Verification</problemtype>
+    <title>CA certificate check bypass with X509_V_FLAG_X509_STRICT</title>
+    <description>
+The X509_V_FLAG_X509_STRICT flag enables additional security checks of the
+certificates present in a certificate chain. It is not set by default.
+
+Starting from OpenSSL version 1.1.1h a check to disallow certificates in
+the chain that have explicitly encoded elliptic curve parameters was added
+as an additional strict check.
+
+An error in the implementation of this check meant that the result of a
+previous check to confirm that certificates in the chain are valid CA
+certificates was overwritten. This effectively bypasses the check
+that non-CA certificates must not be able to issue other certificates.
+
+If a "purpose" has been configured then there is a subsequent opportunity
+for checks that the certificate is a valid CA.  All of the named "purpose"
+values implemented in libcrypto perform this check.  Therefore, where
+a purpose is set the certificate chain will still be rejected even when the
+strict flag has been used. A purpose is set by default in libssl client and
+server certificate verification routines, but it can be overridden or
+removed by an application.
+
+In order to be affected, an application must explicitly set the
+X509_V_FLAG_X509_STRICT verification flag and either not set a purpose
+for the certificate verification or, in the case of TLS client or server
+applications, override the default purpose.
+
+OpenSSL versions 1.1.1h and newer are affected by this issue. Users of these
+versions should upgrade to OpenSSL 1.1.1k.
+
+OpenSSL 1.0.2 is not impacted by this issue.
+    </description>
+    <advisory url="/news/secadv/20210325.txt"/>
+    <reported source="Benjamin Kaduk (Akamai), Xiang Ding (Akamai), others at Akamai"/>
+  </issue>
+  <issue public="20210325">
+    <impact severity="High"/>
+    <cve name="2021-3449"/>
+    <affects base="1.1.1" version="1.1.1"/>
+    <affects base="1.1.1" version="1.1.1a"/>
+    <affects base="1.1.1" version="1.1.1b"/>
+    <affects base="1.1.1" version="1.1.1c"/>
+    <affects base="1.1.1" version="1.1.1d"/>
+    <affects base="1.1.1" version="1.1.1e"/>
+    <affects base="1.1.1" version="1.1.1f"/>
+    <affects base="1.1.1" version="1.1.1g"/>
+    <affects base="1.1.1" version="1.1.1h"/>
+    <affects base="1.1.1" version="1.1.1i"/>
+    <affects base="1.1.1" version="1.1.1j"/>
+    <fixed base="1.1.1" version="1.1.1k" date="20210325">
+      <git hash="fb9fa6b51defd48157eeb207f52181f735d96148"/>
+    </fixed>
+    <problemtype>NULL pointer dereference</problemtype>
+    <title>NULL pointer deref in signature_algorithms processing</title>
+    <description>
+An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation
+ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits
+the signature_algorithms extension (where it was present in the initial
+ClientHello), but includes a signature_algorithms_cert extension then a NULL
+pointer dereference will result, leading to a crash and a denial of service
+attack.
+
+A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which
+is the default configuration). OpenSSL TLS clients are not impacted by this
+issue.
+
+All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions
+should upgrade to OpenSSL 1.1.1k.
+
+OpenSSL 1.0.2 is not impacted by this issue.
+    </description>
+    <advisory url="/news/secadv/20210325.txt"/>
+    <reported source="Peter Kästle (Nokia) and Samuel Sapalski (Nokia)"/>
+  </issue>
   <issue public="20210216">
     <impact severity="Moderate"/>
     <cve name="2021-23841"/>


More information about the openssl-commits mailing list