[openssl-dev] Which patch to address CVE-2015-1788 in 0.9.8zg, 1.0.0s?
Matt Caswell
matt at openssl.org
Wed Jun 24 16:14:53 UTC 2015
On 24/06/15 16:56, Albert Chin wrote:
> What patchset was used to address CVE-2015-1788 in 1.0.0s and 0.9.8zg?
> In the 1.0.1 branch, it's very clear:
> commit f61bbf8da532038ed0eae16a9a11771f3da22d30
> Author: Andy Polyakov <appro at openssl.org>
> Date: Thu Jun 11 00:18:01 2015 +0200
>
> bn/bn_gf2m.c: avoid infinite loop wich malformed ECParamters.
>
> CVE-2015-1788
>
> Reviewed-by: Matt Caswell <matt at openssl.org>
> (cherry picked from commit
>
> The CHANGES file in 1.0.0s and 0.9.8zg states:
> *) Malformed ECParameters causes infinite loop
>
> When processing an ECParameters structure OpenSSL enters an infinite loop
> if the curve specified is over a specially malformed binary polynomial
> field.
>
> This can be used to perform denial of service against any
> system which processes public keys, certificate requests or
> certificates. This includes TLS clients and TLS servers with
> client authentication enabled.
>
> This issue was reported to OpenSSL by Joseph Barr-Pixton.
> (CVE-2015-1788)
> [Andy Polyakov]
>
That's an error. It should not be in the CHANGES file because no change
was made in the latest release. From the security advisory:
"This issue affects OpenSSL versions: 1.0.2 and 1.0.1. Recent
1.0.0 and 0.9.8 versions are not affected. 1.0.0d and 0.9.8r and below are
affected.
OpenSSL 1.0.2 users should upgrade to 1.0.2b
OpenSSL 1.0.1 users should upgrade to 1.0.1n
OpenSSL 1.0.0d (and below) users should upgrade to 1.0.0s
OpenSSL 0.9.8r (and below) users should upgrade to 0.9.8zg"
Matt
More information about the openssl-dev
mailing list