Fwd: [arch-security] [ASA-201506-3] openssl: multiple issues

Florian Bruhin me at the-compiler.org
Fri Jun 12 15:50:12 CEST 2015


Hi,

please update your OpenSSL to get protected against LogJam (see
http://weakdh.org/ ).

(I experimented with blacklisting those ciphers in qutebrowser, but
the Qt API doesn't provide a way to get the DH bits used - so I
decided to just wait for OpenSSL to be updated instead of blacklisting
*all* DH keys).

Florian

----- Forwarded message from Levente Polyak <anthraxx at archlinux.org> -----

Arch Linux Security Advisory ASA-201506-3
=========================================

Severity: High
Date    : 2015-06-12
CVE-ID  : CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791
          CVE-2015-1792 CVE-2015-4000
Package : openssl
Type    : multiple issues
Remote  : Yes
Link    : https://wiki.archlinux.org/index.php/CVE

Summary
=======

The package openssl before version 1.0.2.b-1 is vulnerable to multiple
issues including but not limited to man-in-the-middle via cipher
downgrade, double free and denial of service.

Resolution
==========

Upgrade to 1.0.2.b-1.

# pacman -Syu "openssl>=1.0.2.b-1"

The problems have been fixed upstream in version 1.0.2.b.

Workaround
==========

None.

Description
===========

- CVE-2015-1788 (denial of service)

When processing an ECParameters structure OpenSSL enters an infinite
loop if the curve specified is over a specially malformed binary
polynomial field.
This can be used to perform denial of service against any system which
processes public keys, certificate requests or certificates.  This
includes TLS clients and TLS servers with client authentication enabled.

- CVE-2015-1789 (out-of-bounds read)

X509_cmp_time does not properly check the length of the ASN1_TIME string
and can read a few bytes out of bounds. In addition, X509_cmp_time
accepts an arbitrary number of fractional seconds in the time string.
An attacker can use this to craft malformed certificates and CRLs of
various sizes and potentially cause a segmentation fault, resulting in a
DoS on applications that verify certificates or CRLs. TLS clients that
verify CRLs are affected. TLS clients and servers with client
authentication enabled may be affected if they use custom verification
callbacks.

- CVE-2015-1790 (denial of service)

The PKCS#7 parsing code does not handle missing inner EncryptedContent
correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs
with missing content and trigger a NULL pointer dereference on parsing.
Applications that decrypt PKCS#7 data or otherwise parse PKCS#7
structures from untrusted sources are affected. OpenSSL clients and
servers are not affected.

- CVE-2015-1791 (double free)

If a NewSessionTicket is received by a multi-threaded client when
attempting to reuse a previous ticket then a race condition can occur
potentially leading to a double free of the ticket data.

- CVE-2015-1792 (denial of service)

When verifying a signedData message the CMS code can enter an infinite
loop if presented with an unknown hash function OID.
This can be used to perform denial of service against any system which
verifies signedData messages using the CMS code.

- CVE-2015-4000 (cipher downgrade)

A vulnerability in the TLS protocol allows a man-in-the-middle attacker
to downgrade vulnerable TLS connections using ephemeral Diffie-Hellman
key exchange to 512-bit export-grade cryptography. This vulnerability is
known as Logjam.
OpenSSL has added protection for TLS clients by rejecting handshakes
with DH parameters shorter than 768 bits. This limit will be increased
to 1024 bits in a future release.

Impact
======

A remote attacker is able to perform man-in-the-middle via cipher
downgrade, denial of service or possibly have other unspecified impact
via various vectors.

References
==========

https://www.openssl.org/news/secadv_20150611.txt
https://access.redhat.com/security/cve/CVE-2015-1788
https://access.redhat.com/security/cve/CVE-2015-1789
https://access.redhat.com/security/cve/CVE-2015-1790
https://access.redhat.com/security/cve/CVE-2015-1791
https://access.redhat.com/security/cve/CVE-2015-1792
https://access.redhat.com/security/cve/CVE-2015-4000




----- End forwarded message -----

-- 
http://www.the-compiler.org | me at the-compiler.org (Mail/XMPP)
   GPG: 916E B0C8 FD55 A072 | http://the-compiler.org/pubkey.asc
         I love long mails! | http://email.is-not-s.ms/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <https://listi.jpberlin.de/pipermail/qutebrowser/attachments/20150612/d899c4d5/attachment.sig>


More information about the qutebrowser mailing list