RHSA-2015:0716: Moderate: openssl security and bug fix update
First published: Mon Mar 23 2015(Updated: )
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)<br>and Transport Layer Security (TLS v1) protocols, as well as a<br>full-strength, general purpose cryptography library.<br>An invalid pointer use flaw was found in OpenSSL's ASN1_TYPE_cmp()<br>function. A remote attacker could crash a TLS/SSL client or server using<br>OpenSSL via a specially crafted X.509 certificate when the<br>attacker-supplied certificate was verified by the application.<br>(CVE-2015-0286)<br>An integer underflow flaw, leading to a buffer overflow, was found in the<br>way OpenSSL decoded malformed Base64-encoded inputs. An attacker able to<br>make an application using OpenSSL decode a specially crafted Base64-encoded<br>input (such as a PEM file) could use this flaw to cause the application to<br>crash. Note: this flaw is not exploitable via the TLS/SSL protocol because<br>the data being transferred is not Base64-encoded. (CVE-2015-0292)<br>A denial of service flaw was found in the way OpenSSL handled SSLv2<br>handshake messages. A remote attacker could use this flaw to cause a<br>TLS/SSL server using OpenSSL to exit on a failed assertion if it had both<br>the SSLv2 protocol and EXPORT-grade cipher suites enabled. (CVE-2015-0293)<br>A use-after-free flaw was found in the way OpenSSL imported malformed<br>Elliptic Curve private keys. A specially crafted key file could cause an<br>application using OpenSSL to crash when imported. (CVE-2015-0209)<br>An out-of-bounds write flaw was found in the way OpenSSL reused certain<br>ASN.1 structures. A remote attacker could possibly use a specially crafted<br>ASN.1 structure that, when parsed by an application, would cause that<br>application to crash. (CVE-2015-0287)<br>A NULL pointer dereference flaw was found in OpenSSL's X.509 certificate<br>handling implementation. A specially crafted X.509 certificate could cause<br>an application using OpenSSL to crash if the application attempted to<br>convert the certificate to a certificate request. (CVE-2015-0288)<br>A NULL pointer dereference was found in the way OpenSSL handled certain<br>PKCS#7 inputs. An attacker able to make an application using OpenSSL<br>verify, decrypt, or parse a specially crafted PKCS#7 input could cause that<br>application to crash. TLS/SSL clients and servers using OpenSSL were not<br>affected by this flaw. (CVE-2015-0289)<br>Red Hat would like to thank the OpenSSL project for reporting<br>CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0292,<br>and CVE-2015-0293. Upstream acknowledges Stephen Henson of the OpenSSL<br>development team as the original reporter of CVE-2015-0286, Emilia Käsper<br>of the OpenSSL development team as the original reporter of CVE-2015-0287,<br>Brian Carpenter as the original reporter of CVE-2015-0288, Michal Zalewski<br>of Google as the original reporter of CVE-2015-0289, Robert Dugal and David<br>Ramos as the original reporters of CVE-2015-0292, and Sean Burford of<br>Google and Emilia Käsper of the OpenSSL development team as the original<br>reporters of CVE-2015-0293.<br>This update also fixes the following bug:<br><li> When a wrapped Advanced Encryption Standard (AES) key did not require any</li> padding, it was incorrectly padded with 8 bytes, which could lead to data<br>corruption and interoperability problems. With this update, the rounding<br>algorithm in the RFC 5649 key wrapping implementation has been fixed. As a<br>result, the wrapped key conforms to the specification, which prevents the<br>described problems. (BZ#1197667)<br>All openssl users are advised to upgrade to these updated packages, which<br>contain backported patches to correct these issues. For the update to take<br>effect, all services linked to the OpenSSL library must be restarted, or<br>the system rebooted.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/openssl | <1.0.1e-42.el7_1.4 | 1.0.1e-42.el7_1.4 |
| redhat/openssl | <1.0.1e-42.el7_1.4 | 1.0.1e-42.el7_1.4 |
| redhat/openssl-debuginfo | <1.0.1e-42.el7_1.4 | 1.0.1e-42.el7_1.4 |
| redhat/openssl-debuginfo | <1.0.1e-42.el7_1.4 | 1.0.1e-42.el7_1.4 |
| redhat/openssl-devel | <1.0.1e-42.el7_1.4 | 1.0.1e-42.el7_1.4 |
| redhat/openssl-devel | <1.0.1e-42.el7_1.4 | 1.0.1e-42.el7_1.4 |
| redhat/openssl-libs | <1.0.1e-42.el7_1.4 | 1.0.1e-42.el7_1.4 |
| redhat/openssl-libs | <1.0.1e-42.el7_1.4 | 1.0.1e-42.el7_1.4 |
| redhat/openssl-perl | <1.0.1e-42.el7_1.4 | 1.0.1e-42.el7_1.4 |
| redhat/openssl-static | <1.0.1e-42.el7_1.4 | 1.0.1e-42.el7_1.4 |
| redhat/openssl-static | <1.0.1e-42.el7_1.4 | 1.0.1e-42.el7_1.4 |
| redhat/openssl-perl | <1.0.1e-42.el7_1.4 | 1.0.1e-42.el7_1.4 |
| redhat/openssl | <1.0.1e-42.ael7b | 1.0.1e-42.ael7b |
| redhat/openssl-debuginfo | <1.0.1e-42.ael7b | 1.0.1e-42.ael7b |
| redhat/openssl-devel | <1.0.1e-42.ael7b | 1.0.1e-42.ael7b |
| redhat/openssl-libs | <1.0.1e-42.ael7b | 1.0.1e-42.ael7b |
| redhat/openssl-perl | <1.0.1e-42.ael7b | 1.0.1e-42.ael7b |
| redhat/openssl-static | <1.0.1e-42.ael7b | 1.0.1e-42.ael7b |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=1196737
- https://bugzilla.redhat.com/show_bug.cgi?id=1202366
- https://bugzilla.redhat.com/show_bug.cgi?id=1202380
- https://bugzilla.redhat.com/show_bug.cgi?id=1202384
- https://bugzilla.redhat.com/show_bug.cgi?id=1202395
- https://bugzilla.redhat.com/show_bug.cgi?id=1202404
- https://bugzilla.redhat.com/show_bug.cgi?id=1202418
- https://access.redhat.com/security/updates/classification/#moderate
- https://access.redhat.com/errata/RHSA-2015:0716 (Advisory)
- collector/redhat-errata
- anchor-id/RHSA-2015:0716
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- agent/weakness
- package-manager/redhat