RHSA-2015:0752: Moderate: openssl security update

First published: Mon Mar 30 2015(Updated: )

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)<br>and Transport Layer Security (TLS v1) protocols, as well as a<br>full-strength, general purpose cryptography library.<br>An invalid pointer use flaw was found in OpenSSL's ASN1_TYPE_cmp()<br>function. A remote attacker could crash a TLS/SSL client or server using<br>OpenSSL via a specially crafted X.509 certificate when the<br>attacker-supplied certificate was verified by the application.<br>(CVE-2015-0286)<br>An integer underflow flaw, leading to a buffer overflow, was found in the<br>way OpenSSL decoded malformed Base64-encoded inputs. An attacker able to<br>make an application using OpenSSL decode a specially crafted Base64-encoded<br>input (such as a PEM file) could use this flaw to cause the application to<br>crash. Note: this flaw is not exploitable via the TLS/SSL protocol because<br>the data being transferred is not Base64-encoded. (CVE-2015-0292)<br>A denial of service flaw was found in the way OpenSSL handled SSLv2<br>handshake messages. A remote attacker could use this flaw to cause a<br>TLS/SSL server using OpenSSL to exit on a failed assertion if it had both<br>the SSLv2 protocol and EXPORT-grade cipher suites enabled. (CVE-2015-0293)<br>A use-after-free flaw was found in the way OpenSSL imported malformed<br>Elliptic Curve private keys. A specially crafted key file could cause an<br>application using OpenSSL to crash when imported. (CVE-2015-0209)<br>An out-of-bounds write flaw was found in the way OpenSSL reused certain<br>ASN.1 structures. A remote attacker could possibly use a specially crafted<br>ASN.1 structure that, when parsed by an application, would cause that<br>application to crash. (CVE-2015-0287)<br>A NULL pointer dereference flaw was found in OpenSSL's X.509 certificate<br>handling implementation. A specially crafted X.509 certificate could cause<br>an application using OpenSSL to crash if the application attempted to<br>convert the certificate to a certificate request. (CVE-2015-0288)<br>A NULL pointer dereference was found in the way OpenSSL handled certain<br>PKCS#7 inputs. An attacker able to make an application using OpenSSL<br>verify, decrypt, or parse a specially crafted PKCS#7 input could cause that<br>application to crash. TLS/SSL clients and servers using OpenSSL were not<br>affected by this flaw. (CVE-2015-0289)<br>Red Hat would like to thank the OpenSSL project for reporting<br>CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0292,<br>and CVE-2015-0293. Upstream acknowledges Stephen Henson of the OpenSSL<br>development team as the original reporter of CVE-2015-0286, Emilia Käsper<br>of the OpenSSL development team as the original reporter of CVE-2015-0287,<br>Brian Carpenter as the original reporter of CVE-2015-0288, Michal Zalewski<br>of Google as the original reporter of CVE-2015-0289, Robert Dugal and David<br>Ramos as the original reporters of CVE-2015-0292, and Sean Burford of<br>Google and Emilia Käsper of the OpenSSL development team as the original<br>reporters of CVE-2015-0293.<br>All openssl users are advised to upgrade to these updated packages, which<br>contain backported patches to correct these issues. For the update to take<br>effect, all services linked to the OpenSSL library must be restarted, or<br>the system rebooted.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/description
• agent/event
• agent/first-publish-date
• agent/last-modified-date
• agent/references
• agent/remedy
• agent/severity
• agent/softwarecombine
• agent/tags
• agent/title
• agent/type
• agent/weakness
• collector/redhat-errata
• anchor-id/RHSA-2015:0752
• package-manager/redhat