Описание
Security update for openssl-steam
This update for openssl-steam fixes the following issues:
- Merged changes from upstream openssl (Factory rev 137) into this fork for Steam.
Updated to openssl 1.0.2k:
- CVE-2016-7055: Montgomery multiplication may produce incorrect results (boo#1009528)
- CVE-2016-7056: ECSDA P-256 timing attack key recovery (boo#1019334)
- CVE-2017-3731: Truncated packet could crash via OOB read (boo#1022085)
- CVE-2017-3732: BN_mod_exp may produce incorrect results on x86_64 (boo#1022086)
Update to openssl-1.0.2j:
- CVE-2016-7052: Missing CRL sanity check (boo#1001148)
OpenSSL Security Advisory [22 Sep 2016] (boo#999665)
-
Severity: High
- CVE-2016-6304: OCSP Status Request extension unbounded memory growth (boo#999666)
-
Severity: Low
- CVE-2016-2177: Pointer arithmetic undefined behaviour (boo#982575)
- CVE-2016-2178: Constant time flag not preserved in DSA signing (boo#983249)
- CVE-2016-2179: DTLS buffered message DoS (boo#994844)
- CVE-2016-2180: OOB read in TS_OBJ_print_bio() (boo#990419)
- CVE-2016-2181: DTLS replay protection DoS (boo#994749)
- CVE-2016-2182: OOB write in BN_bn2dec() (boo#993819)
- CVE-2016-2183: Birthday attack against 64-bit block ciphers (SWEET32) (boo#995359)
- CVE-2016-6302: Malformed SHA512 ticket DoS (boo#995324)
- CVE-2016-6303: OOB write in MDC2_Update() (boo#995377)
- CVE-2016-6306: Certificate message OOB reads (boo#999668)
ALso fixed:
- fixed a crash in print_notice (boo#998190)
- fix X509_CERT_FILE path (boo#1022271) and rename
- resume reading from /dev/urandom when interrupted by a signal (boo#995075)
- fix problems with locking in FIPS mode (boo#992120)
- duplicates: boo#991877, boo#991193, boo#990392, boo#990428 and boo#990207
- drop openssl-fips_RSA_compute_d_with_lcm.patch (upstream) (boo#984323)
- don't check for /etc/system-fips (boo#982268)
Список пакетов
openSUSE Leap 42.3
Ссылки
- E-Mail link for openSUSE-SU-2018:0458-1
- SUSE Security Ratings
Описание
OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c.
Затронутые продукты
Ссылки
- CVE-2016-2177
- SUSE Bug 982575
- SUSE Bug 999075
- SUSE Bug 999665
Описание
The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack.
Затронутые продукты
Ссылки
- CVE-2016-2178
- SUSE Bug 983249
- SUSE Bug 983519
- SUSE Bug 999665
Описание
The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service (memory consumption) by maintaining many crafted DTLS sessions simultaneously, related to d1_lib.c, statem_dtls.c, statem_lib.c, and statem_srvr.c.
Затронутые продукты
Ссылки
- CVE-2016-2179
- SUSE Bug 994844
- SUSE Bug 999665
Описание
The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in OpenSSL through 1.0.2h allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted time-stamp file that is mishandled by the "openssl ts" command.
Затронутые продукты
Ссылки
- CVE-2016-2180
- SUSE Bug 1003811
- SUSE Bug 990419
- SUSE Bug 999665
Описание
The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number, which allows remote attackers to cause a denial of service (false-positive packet drops) via spoofed DTLS records, related to rec_layer_d1.c and ssl3_record.c.
Затронутые продукты
Ссылки
- CVE-2016-2181
- SUSE Bug 994749
- SUSE Bug 994844
- SUSE Bug 999665
Описание
The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.
Затронутые продукты
Ссылки
- CVE-2016-2182
- SUSE Bug 993819
- SUSE Bug 994844
- SUSE Bug 995959
- SUSE Bug 999665
Описание
The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack.
Затронутые продукты
Ссылки
- CVE-2016-2183
- SUSE Bug 1001912
- SUSE Bug 1020747
- SUSE Bug 1024218
- SUSE Bug 1027038
- SUSE Bug 1034689
- SUSE Bug 1171693
- SUSE Bug 994844
- SUSE Bug 995359
Описание
The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of service via a ticket that is too short.
Затронутые продукты
Ссылки
- CVE-2016-6302
- SUSE Bug 994844
- SUSE Bug 995324
- SUSE Bug 999665
Описание
Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.
Затронутые продукты
Ссылки
- CVE-2016-6303
- SUSE Bug 994844
- SUSE Bug 995377
- SUSE Bug 999665
Описание
Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions.
Затронутые продукты
Ссылки
- CVE-2016-6304
- SUSE Bug 1001706
- SUSE Bug 1003811
- SUSE Bug 1005579
- SUSE Bug 1021375
- SUSE Bug 999665
- SUSE Bug 999666
Описание
The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c.
Затронутые продукты
Ссылки
- CVE-2016-6306
- SUSE Bug 999665
- SUSE Bug 999668
Описание
crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by triggering a CRL operation.
Затронутые продукты
Ссылки
- CVE-2016-7052
- SUSE Bug 1001148
Описание
There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure in OpenSSL 1.0.2 and 1.1.0 before 1.1.0c that handles input lengths divisible by, but longer than 256 bits. Analysis suggests that attacks against RSA, DSA and DH private keys are impossible. This is because the subroutine in question is not used in operations with the private key itself and an input of the attacker's direct choice. Otherwise the bug can manifest itself as transient authentication and key negotiation failures or reproducible erroneous outcome of public-key operations with specially crafted input. Among EC algorithms only Brainpool P-512 curves are affected and one presumably can attack ECDH key negotiation. Impact was not analyzed in detail, because pre-requisites for attack are considered unlikely. Namely multiple clients have to choose the curve in question and the server has to share the private key among them, neither of which is default behaviour. Even then only clients that chose the curve will be affected.
Затронутые продукты
Ссылки
- CVE-2016-7055
- SUSE Bug 1009528
- SUSE Bug 1021641
- SUSE Bug 1025354
Описание
A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys.
Затронутые продукты
Ссылки
- CVE-2016-7056
- SUSE Bug 1005878
- SUSE Bug 1018910
- SUSE Bug 1019334
Описание
If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305; users should upgrade to 1.1.0d. For Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have not disabled that algorithm should update to 1.0.2k.
Затронутые продукты
Ссылки
- CVE-2017-3731
- SUSE Bug 1021641
- SUSE Bug 1022085
- SUSE Bug 1025354
- SUSE Bug 1064118
- SUSE Bug 1064119
Описание
There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very similar to CVE-2015-3193 but must be treated as a separate problem.
Затронутые продукты
Ссылки
- CVE-2017-3732
- SUSE Bug 1021641
- SUSE Bug 1022086
- SUSE Bug 1025354
- SUSE Bug 1049418
- SUSE Bug 1049421
- SUSE Bug 1049422
- SUSE Bug 1066242
- SUSE Bug 1071906
- SUSE Bug 957814