openSUSE Security Update: Security update for libressl
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2015:1277-1
Rating:             important
References:         #912015 #912018 #912292 #912293 #912296 #919648 
                    #920236 #922496 #922499 #922500 #931600 #934487 
                    #934489 #934491 #934493 #934494 #937891 
Cross-References:   CVE-2014-3570 CVE-2014-3572 CVE-2014-8176
                    CVE-2014-8275 CVE-2015-0205 CVE-2015-0206
                    CVE-2015-0209 CVE-2015-0286 CVE-2015-0287
                    CVE-2015-0288 CVE-2015-0289 CVE-2015-1788
                    CVE-2015-1789 CVE-2015-1790 CVE-2015-1792
                    CVE-2015-4000
Affected Products:
                    openSUSE 13.2
______________________________________________________________________________

   An update that solves 16 vulnerabilities and has one errata
   is now available.

Description:

   libressl was updated to version 2.2.1 to fix 16 security issues.

   LibreSSL is a fork of OpenSSL. Because of that CVEs affecting OpenSSL
   often also affect LibreSSL.

   These security issues were fixed:
   - CVE-2014-3570: The BN_sqr implementation in OpenSSL before 0.9.8zd,
     1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k did not properly calculate
     the square of a BIGNUM value, which might make it easier for remote
     attackers to defeat cryptographic protection mechanisms via unspecified
     vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c,
     and crypto/bn/bn_asm.c (bsc#912296).
   - CVE-2014-3572: The ssl3_get_key_exchange function in s3_clnt.c in
     OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k
     allowed remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks
     and trigger a loss of forward secrecy by omitting the ServerKeyExchange
     message (bsc#912015).
   - CVE-2015-1792: The do_free_upto function in crypto/cms/cms_smime.c in
     OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and
     1.0.2 before 1.0.2b allowed remote attackers to cause a denial of
     service (infinite loop) via vectors that trigger a NULL value of a BIO
     data structure, as demonstrated by an unrecognized X.660 OID for a hash
     function (bsc#934493).
   - CVE-2014-8275: OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1
     before 1.0.1k did not enforce certain constraints on certificate data,
     which allowed remote attackers to defeat a fingerprint-based
     certificate-blacklist protection mechanism by including crafted data
     within a certificate's unsigned portion, related to
     crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c,
     and crypto/x509/x_all.c (bsc#912018).
   - CVE-2015-0209: Use-after-free vulnerability in the d2i_ECPrivateKey
     function in crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before
     1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allowed
     remote attackers to cause a denial of service (memory corruption and
     application crash) or possibly have unspecified other impact via a
     malformed Elliptic Curve (EC) private-key file that is improperly
     handled during import (bsc#919648).
   - CVE-2015-1789: The X509_cmp_time function in crypto/x509/x509_vfy.c in
     OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and
     1.0.2 before 1.0.2b allowed remote attackers to cause a denial of
     service (out-of-bounds read and application crash) via a crafted length
     field in ASN1_TIME data, as demonstrated by an attack against a server
     that supports client authentication with a custom verification callback
     (bsc#934489).
   - CVE-2015-1788: The BN_GF2m_mod_inv function in crypto/bn/bn_gf2m.c in
     OpenSSL before 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1 before 1.0.1n, and
     1.0.2 before 1.0.2b did not properly handle ECParameters structures in
     which the curve is over a malformed binary polynomial field, which
     allowed remote attackers to cause a denial of service (infinite loop)
     via a session that used an Elliptic Curve algorithm, as demonstrated by
     an attack against a server that supports client authentication
     (bsc#934487).
   - CVE-2015-1790: The PKCS7_dataDecodefunction in crypto/pkcs7/pk7_doit.c
     in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and
     1.0.2 before 1.0.2b allowed remote attackers to cause a denial of
     service (NULL pointer dereference and application crash) via a PKCS#7
     blob that used ASN.1 encoding and lacks inner EncryptedContent data
     (bsc#934491).
   - CVE-2015-0287: The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c
     in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and
     1.0.2 before 1.0.2a did not reinitialize CHOICE and ADB data structures,
     which might allowed attackers to cause a denial of service (invalid
     write operation and memory corruption) by leveraging an application that
     relies on ASN.1 structure reuse (bsc#922499).
   - CVE-2015-0286: The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in
     OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and
     1.0.2 before 1.0.2a did not properly perform boolean-type comparisons,
     which allowed remote attackers to cause a denial of service (invalid
     read operation and application crash) via a crafted X.509 certificate to
     an endpoint that used the certificate-verification feature (bsc#922496).
   - CVE-2015-0289: The PKCS#7 implementation in OpenSSL before 0.9.8zf,
     1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a did
     not properly handle a lack of outer ContentInfo, which allowed attackers     to cause a denial of service (NULL pointer dereference and application
     crash) by leveraging an application that processes arbitrary PKCS#7 data
     and providing malformed data with ASN.1 encoding, related to
     crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c (bsc#922500).
   - CVE-2015-0288: The X509_to_X509_REQ function in crypto/x509/x509_req.c
     in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and
     1.0.2 before 1.0.2a might allowed attackers to cause a denial of service
     (NULL pointer dereference and application crash) via an invalid
     certificate key (bsc#920236).
   - CVE-2014-8176: The dtls1_clear_queues function in ssl/d1_lib.c in
     OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h
     frees data structures without considering that application data can
     arrive between a ChangeCipherSpec message and a Finished message, which
     allowed remote DTLS peers to cause a denial of service (memory
     corruption and application crash) or possibly have unspecified other
     impact via unexpected application data (bsc#934494).
   - CVE-2015-4000: The TLS protocol 1.2 and earlier, when a DHE_EXPORT
     ciphersuite is enabled on a server but not on a client, did not properly
     convey a DHE_EXPORT choice, which allowed man-in-the-middle attackers to
     conduct cipher-downgrade attacks by rewriting a ClientHello with DHE
     replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT
     replaced by DHE, aka the "Logjam" issue (bsc#931600).
   - CVE-2015-0205: The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL
     1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client
     authentication with a Diffie-Hellman (DH) certificate without requiring
     a CertificateVerify message, which allowed remote attackers to obtain
     access without knowledge of a private key via crafted TLS Handshake
     Protocol traffic to a server that recognizes a Certification Authority
     with DH support (bsc#912293).
   - CVE-2015-0206: Memory leak in the dtls1_buffer_record function in
     d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allowed
     remote attackers to cause a denial of service (memory consumption) by
     sending many duplicate records for the next epoch, leading to failure of
     replay detection (bsc#912292).


Patch Instructions:

   To install this openSUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - openSUSE 13.2:

      zypper in -t patch openSUSE-2015-507=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - openSUSE 13.2 (i586 x86_64):

      libcrypto34-2.2.1-2.3.1
      libcrypto34-debuginfo-2.2.1-2.3.1
      libressl-2.2.1-2.3.1
      libressl-debuginfo-2.2.1-2.3.1
      libressl-debugsource-2.2.1-2.3.1
      libressl-devel-2.2.1-2.3.1
      libssl33-2.2.1-2.3.1
      libssl33-debuginfo-2.2.1-2.3.1
      libtls4-2.2.1-2.3.1
      libtls4-debuginfo-2.2.1-2.3.1

   - openSUSE 13.2 (x86_64):

      libcrypto34-32bit-2.2.1-2.3.1
      libcrypto34-debuginfo-32bit-2.2.1-2.3.1
      libressl-devel-32bit-2.2.1-2.3.1
      libssl33-32bit-2.2.1-2.3.1
      libssl33-debuginfo-32bit-2.2.1-2.3.1
      libtls4-32bit-2.2.1-2.3.1
      libtls4-debuginfo-32bit-2.2.1-2.3.1

   - openSUSE 13.2 (noarch):

      libressl-devel-doc-2.2.1-2.3.1


References:

   https://www.suse.com/security/cve/CVE-2014-3570.html
   https://www.suse.com/security/cve/CVE-2014-3572.html
   https://www.suse.com/security/cve/CVE-2014-8176.html
   https://www.suse.com/security/cve/CVE-2014-8275.html
   https://www.suse.com/security/cve/CVE-2015-0205.html
   https://www.suse.com/security/cve/CVE-2015-0206.html
   https://www.suse.com/security/cve/CVE-2015-0209.html
   https://www.suse.com/security/cve/CVE-2015-0286.html
   https://www.suse.com/security/cve/CVE-2015-0287.html
   https://www.suse.com/security/cve/CVE-2015-0288.html
   https://www.suse.com/security/cve/CVE-2015-0289.html
   https://www.suse.com/security/cve/CVE-2015-1788.html
   https://www.suse.com/security/cve/CVE-2015-1789.html
   https://www.suse.com/security/cve/CVE-2015-1790.html
   https://www.suse.com/security/cve/CVE-2015-1792.html
   https://www.suse.com/security/cve/CVE-2015-4000.html
   https://bugzilla.suse.com/912015
   https://bugzilla.suse.com/912018
   https://bugzilla.suse.com/912292
   https://bugzilla.suse.com/912293
   https://bugzilla.suse.com/912296
   https://bugzilla.suse.com/919648
   https://bugzilla.suse.com/920236
   https://bugzilla.suse.com/922496
   https://bugzilla.suse.com/922499
   https://bugzilla.suse.com/922500
   https://bugzilla.suse.com/931600
   https://bugzilla.suse.com/934487
   https://bugzilla.suse.com/934489
   https://bugzilla.suse.com/934491
   https://bugzilla.suse.com/934493
   https://bugzilla.suse.com/934494
   https://bugzilla.suse.com/937891

openSUSE: 2015:1277-1: important: libressl

July 22, 2015
An update that solves 16 vulnerabilities and has one errata An update that solves 16 vulnerabilities and has one errata An update that solves 16 vulnerabilities and has one errata ...

Description

libressl was updated to version 2.2.1 to fix 16 security issues. LibreSSL is a fork of OpenSSL. Because of that CVEs affecting OpenSSL often also affect LibreSSL. These security issues were fixed: - CVE-2014-3570: The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k did not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c (bsc#912296). - CVE-2014-3572: The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allowed remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message (bsc#912015). - CVE-2015-1792: The do_free_upto function in crypto/cms/cms_smime.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allowed remote attackers to cause a denial of service (infinite loop) via vectors that trigger a NULL value of a BIO data structure, as demonstrated by an unrecognized X.660 OID for a hash function (bsc#934493). - CVE-2014-8275: OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k did not enforce certain constraints on certificate data, which allowed remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c (bsc#912018). - CVE-2015-0209: Use-after-free vulnerability in the d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed Elliptic Curve (EC) private-key file that is improperly handled during import (bsc#919648). - CVE-2015-1789: The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allowed remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against a server that supports client authentication with a custom verification callback (bsc#934489). - CVE-2015-1788: The BN_GF2m_mod_inv function in crypto/bn/bn_gf2m.c in OpenSSL before 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b did not properly handle ECParameters structures in which the curve is over a malformed binary polynomial field, which allowed remote attackers to cause a denial of service (infinite loop) via a session that used an Elliptic Curve algorithm, as demonstrated by an attack against a server that supports client authentication (bsc#934487). - CVE-2015-1790: The PKCS7_dataDecodefunction in crypto/pkcs7/pk7_doit.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a PKCS#7 blob that used ASN.1 encoding and lacks inner EncryptedContent data (bsc#934491). - CVE-2015-0287: The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a did not reinitialize CHOICE and ADB data structures, which might allowed attackers to cause a denial of service (invalid write operation and memory corruption) by leveraging an application that relies on ASN.1 structure reuse (bsc#922499). - CVE-2015-0286: The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a did not properly perform boolean-type comparisons, which allowed remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted X.509 certificate to an endpoint that used the certificate-verification feature (bsc#922496). - CVE-2015-0289: The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a did not properly handle a lack of outer ContentInfo, which allowed attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, related to crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c (bsc#922500). - CVE-2015-0288: The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allowed attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid certificate key (bsc#920236). - CVE-2014-8176: The dtls1_clear_queues function in ssl/d1_lib.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h frees data structures without considering that application data can arrive between a ChangeCipherSpec message and a Finished message, which allowed remote DTLS peers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unexpected application data (bsc#934494). - CVE-2015-4000: The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, did not properly convey a DHE_EXPORT choice, which allowed man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue (bsc#931600). - CVE-2015-0205: The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allowed remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support (bsc#912293). - CVE-2015-0206: Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allowed remote attackers to cause a denial of service (memory consumption) by sending many duplicate records for the next epoch, leading to failure of replay detection (bsc#912292).

 

Patch

Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.2: zypper in -t patch openSUSE-2015-507=1 To bring your system up-to-date, use "zypper patch".


Package List

- openSUSE 13.2 (i586 x86_64): libcrypto34-2.2.1-2.3.1 libcrypto34-debuginfo-2.2.1-2.3.1 libressl-2.2.1-2.3.1 libressl-debuginfo-2.2.1-2.3.1 libressl-debugsource-2.2.1-2.3.1 libressl-devel-2.2.1-2.3.1 libssl33-2.2.1-2.3.1 libssl33-debuginfo-2.2.1-2.3.1 libtls4-2.2.1-2.3.1 libtls4-debuginfo-2.2.1-2.3.1 - openSUSE 13.2 (x86_64): libcrypto34-32bit-2.2.1-2.3.1 libcrypto34-debuginfo-32bit-2.2.1-2.3.1 libressl-devel-32bit-2.2.1-2.3.1 libssl33-32bit-2.2.1-2.3.1 libssl33-debuginfo-32bit-2.2.1-2.3.1 libtls4-32bit-2.2.1-2.3.1 libtls4-debuginfo-32bit-2.2.1-2.3.1 - openSUSE 13.2 (noarch): libressl-devel-doc-2.2.1-2.3.1


References

https://www.suse.com/security/cve/CVE-2014-3570.html https://www.suse.com/security/cve/CVE-2014-3572.html https://www.suse.com/security/cve/CVE-2014-8176.html https://www.suse.com/security/cve/CVE-2014-8275.html https://www.suse.com/security/cve/CVE-2015-0205.html https://www.suse.com/security/cve/CVE-2015-0206.html https://www.suse.com/security/cve/CVE-2015-0209.html https://www.suse.com/security/cve/CVE-2015-0286.html https://www.suse.com/security/cve/CVE-2015-0287.html https://www.suse.com/security/cve/CVE-2015-0288.html https://www.suse.com/security/cve/CVE-2015-0289.html https://www.suse.com/security/cve/CVE-2015-1788.html https://www.suse.com/security/cve/CVE-2015-1789.html https://www.suse.com/security/cve/CVE-2015-1790.html https://www.suse.com/security/cve/CVE-2015-1792.html https://www.suse.com/security/cve/CVE-2015-4000.html https://bugzilla.suse.com/912015 https://bugzilla.suse.com/912018 https://bugzilla.suse.com/912292 https://bugzilla.suse.com/912293 https://bugzilla.suse.com/912296 https://bugzilla.suse.com/919648 https://bugzilla.suse.com/920236 https://bugzilla.suse.com/922496 https://bugzilla.suse.com/922499 https://bugzilla.suse.com/922500 https://bugzilla.suse.com/931600 https://bugzilla.suse.com/934487 https://bugzilla.suse.com/934489 https://bugzilla.suse.com/934491 https://bugzilla.suse.com/934493 https://bugzilla.suse.com/934494 https://bugzilla.suse.com/937891


Severity
Announcement ID: openSUSE-SU-2015:1277-1
Rating: important
Affected Products: openSUSE 13.2

Related News

30.Lock Globe Motherboard Esm H320
1 - 2 min read
As cybersecurity practitioners, we are no strangers to the constant threat of malicious actors and the importance of remaining vigilant to protect
22.Lock ScreenEffect Esm H320
1 - 2 min read
EndeavorOS Gemini is a captivating and charming desktop operating system based on Arch Linux. The new release includes a kernel upgrade, 3D graphics
25.@Sign Hook Keyboard Esm H320
1 min read
Cyber risk is increasing for individuals and organizations, making flexible and robust solutions for identifying spam and malware increasingly
19.Laptop Bed Esm H320
2 - 3 min read
The recently released Linux Kernel 6.9 brings forth a blend of crucial upgrades and enhancements, catering to the ever-evolving needs of the Linux
4.Lock AbstractDigital Esm H320
1 - 2 min read
Nmap 7.95 introduces myriad enhancements, primarily focusing on OS and service detection signatures. This reflects the dedication of the Nmap
5.ShakingHands Esm H320
3 - 5 min read
There has been a promising shift in the tech industry, with major companies pledging to release products with built-in security features. This
18.WifiCutout Landscape Esm H320
2 - 3 min read
A novel attack called TunnelVision has been discovered. It compromises the security of virtually all VPN apps, rendering their purpose useless. The
21.Globe RadiatingCode Esm H320
2 - 3 min read
The recent discovery of a backdoor in XZ Utils , a widely used Linux tool, raises concerns about the security of the open-source ecosystem. While

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved