openSUSE Security Update: Security update for libressl
______________________________________________________________________________

Announcement ID: openSUSE-SU-2015:1277-1
Rating: important
References: #912015 #912018 #912292 #912293 #912296 #919648
#920236 #922496 #922499 #922500 #931600 #934487
#934489 #934491 #934493 #934494 #937891
Cross-References: CVE-2014-3570 CVE-2014-3572 CVE-2014-8176
CVE-2014-8275 CVE-2015-0205 CVE-2015-0206
CVE-2015-0209 CVE-2015-0286 CVE-2015-0287
CVE-2015-0288 CVE-2015-0289 CVE-2015-1788
CVE-2015-1789 CVE-2015-1790 CVE-2015-1792
CVE-2015-4000
Affected Products:
openSUSE 13.2
______________________________________________________________________________

An update that solves 16 vulnerabilities and has one errata
is now available.

Description:

libressl was updated to version 2.2.1 to fix 16 security issues.

LibreSSL is a fork of OpenSSL. Because of that CVEs affecting OpenSSL
often also affect LibreSSL.

These security issues were fixed:
– CVE-2014-3570: The BN_sqr implementation in OpenSSL before 0.9.8zd,
1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k did not properly calculate
the square of a BIGNUM value, which might make it easier for remote
attackers to defeat cryptographic protection mechanisms via unspecified
vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c,
and crypto/bn/bn_asm.c (bsc#912296).
– CVE-2014-3572: The ssl3_get_key_exchange function in s3_clnt.c in
OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k
allowed remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks
and trigger a loss of forward secrecy by omitting the ServerKeyExchange
message (bsc#912015).
– CVE-2015-1792: The do_free_upto function in crypto/cms/cms_smime.c in
OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and
1.0.2 before 1.0.2b allowed remote attackers to cause a denial of
service (infinite loop) via vectors that trigger a NULL value of a BIO
data structure, as demonstrated by an unrecognized X.660 OID for a hash
function (bsc#934493).
– CVE-2014-8275: OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1
before 1.0.1k did not enforce certain constraints on certificate data,
which allowed remote attackers to defeat a fingerprint-based
certificate-blacklist protection mechanism by including crafted data
within a certificate’s unsigned portion, related to
crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c,
and crypto/x509/x_all.c (bsc#912018).
– CVE-2015-0209: Use-after-free vulnerability in the d2i_ECPrivateKey
function in crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before
1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allowed
remote attackers to cause a denial of service (memory corruption and
application crash) or possibly have unspecified other impact via a
malformed Elliptic Curve (EC) private-key file that is improperly
handled during import (bsc#919648).
– CVE-2015-1789: The X509_cmp_time function in crypto/x509/x509_vfy.c in
OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and
1.0.2 before 1.0.2b allowed remote attackers to cause a denial of
service (out-of-bounds read and application crash) via a crafted length
field in ASN1_TIME data, as demonstrated by an attack against a server
that supports client authentication with a custom verification callback
(bsc#934489).
– CVE-2015-1788: The BN_GF2m_mod_inv function in crypto/bn/bn_gf2m.c in
OpenSSL before 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1 before 1.0.1n, and
1.0.2 before 1.0.2b did not properly handle ECParameters structures in
which the curve is over a malformed binary polynomial field, which
allowed remote attackers to cause a denial of service (infinite loop)
via a session that used an Elliptic Curve algorithm, as demonstrated by
an attack against a server that supports client authentication
(bsc#934487).
– CVE-2015-1790: The PKCS7_dataDecodefunction in crypto/pkcs7/pk7_doit.c
in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and
1.0.2 before 1.0.2b allowed remote attackers to cause a denial of
service (NULL pointer dereference and application crash) via a PKCS#7
blob that used ASN.1 encoding and lacks inner EncryptedContent data
(bsc#934491).
– CVE-2015-0287: The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c
in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and
1.0.2 before 1.0.2a did not reinitialize CHOICE and ADB data structures,
which might allowed attackers to cause a denial of service (invalid
write operation and memory corruption) by leveraging an application that
relies on ASN.1 structure reuse (bsc#922499).
– CVE-2015-0286: The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in
OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and
1.0.2 before 1.0.2a did not properly perform boolean-type comparisons,
which allowed remote attackers to cause a denial of service (invalid
read operation and application crash) via a crafted X.509 certificate to
an endpoint that used the certificate-verification feature (bsc#922496).
– CVE-2015-0289: The PKCS#7 implementation in OpenSSL before 0.9.8zf,
1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a did
not properly handle a lack of outer ContentInfo, which allowed attackers
to cause a denial of service (NULL pointer dereference and application
crash) by leveraging an application that processes arbitrary PKCS#7 data
and providing malformed data with ASN.1 encoding, related to
crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c (bsc#922500).
– CVE-2015-0288: The X509_to_X509_REQ function in crypto/x509/x509_req.c
in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and
1.0.2 before 1.0.2a might allowed attackers to cause a denial of service
(NULL pointer dereference and application crash) via an invalid
certificate key (bsc#920236).
– CVE-2014-8176: The dtls1_clear_queues function in ssl/d1_lib.c in
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h
frees data structures without considering that application data can
arrive between a ChangeCipherSpec message and a Finished message, which
allowed remote DTLS peers to cause a denial of service (memory
corruption and application crash) or possibly have unspecified other
impact via unexpected application data (bsc#934494).
– CVE-2015-4000: The TLS protocol 1.2 and earlier, when a DHE_EXPORT
ciphersuite is enabled on a server but not on a client, did not properly
convey a DHE_EXPORT choice, which allowed man-in-the-middle attackers to
conduct cipher-downgrade attacks by rewriting a ClientHello with DHE
replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT
replaced by DHE, aka the “Logjam” issue (bsc#931600).
– CVE-2015-0205: The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL
1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client
authentication with a Diffie-Hellman (DH) certificate without requiring
a CertificateVerify message, which allowed remote attackers to obtain
access without knowledge of a private key via crafted TLS Handshake
Protocol traffic to a server that recognizes a Certification Authority
with DH support (bsc#912293).
– CVE-2015-0206: Memory leak in the dtls1_buffer_record function in
d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allowed
remote attackers to cause a denial of service (memory consumption) by
sending many duplicate records for the next epoch, leading to failure of
replay detection (bsc#912292).

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– openSUSE 13.2:

zypper in -t patch openSUSE-2015-507=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– openSUSE 13.2 (i586 x86_64):

libcrypto34-2.2.1-2.3.1
libcrypto34-debuginfo-2.2.1-2.3.1
libressl-2.2.1-2.3.1
libressl-debuginfo-2.2.1-2.3.1
libressl-debugsource-2.2.1-2.3.1
libressl-devel-2.2.1-2.3.1
libssl33-2.2.1-2.3.1
libssl33-debuginfo-2.2.1-2.3.1
libtls4-2.2.1-2.3.1
libtls4-debuginfo-2.2.1-2.3.1

– openSUSE 13.2 (x86_64):

libcrypto34-32bit-2.2.1-2.3.1
libcrypto34-debuginfo-32bit-2.2.1-2.3.1
libressl-devel-32bit-2.2.1-2.3.1
libssl33-32bit-2.2.1-2.3.1
libssl33-debuginfo-32bit-2.2.1-2.3.1
libtls4-32bit-2.2.1-2.3.1
libtls4-debuginfo-32bit-2.2.1-2.3.1

– openSUSE 13.2 (noarch):

libressl-devel-doc-2.2.1-2.3.1

References:

https://www.suse.com/security/cve/CVE-2014-3570.html
https://www.suse.com/security/cve/CVE-2014-3572.html
https://www.suse.com/security/cve/CVE-2014-8176.html
https://www.suse.com/security/cve/CVE-2014-8275.html
https://www.suse.com/security/cve/CVE-2015-0205.html
https://www.suse.com/security/cve/CVE-2015-0206.html
https://www.suse.com/security/cve/CVE-2015-0209.html
https://www.suse.com/security/cve/CVE-2015-0286.html
https://www.suse.com/security/cve/CVE-2015-0287.html
https://www.suse.com/security/cve/CVE-2015-0288.html
https://www.suse.com/security/cve/CVE-2015-0289.html
https://www.suse.com/security/cve/CVE-2015-1788.html
https://www.suse.com/security/cve/CVE-2015-1789.html
https://www.suse.com/security/cve/CVE-2015-1790.html
https://www.suse.com/security/cve/CVE-2015-1792.html
https://www.suse.com/security/cve/CVE-2015-4000.html
https://bugzilla.suse.com/912015
https://bugzilla.suse.com/912018
https://bugzilla.suse.com/912292
https://bugzilla.suse.com/912293
https://bugzilla.suse.com/912296
https://bugzilla.suse.com/919648
https://bugzilla.suse.com/920236
https://bugzilla.suse.com/922496
https://bugzilla.suse.com/922499
https://bugzilla.suse.com/922500
https://bugzilla.suse.com/931600
https://bugzilla.suse.com/934487
https://bugzilla.suse.com/934489
https://bugzilla.suse.com/934491
https://bugzilla.suse.com/934493
https://bugzilla.suse.com/934494
https://bugzilla.suse.com/937891

—
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org
7e