Package: openssl Version: 0.9.8f-1 Severity: grave Tags: security Hi, the following CVE (Common Vulnerabilities & Exposures) ids were published for openssl.
CVE-2008-0891[0]: | OpenSSL Server Name extension crash | | Testing using the Codenomicon TLS test suite discovered a flaw in the | handling of server name extension data in OpenSSL 0.9.8f and OpenSSL | 0.9.8g. If OpenSSL has been compiled using the non-default TLS server | name extensions, a remote attacker could send a carefully crafted | packet to a server application using OpenSSL and cause a crash. CVE-2008-1672[1]: | OpenSSL Omit Server Key Exchange message crash | | Testing using the Codenomicon TLS test suite discovered a flaw if the | 'Server Key exchange message' is omitted from a TLS handshake in | OpenSSL 0.9.8f and OpenSSL 0.9.8g. If a client connects to a | malicious server with particular cipher suites, the server could cause | the client to crash. Please not that these discriptions are not yet published on the mitre site. Check out http://www.openssl.org/news/secadv_20080528.txt in the meantime. Patches for both issues are attached. If you fix the vulnerabilities please also make sure to include the CVE ids in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0891 http://security-tracker.debian.net/tracker/CVE-2008-0891 [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1672 http://security-tracker.debian.net/tracker/CVE-2008-1672 Cheers Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
Index: CHANGES
===================================================================
RCS file: /e/openssl/cvs/openssl/CHANGES,v
retrieving revision 1.1238.2.86
diff -u -r1.1238.2.86 CHANGES
--- CHANGES 28 Feb 2008 13:35:58 -0000 1.1238.2.86
+++ CHANGES 18 Mar 2008 12:06:57 -0000
@@ -4,6 +4,9 @@
Changes between 0.9.8g and 0.9.8h [xx XXX xxxx]
+ *) Fix double free in TLS server name extensions which could lead to a remote
+ crash found by Codenomicon TLS test suite (CVE-2008-0891) [Joe Orton]
+
*) Fix BN flag handling in RSA_eay_mod_exp() and BN_MONT_CTX_set()
to get the expected BN_FLG_CONSTTIME behavior.
[Bodo Moeller (Google)]
Index: ssl/t1_lib.c
===================================================================
RCS file: /e/openssl/cvs/openssl/ssl/t1_lib.c,v
retrieving revision 1.13.2.8
diff -u -r1.13.2.8 t1_lib.c
--- ssl/t1_lib.c 18 Oct 2007 11:39:11 -0000 1.13.2.8
+++ ssl/t1_lib.c 18 Mar 2008 12:06:58 -0000
@@ -381,6 +381,7 @@
s->session->tlsext_hostname[len]='\0';
if (strlen(s->session->tlsext_hostname) != len) {
OPENSSL_free(s->session->tlsext_hostname);
+ s->session->tlsext_hostname = NULL;
*al = TLS1_AD_UNRECOGNIZED_NAME;
return 0;
}
Index: CHANGES
===================================================================
RCS file: /e/openssl/cvs/openssl/CHANGES,v
retrieving revision 1.1238.2.86
diff -u -r1.1238.2.86 CHANGES
--- CHANGES 28 Feb 2008 13:35:58 -0000 1.1238.2.86
+++ CHANGES 22 May 2008 09:19:30 -0000
@@ -4,6 +4,10 @@
Changes between 0.9.8g and 0.9.8h [xx XXX xxxx]
+ *) Fix flaw if 'Server Key exchange message' is omitted from a TLS
+ handshake which could lead to a cilent crash as found using the
+ Codenomicon TLS test suite (CVE-2008-1672) [Steve Henson, Mark Cox]
+
*) Fix BN flag handling in RSA_eay_mod_exp() and BN_MONT_CTX_set()
to get the expected BN_FLG_CONSTTIME behavior.
[Bodo Moeller (Google)]
Index: ssl/s3_clnt.c
===================================================================
RCS file: /e/openssl/cvs/openssl/ssl/s3_clnt.c,v
retrieving revision 1.88.2.12
diff -u -r1.88.2.12 s3_clnt.c
--- ssl/s3_clnt.c 3 Nov 2007 13:07:39 -0000 1.88.2.12
+++ ssl/s3_clnt.c 22 May 2008 09:19:30 -0000
@@ -2061,6 +2061,13 @@
{
DH *dh_srvr,*dh_clnt;
+ if (s->session->sess_cert == NULL)
+ {
+ ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);
+ SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE);
+ goto err;
+ }
+
if (s->session->sess_cert->peer_dh_tmp != NULL)
dh_srvr=s->session->sess_cert->peer_dh_tmp;
else
pgpqXIqIyLW16.pgp
Description: PGP signature
