
A few vulnerabilities in OpenSSL
The OpenSSL development team released Security Advisory , which talks about 9 new vulnerabilities in OpenSSL, and strongly recommends to be updated:
If package splitting is used on your system, be sure to update libssl , not just openssl itself .
Naturally, applications using openssl must be restarted. If you have Debian, then you can use the “checkrestart” utility from debian-goodies.
- OpenSSL 0.9.8 users up to version 0.9.8zb
- OpenSSL 1.0.0 users up to version 1.0.0n
- OpenSSL 1.0.1 users up to version 1.0.1i
Fixed vulnerabilities:
- Information leak in pretty printing functions (CVE-2014-3508) - leads to information leakage from the stack when using the "beautiful" output functions.
- Crash with SRP ciphersuite in Server Hello message (CVE-2014-5139) - Crashes the client (due to null pointer dereference) if the server uses SRP ciphersuite.
- Race condition in ssl_parse_serverhello_tlsext (CVE-2014-3509) - an attacker server can write up to 255 bytes on the client.
- Double Free when processing DTLS packets (CVE-2014-3505) - Crashes the client if the server sends a specially crafted DTLS packet.
- DTLS memory exhaustion (CVE-2014-3506) - leads to increased memory consumption when processing DTLS packets.
- DTLS memory leak from zero-length fragments (CVE-2014-3507) - causes a memory leak when sending a specially formed DTLS packet.
- OpenSSL DTLS anonymous EC (DH) denial of service (CVE-2014-3510) - Crashes the client if the server uses anonymous EC (DH) and sends a handshake in a special way.
- OpenSSL TLS protocol downgrade attack (CVE-2014-3511) - allows downgrade connections to TLS 1.0 MiTM attackers.
- SRP buffer overrun (CVE-2014-3512) - allows you to overflow the internal SRP processing buffer.
If package splitting is used on your system, be sure to update libssl , not just openssl itself .
Naturally, applications using openssl must be restarted. If you have Debian, then you can use the “checkrestart” utility from debian-goodies.