A few vulnerabilities in OpenSSL

    The OpenSSL development team released Security Advisory , which talks about 9 new vulnerabilities in OpenSSL, and strongly recommends to be updated:
    • OpenSSL 0.9.8 users up to version 0.9.8zb
    • OpenSSL 1.0.0 users up to version 1.0.0n
    • OpenSSL 1.0.1 users up to version 1.0.1i

    Fixed vulnerabilities:

    • Information leak in pretty printing functions (CVE-2014-3508) - leads to information leakage from the stack when using the "beautiful" output functions.
    • Crash with SRP ciphersuite in Server Hello message (CVE-2014-5139) - Crashes the client (due to null pointer dereference) if the server uses SRP ciphersuite.
    • Race condition in ssl_parse_serverhello_tlsext (CVE-2014-3509) - an attacker server can write up to 255 bytes on the client.
    • Double Free when processing DTLS packets (CVE-2014-3505) - Crashes the client if the server sends a specially crafted DTLS packet.
    • DTLS memory exhaustion (CVE-2014-3506) - leads to increased memory consumption when processing DTLS packets.
    • DTLS memory leak from zero-length fragments (CVE-2014-3507) - causes a memory leak when sending a specially formed DTLS packet.
    • OpenSSL DTLS anonymous EC (DH) denial of service (CVE-2014-3510) - Crashes the client if the server uses anonymous EC (DH) and sends a handshake in a special way.
    • OpenSSL TLS protocol downgrade attack (CVE-2014-3511) - allows downgrade connections to TLS 1.0 MiTM attackers.
    • SRP buffer overrun (CVE-2014-3512) - allows you to overflow the internal SRP processing buffer.

    If package splitting is used on your system, be sure to update libssl , not just openssl itself .
    Naturally, applications using openssl must be restarted. If you have Debian, then you can use the “checkrestart” utility from debian-goodies.

    Also popular now: