From owner-freebsd-security@FreeBSD.ORG Thu Jun 5 18:43:22 2014 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 24C68EF4 for ; Thu, 5 Jun 2014 18:43:22 +0000 (UTC) Received: from mx1.rsle.net (mx1.rsle.net [IPv6:2607:ff40:b0b::4]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id B71A32D66 for ; Thu, 5 Jun 2014 18:43:21 +0000 (UTC) Received: from prometheus.rsle.net (UNKNOWN [206.162.203.14] (may be forged)) (authenticated bits=0) by mx1.rsle.net (8.14.7/8.14.7) with ESMTP id s55IhGTg012939 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO) for ; Thu, 5 Jun 2014 14:43:16 -0400 (EDT) (envelope-from freebsd-security@rsle.net) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.98.3 at antivirus.rsle.net Message-ID: <5390BA3F.5060202@rsle.net> Date: Thu, 05 Jun 2014 14:43:11 -0400 From: "R. Scott Evans" User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:24.0) Gecko/20100101 Thunderbird/24.5.0 MIME-Version: 1.0 To: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-14:14.openssl References: <201406051316.s55DGtwI041948@freefall.freebsd.org> In-Reply-To: <201406051316.s55DGtwI041948@freefall.freebsd.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.4.3 (mx1.rsle.net [206.162.201.2]); Thu, 05 Jun 2014 14:43:16 -0400 (EDT) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Jun 2014 18:43:22 -0000 After updating via the binary patch method with freebsd-update, uname still reports 9.2-RELEASE-p7 even after reboot. An additional freebsd-update after this initial update however does not report anything new to update (aside from the ongoing persistent /boot/kernel/linker.hints). Same result on 3 amd64 systems so far. -scott On 06/05/14 09:16, FreeBSD Security Advisories wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > ============================================================================= > FreeBSD-SA-14:14.openssl Security Advisory > The FreeBSD Project > > Topic: OpenSSL multiple vulnerabilities > > Category: contrib > Module: openssl > Announced: 2014-06-05 > Affects: All supported versions of FreeBSD. > Corrected: 2014-06-05 12:32:38 UTC (stable/10, 10.0-STABLE) > 2014-06-05 12:33:23 UTC (releng/10.0, 10.0-RELEASE-p5) > 2014-06-05 12:53:06 UTC (stable/9, 9.3-BETA1) > 2014-06-05 12:53:06 UTC (stable/9, 9.3-BETA1-p2) > 2014-06-05 12:33:23 UTC (releng/9.2, 9.2-RELEASE-p8) > 2014-06-05 12:33:23 UTC (releng/9.1, 9.1-RELEASE-p15) > 2014-06-05 12:32:38 UTC (stable/8, 8.4-STABLE) > 2014-06-05 12:33:23 UTC (releng/8.4, 8.4-RELEASE-p12) > CVE Name: CVE-2014-0195, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470 > > For general information regarding FreeBSD Security Advisories, > including descriptions of the fields above, security branches, and the > following sections, please visit . > > I. Background > > FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is > a collaborative effort to develop a robust, commercial-grade, full-featured > Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) > and Transport Layer Security (TLS v1) protocols as well as a full-strength > general purpose cryptography library. > > II. Problem Description > > Receipt of an invalid DTLS fragment on an OpenSSL DTLS client or server can > lead to a buffer overrun. [CVE-2014-0195] > > Receipt of an invalid DTLS handshake on an OpenSSL DTLS client can lead the > code to unnecessary recurse. [CVE-2014-0221] > > Carefully crafted handshake can force the use of weak keying material in > OpenSSL SSL/TLS clients and servers. [CVE-2014-0224] > > Carefully crafted packets can lead to a NULL pointer deference in OpenSSL > TLS client code if anonymous ECDH ciphersuites are enabled. [CVE-2014-3470] > > III. Impact > > A remote attacker may be able to run arbitrary code on a vulnerable client > or server by sending invalid DTLS fragments to an OpenSSL DTLS client or > server. [CVE-2014-0195] > > A remote attacker who can send an invalid DTLS handshake to an OpenSSL DTLS > client can crash the remote OpenSSL DTLS client. [CVE-2014-0221] > > A remote attacker who can send a carefully crafted handshake can force the > use of weak keying material between a vulnerable client and a vulnerable > server and decrypt and/or modify traffic from the attacked client and > server in a man-in-the-middle (MITM) attack. [CVE-2014-0224] > > A remote attacker who can send carefully crafted packets can cause OpenSSL > TLS client to crash. [CVE-2014-3470] > > IV. Workaround > > No workaround is available. > > V. Solution > > Perform one of the following: > > 1) Upgrade your vulnerable system to a supported FreeBSD stable or > release / security branch (releng) dated after the correction date. > > 2) To update your vulnerable system via a source code patch: > > The following patches have been verified to apply to the applicable > FreeBSD release branches. > > a) Download the relevant patch from the location below, and verify the > detached PGP signature using your PGP utility. > > [FreeBSD 10.0] > # fetch http://security.FreeBSD.org/patches/SA-14:14/openssl-10.patch > # fetch http://security.FreeBSD.org/patches/SA-14:14/openssl-10.patch.asc > # gpg --verify openssl-10.patch.asc > > [FreeBSD 9.x and 8.x] > # fetch http://security.FreeBSD.org/patches/SA-14:14/openssl-9.patch > # fetch http://security.FreeBSD.org/patches/SA-14:14/openssl-9.patch.asc > # gpg --verify openssl-9.patch.asc > > b) Apply the patch. Execute the following commands as root: > > # cd /usr/src > # patch < /path/to/patch > > c) Recompile the operating system using buildworld and installworld as > described in . > > Restart all deamons using the library, or reboot the system. > > 3) To update your vulnerable system via a binary patch: > > Systems running a RELEASE version of FreeBSD on the i386 or amd64 > platforms can be updated via the freebsd-update(8) utility: > > # freebsd-update fetch > # freebsd-update install > > VI. Correction details > > The following list contains the correction revision numbers for each > affected branch. > > Branch/path Revision > - ------------------------------------------------------------------------- > stable/8/ r267103 > releng/8.4/ r267104 > stable/9/ r267106 > releng/9.1/ r267104 > releng/9.2/ r267104 > stable/10/ r267103 > releng/10.0/ r267104 > - ------------------------------------------------------------------------- > > To see which files were modified by a particular revision, run the > following command, replacing NNNNNN with the revision number, on a > machine with Subversion installed: > > # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base > > Or visit the following URL, replacing NNNNNN with the revision number: > > > > VII. References > > > > > > > > > > > > The latest revision of this advisory is available at > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2.0.22 (FreeBSD) > > iQIcBAEBCgAGBQJTkGuTAAoJEO1n7NZdz2rnomEP/AzIur2b4KXcOJnPSq+Fgz2E > ThZnGpYaWGQXkBnPcARtLUN+98UQkdcVOpDXExdTP/mz+fRH5P14qBCwgFXfMX1a > Ins6M696pAyBE+SHjFMwX/pSA402Y2LFcfUgq1f9oBKPM77+X/9J4z4NPXB72qTp > ULLTBVtHiqwlcO6bD+YlpE5AfvoKoUI0MmmkuA4R1zmY/JBgDqN68oiTn7KwRp5m > v44uVuGF+gGMMkN5oZmXqn89+CbRjDkyk9gvHhe1VXZLfZi6GDlayNMpuBdj9laU > 3jpMMqwXGF45j524Ai03U/lAzO7Fn1Zl87dlElPk1BMaVmG8uGFipiULPQqsyUC9 > rchzXxtDM7VVA/p7G3Vn6RHbOPeNCxhuFonq1WxVBrXImIw23PRWDlYx+Kve5trH > gJvztI6CkD0f6NOf7HM7LYU1slvGFykFhoGeurxFVfKT2YlulL6HcRx4QPFE33c1 > W57wPHUvZ2w8hO0OU1zX1pz1qE6je+DoSTq7bob5ExXmDWCu2LElmKXW67N2tGYq > kNetRkTR9qwDlmexrcyAVgR45a/9oe/p9taTgm2/8ITzaHjexYcGn/tL7Mc9pYCa > Dj9FP0D52foKj3PjVfSZc/8kgJklKhtugDvbK74MmruA6vUELRrY84O2kfpgAzLj > KfE2eBuieG9+Pdpk011t > =/CUF > -----END PGP SIGNATURE----- > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" >