From owner-freebsd-security@freebsd.org Thu Feb 23 07:39:49 2017 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id AA423CEAF87 for ; Thu, 23 Feb 2017 07:39:49 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2610:1c1:1:6074::16:84]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "freefall.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 8CFB61680; Thu, 23 Feb 2017 07:39:49 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: by freefall.freebsd.org (Postfix, from userid 1035) id D50555169; Thu, 23 Feb 2017 07:39:48 +0000 (UTC) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory FreeBSD-SA-17:02.openssl Reply-To: freebsd-security@freebsd.org Precedence: bulk Message-Id: <20170223073948.D50555169@freefall.freebsd.org> Date: Thu, 23 Feb 2017 07:39:48 +0000 (UTC) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Feb 2017 07:39:49 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-17:02.openssl Security Advisory The FreeBSD Project Topic: OpenSSL multiple vulnerabilities Category: contrib Module: openssl Announced: 2017-02-23 Affects: All supported versions of FreeBSD. Corrected: 2017-01-26 19:14:14 UTC (stable/11, 11.0-STABLE) 2017-02-23 07:11:48 UTC (releng/11.0, 11.0-RELEASE-p8) 2017-01-27 07:45:06 UTC (stable/10, 10.3-STABLE) 2017-02-23 07:12:18 UTC (releng/10.3, 10.3-RELEASE-p16) CVE Name: CVE-2016-7055, CVE-2017-3731, CVE-2017-3732 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. II. Problem Description If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. [CVE-2017-3731] There is a carry propagating bug in the x86_64 Montgomery squaring procedure. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. [CVE-2017-3732] Montgomery multiplication may produce incorrect results. [CVE-2016-7055] III. Impact A remote attacker may trigger a crash on servers or clients that supported RC4-MD5. [CVE-2017-3731] A remote attacker may be able to deduce information about a private key, but that would require enormous amount of resources. [CVE-2017-3732, CVE-2016-7055] IV. Workaround No workaround is available. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. Restart all daemons that use the library, or reboot the system. 2) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install Restart all daemons that use the library, or reboot the system. 3) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 11.0] # fetch https://security.FreeBSD.org/patches/SA-17:02/openssl-11.patch # fetch https://security.FreeBSD.org/patches/SA-17:02/openssl-11.patch.asc # gpg --verify openssl-11.patch.asc [FreeBSD 10.3] # fetch https://security.FreeBSD.org/patches/SA-17:02/openssl-10.patch # fetch https://security.FreeBSD.org/patches/SA-17:02/openssl-10.patch.asc # gpg --verify openssl-10.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in . Restart all daemons that use the library, or reboot the system. VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/10/ r312863 releng/10.3/ r314125 stable/11/ r312826 releng/11.0/ r314126 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.1.18 (FreeBSD) iQIzBAEBCgAdFiEEHPf/b631yp++G4yy7Wfs1l3PaucFAliujOsACgkQ7Wfs1l3P aufZHhAAy8U5oOrLGq0XH8Dumpkyc+bFOmsEh+S1hL6jFL13jUVpDqogZ3w/a7If Hcqiyipx5dbcGbHJayokfimkxPcIYydYQK9NwWaXVlnZifvgWka+KxtcD0u2A8S5 cpTbNl+CALQQqEF3+JmOc4Uq2Dtui0xFG1N5Og4oF5Uo+lvQh4bcJ1UbfhMdq8EG US3hGlJLJJW75m3jkgHyu0o7A0swnNTUQrW9Z0p/3iTiel7fM57d/N1who+kt59V UErXTzMDBT1kkWRne0aTA71gdy3SUeRiVi9/LWggjIRJNyMnQjO3UI2UOIHLLQAG CXcZLPekB87iHZxMAw8oV6b4GIkJhqUFW2ep2AZkUdDZ2Mup9bDrx/0Ik0jHjyQY KEmZDroHvP8z569q+aWfIIpMXPv6zJTnent45U2/q13wMHJwWsADu9ukeWKTw7wI P0Rc3vht+AXbXFi9SjxwdldgrVszV7x8Yi6W9KhHsGqCl6NBCW9Md/PWbNQQUVkq I5tV0WB3pTwOk0yMi3h/okM9VBr1lPDU18W0he5T9wbOh4w0jwFb8AqMu1slst3l 9MlhRfO/4LIDlfRQ/dj4dOfVLZqEd/xleax99yFXZUzibUYrOMlBxNaKvV80plwB Kg2Hr3DJuJa3599kNgXMCNV1lRIOJbJ9dRmX6B0YzMgvxKPIXY4= =8Jsr -----END PGP SIGNATURE----- From owner-freebsd-security@freebsd.org Thu Feb 23 11:17:17 2017 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 945CCCEAA27 for ; Thu, 23 Feb 2017 11:17:17 +0000 (UTC) (envelope-from ml@netfence.it) Received: from smtp206.alice.it (smtp206.alice.it [82.57.200.102]) by mx1.freebsd.org (Postfix) with ESMTP id 9388E1CF6 for ; Thu, 23 Feb 2017 11:17:16 +0000 (UTC) (envelope-from ml@netfence.it) Received: from soth.ventu (82.52.25.226) by smtp206.alice.it (8.6.060.28) (authenticated as acanedi@alice.it) id 588F4277052DF248 for freebsd-security@freebsd.org; Thu, 23 Feb 2017 12:11:09 +0100 Received: from alamar.ventu (alamar.local.netfence.it [10.1.2.18]) by soth.ventu (8.15.2/8.15.2) with ESMTP id v1NBB5tm026996 for ; Thu, 23 Feb 2017 12:11:06 +0100 (CET) (envelope-from ml@netfence.it) X-Authentication-Warning: soth.ventu: Host alamar.local.netfence.it [10.1.2.18] claimed to be alamar.ventu Subject: Re: FreeBSD Security Advisory FreeBSD-SA-17:02.openssl To: freebsd-security@freebsd.org References: <20170223073948.D50555169@freefall.freebsd.org> From: Andrea Venturoli Message-ID: Date: Thu, 23 Feb 2017 12:11:05 +0100 User-Agent: Mozilla/5.0 (X11; FreeBSD i386; rv:45.0) Gecko/20100101 Thunderbird/45.6.0 MIME-Version: 1.0 In-Reply-To: <20170223073948.D50555169@freefall.freebsd.org> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Feb 2017 11:17:17 -0000 On 02/23/17 08:39, FreeBSD Security Advisories wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > ============================================================================= > FreeBSD-SA-17:02.openssl Security Advisory > The FreeBSD Project > > Topic: OpenSSL multiple vulnerabilities > > Category: contrib > Module: openssl > Announced: 2017-02-23 > Affects: All supported versions of FreeBSD. > Corrected: 2017-01-26 19:14:14 UTC (stable/11, 11.0-STABLE) > 2017-02-23 07:11:48 UTC (releng/11.0, 11.0-RELEASE-p8) > 2017-01-27 07:45:06 UTC (stable/10, 10.3-STABLE) > 2017-02-23 07:12:18 UTC (releng/10.3, 10.3-RELEASE-p16) Is this a typo? 10.3-RELEASE-p16 was out on 20170111 (for FreeBSD-SA-17:01). Should read p17, shouldn't it? bye & Thanks av. From owner-freebsd-security@freebsd.org Thu Feb 23 20:24:45 2017 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 314E0CEA0F3 for ; Thu, 23 Feb 2017 20:24:45 +0000 (UTC) (envelope-from remko@freebsd.org) Received: from smtp-out.elvandar.org (smtp-out.elvandar.org [IPv6:2a01:7c8:aaba:ae::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 93A661D10 for ; Thu, 23 Feb 2017 20:24:44 +0000 (UTC) (envelope-from remko@freebsd.org) Received: from mail1.elvandar.org (mail1.elvandar.org [IPv6:2001:470:d701::3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp-out.elvandar.org (Postfix) with ESMTPS id D12AB472B8C; Thu, 23 Feb 2017 21:24:09 +0100 (CET) DMARC-Filter: OpenDMARC Filter v1.3.1 smtp-out.elvandar.org D12AB472B8C Authentication-Results: smtp-out.elvandar.org/D12AB472B8C; dmarc=none header.from=FreeBSD.org Received: from [10.0.2.17] (f239026.upc-f.chello.nl [80.56.239.26]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail1.elvandar.org (Postfix) with ESMTPSA id 677951D745; Thu, 23 Feb 2017 21:24:09 +0100 (CET) DMARC-Filter: OpenDMARC Filter v1.3.1 mail1.elvandar.org 677951D745 Authentication-Results: mail1.elvandar.org/677951D745; dmarc=none header.from=FreeBSD.org From: Remko Lodder Message-Id: <5DBBB150-3065-4B4A-9788-5B6F626D3F7A@FreeBSD.org> Content-Type: multipart/signed; boundary="Apple-Mail=_594FCCFB-F773-47DE-A50A-86546808F39E"; protocol="application/pgp-signature"; micalg=pgp-sha512 Mime-Version: 1.0 (Mac OS X Mail 10.2 \(3259\)) Subject: Re: FreeBSD Security Advisory FreeBSD-SA-17:02.openssl Date: Thu, 23 Feb 2017 21:24:08 +0100 In-Reply-To: Cc: freebsd-security@freebsd.org To: Andrea Venturoli References: <20170223073948.D50555169@freefall.freebsd.org> X-Mailer: Apple Mail (2.3259) X-Jrhosting-MailScanner-ID: D12AB472B8C.A658A X-Jrhosting-MailScanner: Found to be clean X-Jrhosting-MailScanner-SpamCheck: not spam (whitelisted), SpamAssassin (not cached, score=-1.233, required 7, BAYES_00 -1.90, HTML_MESSAGE 0.00, SPF_SOFTFAIL 0.67, URIBL_BLOCKED 0.00) X-Jrhosting-MailScanner-From: remko@freebsd.org X-Jrhosting-MailScanner-Watermark: 1488486253.93666@UQPyUDUXsx8O+EPNSOq8Fg X-Spam-Status: No X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Feb 2017 20:24:45 -0000 --Apple-Mail=_594FCCFB-F773-47DE-A50A-86546808F39E Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii > On 23 Feb 2017, at 12:11, Andrea Venturoli wrote: >=20 > On 02/23/17 08:39, FreeBSD Security Advisories wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA512 >>=20 >> = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D >> FreeBSD-SA-17:02.openssl Security = Advisory >> The FreeBSD = Project >>=20 >> Topic: OpenSSL multiple vulnerabilities >>=20 >> Category: contrib >> Module: openssl >> Announced: 2017-02-23 >> Affects: All supported versions of FreeBSD. >> Corrected: 2017-01-26 19:14:14 UTC (stable/11, 11.0-STABLE) >> 2017-02-23 07:11:48 UTC (releng/11.0, 11.0-RELEASE-p8) >> 2017-01-27 07:45:06 UTC (stable/10, 10.3-STABLE) >> 2017-02-23 07:12:18 UTC (releng/10.3, = 10.3-RELEASE-p16) >=20 > Is this a typo? >=20 > 10.3-RELEASE-p16 was out on 20170111 (for FreeBSD-SA-17:01). >=20 > Should read p17, shouldn't it? >=20 > bye & Thanks > av. Hi Andrea, Yes our apologies. We will fix this later today in a new revision. Thanks and cheers Remko > _______________________________________________ > freebsd-security@freebsd.org = mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-security = > To unsubscribe, send any mail to = "freebsd-security-unsubscribe@freebsd.org = " --Apple-Mail=_594FCCFB-F773-47DE-A50A-86546808F39E Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJYr0ToAAoJEHE1jtY/d0B5qCoP/1bqO+izdaD+weRYBLvEAyXE pRdprK8sRB/Q6k4FkeWwIYIFj8RRM32EgCtmySsvtxAlSpjr++8Z+24Z5nVur1Eo 9IkaVw4YCqa3bUhZFL/n/14DBNhvWKLOtM5f7kHn6mpSiYKfXyUp3N4nOw11Ma20 1Fo2zFP+xF3dQyxbIRVsnSELsTWro82mVeZRNyKk4z46cqNsd2rJJpc53vaEjI9E lMPfkNDZ1VYTtszQSk4/wuJrXBmYU1CrZgYCbl2KQvu1n1HJuj8ShQp6+VL1eDso uUMQUpXwxznOrx2XbOEA3+QR19k2qyEhF3mx+ITNv/ohrp+30sFcmeWhjmzvMAYu YKOm0Xu1JHNTyQtZP1eEFj7mcqVisrVrEExZkily2QFdqCV9VQfa/Mrwmlz87/BY CybNq5kH4RQP9rqaoBSeTIvEOtPkOh0nNNvboq9IGKqYGsOzex0lLmX/ownhpBS5 QD1QMA9bTUCVD2aAdrqO/0pYTvAqCh1YOaz9/vECvHRr3jnUOzWR7jvFUOrd0HxM xzJmvclb7i+u2Yj/4YbSbmI524FZMlldt04Mq0ScbUBVIqWlQZqAHeDzslnahxWQ TMEtF8SRw3NZVSsjuiVl2YP3/pl3aj57baJsrGawfoQYp2xE5lSioVbIFKwfamuo PLt2wjIb8ruDMmWofu8v =tLVw -----END PGP SIGNATURE----- --Apple-Mail=_594FCCFB-F773-47DE-A50A-86546808F39E--