From owner-freebsd-announce@FreeBSD.ORG  Thu May  3 16:01:16 2012
Return-Path: <owner-freebsd-announce@FreeBSD.ORG>
Delivered-To: freebsd-announce@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 3839E1065678;
	Thu,  3 May 2012 16:01:16 +0000 (UTC)
	(envelope-from security-advisories@freebsd.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 1E34E8FC14;
	Thu,  3 May 2012 16:01:16 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id q43G1GhV070191;
	Thu, 3 May 2012 16:01:16 GMT
	(envelope-from security-advisories@freebsd.org)
Received: (from bz@localhost)
	by freefall.freebsd.org (8.14.5/8.14.5/Submit) id q43G1FSu070184;
	Thu, 3 May 2012 16:01:15 GMT
	(envelope-from security-advisories@freebsd.org)
Date: Thu, 3 May 2012 16:01:15 GMT
Message-Id: <201205031601.q43G1FSu070184@freefall.freebsd.org>
X-Authentication-Warning: freefall.freebsd.org: bz set sender to
	security-advisories@freebsd.org using -f
From: FreeBSD Security Advisories <security-advisories@freebsd.org>
To: FreeBSD Security Advisories <security-advisories@freebsd.org>
Precedence: bulk
Cc: 
Subject: [FreeBSD-Announce] FreeBSD Security Advisory
	FreeBSD-SA-12:01.openssl
X-BeenThere: freebsd-announce@freebsd.org
X-Mailman-Version: 2.1.5
Reply-To: freebsd-security@freebsd.org
List-Id: "Project Announcements \[moderated\]" <freebsd-announce.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-announce>, 
	<mailto:freebsd-announce-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-announce>
List-Post: <mailto:freebsd-announce@freebsd.org>
List-Help: <mailto:freebsd-announce-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-announce>, 
	<mailto:freebsd-announce-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 03 May 2012 16:01:16 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=============================================================================
FreeBSD-SA-12:01.openssl                                    Security Advisory
                                                          The FreeBSD Project

Topic:          OpenSSL multiple vulnerabilities

Category:       contrib
Module:         openssl
Announced:      2012-05-03
Credits:        Adam Langley, George Kadianakis, Ben Laurie,
                Ivan Nestlerode, Tavis Ormandy
Affects:        All supported versions of FreeBSD.
Corrected:      2012-05-03 15:25:11 UTC (RELENG_7, 7.4-STABLE)
                2012-05-03 15:25:11 UTC (RELENG_7_4, 7.4-RELEASE-p7)
                2012-05-03 15:25:11 UTC (RELENG_8, 8.3-STABLE)
                2012-05-03 15:25:11 UTC (RELENG_8_3, 8.3-RELEASE-p1)
                2012-05-03 15:25:11 UTC (RELENG_8_2, 8.2-RELEASE-p7)
                2012-05-03 15:25:11 UTC (RELENG_8_1, 8.1-RELEASE-p9)
                2012-05-03 15:25:11 UTC (RELENG_9, 9.0-STABLE)
                2012-05-03 15:25:11 UTC (RELENG_9_0, 9.0-RELEASE-p1)
CVE Name:       CVE-2011-4576, CVE-2011-4619, CVE-2011-4109,
                CVE-2012-0884, CVE-2012-2110

For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:http://security.FreeBSD.org/>.

I.   Background

FreeBSD includes software from the OpenSSL Project.  The OpenSSL Project is
a collaborative effort to develop a robust, commercial-grade, full-featured
Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols as well as a full-strength
general purpose cryptography library.

II.  Problem Description

OpenSSL failes to clear the bytes used as block cipher padding in SSL 3.0
records when operating as a client or a server that accept SSL 3.0
handshakes.  As a result, in each record, up to 15 bytes of uninitialized
memory may be sent, encrypted, to the SSL peer.  This could include
sensitive contents of previously freed memory. [CVE-2011-4576]

OpenSSL support for handshake restarts for server gated cryptograpy (SGC)
can be used in a denial-of-service attack. [CVE-2011-4619]

If an application uses OpenSSL's certificate policy checking when
verifying X509 certificates, by enabling the X509_V_FLAG_POLICY_CHECK
flag, a policy check failure can lead to a double-free. [CVE-2011-4109]

A weakness in the OpenSSL PKCS #7 code can be exploited using
Bleichenbacher's attack on PKCS #1 v1.5 RSA padding also known as the
million message attack (MMA). [CVE-2012-0884]

The asn1_d2i_read_bio() function, used by the d2i_*_bio and d2i_*_fp
functions, in OpenSSL contains multiple integer errors that can cause
memory corruption when parsing encoded ASN.1 data.  This error can occur
on systems that parse untrusted ASN.1 data, such as X.509 certificates
or RSA public keys. [CVE-2012-2110]

III. Impact

Sensitive contents of the previously freed memory can be exposed
when communicating with a SSL 3.0 peer.  However, FreeBSD OpenSSL
version does not support SSL_MODE_RELEASE_BUFFERS SSL mode and
therefore have a single write buffer per connection.  That write buffer
is partially filled with non-sensitive, handshake data at the beginning
of the connection and, thereafter, only records which are longer than
any previously sent record leak any non-encrypted data.  This, combined
with the small number of bytes leaked per record, serves to limit to
severity of this issue. [CVE-2011-4576]

Denial of service can be caused in the OpenSSL server application
supporting server gated cryptograpy by performing multiple handshake
restarts. [CVE-2011-4619]

The double-free, when an application performs X509 certificate policy
checking, can lead to denial of service in that application.
[CVE-2011-4109]

A weakness in the OpenSSL PKCS #7 code can lead to a successful
Bleichenbacher attack.  Only users of PKCS #7 decryption operations are
affected.  A successful attack needs on average 2^20 messages. In
practice only automated systems will be affected as humans will not be
willing to process this many messages.  SSL/TLS applications are not
affected. [CVE-2012-0884]

The vulnerability in the asn1_d2i_read_bio() OpenSSL function can lead
to a potentially exploitable attack via buffer overflow.  The SSL/TLS
code in OpenSSL is not affected by this issue, nor are applications
using the memory based ASN.1 functions.  There are no applications in
FreeBSD base system affected by this issue, though some 3rd party
consumers of these functions might be vulnerable when processing
untrusted ASN.1 data.  [CVE-2012-2110]

IV.  Workaround

No workaround is available.

V.   Solution

Perform one of the following:

1) Upgrade your vulnerable system to 7-STABLE, 8-STABLE or 9-STABLE,
or to the RELENG_7_4, RELENG_8_3, RELENG_8_2, RELENG_8_1, RELENG_9_0
security branch dated after the correction date.

2) To update your vulnerable system via a source code patch:

The following patches have been verified to apply to FreeBSD 7.4, 8.3,
8.2, 8.1, and 9.0 systems.

a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.

# fetch http://security.FreeBSD.org/patches/SA-12:01/openssl.patch
# fetch http://security.FreeBSD.org/patches/SA-12:01/openssl.patch.asc

b) Execute the following commands as root:

# cd /usr/src
# patch < /path/to/patch

c) Recompile the operating system as described in
<URL: http://www.freebsd.org/handbook/makeworld.html> and reboot the
system.

NOTE: Any third-party applications, including those installed from the
FreeBSD ports collection, which are statically linked to libcrypto(3)
should be recompiled in order to use the corrected code.

3) To update your vulnerable system via a binary patch:

Systems running 7.4-RELEASE, 8.3-RELEASE, 8.2-RELEASE, 8.1-RELEASE or
9.0-RELEASE on the i386 or amd64 platforms can be updated via the
freebsd-update(8) utility:

# freebsd-update fetch
# freebsd-update install

VI.  Correction details

The following list contains the revision numbers of each file that was
corrected in FreeBSD.

CVS:

Branch                                                           Revision
  Path
- - -------------------------------------------------------------------------
RELENG_7
  src/crypto/openssl/crypto/pkcs7/pk7_doit.c                 1.1.1.13.2.2
  src/crypto/openssl/crypto/mem.c                             1.1.1.8.2.2
  src/crypto/openssl/crypto/x509v3/pcy_map.c                  1.1.1.1.2.2
  src/crypto/openssl/crypto/x509v3/pcy_tree.c                 1.1.1.2.2.2
  src/crypto/openssl/crypto/asn1/a_d2i_fp.c                   1.1.1.3.2.1
  src/crypto/openssl/crypto/buffer/buffer.c                   1.1.1.4.2.2
  src/crypto/openssl/ssl/ssl_err.c                           1.1.1.11.2.3
  src/crypto/openssl/ssl/s3_srvr.c                           1.1.1.17.2.7
  src/crypto/openssl/ssl/ssl.h                               1.1.1.16.2.3
  src/crypto/openssl/ssl/s3_enc.c                            1.1.1.13.2.2
  src/crypto/openssl/ssl/ssl3.h                               1.1.1.6.2.2
RELENG_7_4
  src/UPDATING                                             1.507.2.36.2.9
  src/sys/conf/newvers.sh                                  1.72.2.18.2.12
  src/crypto/openssl/crypto/pkcs7/pk7_doit.c             1.1.1.13.2.1.2.1
  src/crypto/openssl/crypto/mem.c                         1.1.1.8.2.1.2.1
  src/crypto/openssl/crypto/x509v3/pcy_map.c              1.1.1.1.2.1.2.1
  src/crypto/openssl/crypto/x509v3/pcy_tree.c             1.1.1.2.2.1.2.1
  src/crypto/openssl/crypto/asn1/a_d2i_fp.c                  1.1.1.3.20.1
  src/crypto/openssl/crypto/buffer/buffer.c               1.1.1.4.2.1.2.1
  src/crypto/openssl/ssl/ssl_err.c                       1.1.1.11.2.2.2.1
  src/crypto/openssl/ssl/s3_srvr.c                       1.1.1.17.2.5.2.1
  src/crypto/openssl/ssl/ssl.h                           1.1.1.16.2.2.2.1
  src/crypto/openssl/ssl/s3_enc.c                        1.1.1.13.2.1.2.1
  src/crypto/openssl/ssl/ssl3.h                           1.1.1.6.2.1.2.1
RELENG_8
  src/crypto/openssl/crypto/pkcs7/pk7_doit.c                1.1.1.13.10.2
  src/crypto/openssl/crypto/mem.c                                 1.2.2.1
  src/crypto/openssl/crypto/x509v3/pcy_map.c                      1.2.2.1
  src/crypto/openssl/crypto/x509v3/pcy_tree.c                     1.2.2.2
  src/crypto/openssl/crypto/asn1/a_d2i_fp.c                  1.1.1.3.10.1
  src/crypto/openssl/crypto/buffer/buffer.c                       1.2.2.1
  src/crypto/openssl/ssl/ssl_err.c                                1.2.2.2
  src/crypto/openssl/ssl/s3_srvr.c                                1.3.2.5
  src/crypto/openssl/ssl/ssl.h                                    1.2.2.2
  src/crypto/openssl/ssl/s3_enc.c                                 1.2.2.2
  src/crypto/openssl/ssl/ssl3.h                                   1.2.2.2
RELENG_8_3
  src/UPDATING                                             1.632.2.26.2.3
  src/sys/conf/newvers.sh                                   1.83.2.15.2.5
  src/crypto/openssl/crypto/pkcs7/pk7_doit.c            1.1.1.13.10.1.4.1
  src/crypto/openssl/crypto/mem.c                                1.2.14.1
  src/crypto/openssl/crypto/x509v3/pcy_map.c                     1.2.14.1
  src/crypto/openssl/crypto/x509v3/pcy_tree.c                 1.2.2.1.6.1
  src/crypto/openssl/crypto/asn1/a_d2i_fp.c                  1.1.1.3.26.1
  src/crypto/openssl/crypto/buffer/buffer.c                      1.2.14.1
  src/crypto/openssl/ssl/ssl_err.c                            1.2.2.1.6.1
  src/crypto/openssl/ssl/s3_srvr.c                            1.3.2.4.2.1
  src/crypto/openssl/ssl/ssl.h                                1.2.2.1.6.1
  src/crypto/openssl/ssl/s3_enc.c                             1.2.2.1.4.1
  src/crypto/openssl/ssl/ssl3.h                               1.2.2.1.6.1
RELENG_8_2
  src/UPDATING                                             1.632.2.19.2.9
  src/sys/conf/newvers.sh                                  1.83.2.12.2.12
  src/crypto/openssl/crypto/pkcs7/pk7_doit.c            1.1.1.13.10.1.2.1
  src/crypto/openssl/crypto/mem.c                                 1.2.8.1
  src/crypto/openssl/crypto/x509v3/pcy_map.c                      1.2.8.1
  src/crypto/openssl/crypto/x509v3/pcy_tree.c                 1.2.2.1.4.1
  src/crypto/openssl/crypto/asn1/a_d2i_fp.c                  1.1.1.3.18.1
  src/crypto/openssl/crypto/buffer/buffer.c                       1.2.8.1
  src/crypto/openssl/ssl/ssl_err.c                            1.2.2.1.4.1
  src/crypto/openssl/ssl/s3_srvr.c                            1.3.2.3.2.1
  src/crypto/openssl/ssl/ssl.h                                1.2.2.1.4.1
  src/crypto/openssl/ssl/s3_enc.c                             1.2.2.1.2.1
  src/crypto/openssl/ssl/ssl3.h                               1.2.2.1.4.1
RELENG_8_1
  src/UPDATING                                            1.632.2.14.2.12
  src/sys/conf/newvers.sh                                  1.83.2.10.2.13
  src/crypto/openssl/crypto/pkcs7/pk7_doit.c                1.1.1.13.16.1
  src/crypto/openssl/crypto/mem.c                                 1.2.6.1
  src/crypto/openssl/crypto/x509v3/pcy_map.c                      1.2.6.1
  src/crypto/openssl/crypto/x509v3/pcy_tree.c                 1.2.2.1.2.1
  src/crypto/openssl/crypto/asn1/a_d2i_fp.c                  1.1.1.3.16.1
  src/crypto/openssl/crypto/buffer/buffer.c                       1.2.6.1
  src/crypto/openssl/ssl/ssl_err.c                            1.2.2.1.2.1
  src/crypto/openssl/ssl/s3_srvr.c                            1.3.2.2.2.1
  src/crypto/openssl/ssl/ssl.h                                1.2.2.1.2.1
  src/crypto/openssl/ssl/s3_enc.c                                 1.2.6.1
  src/crypto/openssl/ssl/ssl3.h                               1.2.2.1.2.1
RELENG_9
  src/crypto/openssl/crypto/pkcs7/pk7_doit.c                      1.2.2.1
  src/crypto/openssl/crypto/mem.c                                1.2.10.1
  src/crypto/openssl/crypto/x509v3/pcy_map.c                     1.2.10.1
  src/crypto/openssl/crypto/x509v3/pcy_tree.c                     1.3.2.1
  src/crypto/openssl/crypto/asn1/a_d2i_fp.c                  1.1.1.3.22.1
  src/crypto/openssl/crypto/buffer/buffer.c                      1.2.10.1
  src/crypto/openssl/ssl/ssl_err.c                                1.3.2.1
  src/crypto/openssl/ssl/s3_srvr.c                                1.7.2.1
  src/crypto/openssl/ssl/ssl.h                                    1.3.2.1
  src/crypto/openssl/ssl/s3_enc.c                                 1.3.2.1
  src/crypto/openssl/ssl/ssl3.h                                   1.3.2.1
RELENG_9_0
  src/UPDATING                                              1.702.2.4.2.3
  src/sys/conf/newvers.sh                                    1.95.2.4.2.5
  src/crypto/openssl/crypto/pkcs7/pk7_doit.c                      1.2.4.1
  src/crypto/openssl/crypto/mem.c                                1.2.12.1
  src/crypto/openssl/crypto/x509v3/pcy_map.c                     1.2.12.1
  src/crypto/openssl/crypto/x509v3/pcy_tree.c                     1.3.4.1
  src/crypto/openssl/crypto/asn1/a_d2i_fp.c                  1.1.1.3.24.1
  src/crypto/openssl/crypto/buffer/buffer.c                      1.2.12.1
  src/crypto/openssl/ssl/ssl_err.c                                1.3.4.1
  src/crypto/openssl/ssl/s3_srvr.c                                1.7.4.1
  src/crypto/openssl/ssl/ssl.h                                    1.3.4.1
  src/crypto/openssl/ssl/s3_enc.c                                 1.3.4.1
  src/crypto/openssl/ssl/ssl3.h                                   1.3.4.1
- - -------------------------------------------------------------------------

Subversion:

Branch/path                                                      Revision
- - -------------------------------------------------------------------------
stable/7/                                                         r234954
releng/7.4/                                                       r234954
stable/8/                                                         r234954
releng/8.3/                                                       r234954
releng/8.2/                                                       r234954
releng/8.1/                                                       r234954
stable/9/                                                         r234954
releng/9.0/                                                       r234954
- - -------------------------------------------------------------------------

VII. References

http://www.openssl.org/news/secadv_20120419.txt
http://www.openssl.org/news/secadv_20120312.txt
http://www.openssl.org/news/secadv_20120104.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4576
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4619
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4109
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0884
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2110
http://lists.openwall.net/full-disclosure/2012/04/19/4

The latest revision of this advisory is available at
http://security.FreeBSD.org/advisories/FreeBSD-SA-12:01.openssl.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (FreeBSD)

iEYEARECAAYFAk+ipzUACgkQFdaIBMps37I7pACeI7zZ21vj+6AVz5+15OP4foXm
N1IAn2rMThkptUz62e0QDCv3tJKW6N9i
=ko2h
-----END PGP SIGNATURE-----