From owner-freebsd-security@freebsd.org Mon Nov 30 19:32:25 2015 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 27C4AA3C4EE; Mon, 30 Nov 2015 19:32:25 +0000 (UTC) (envelope-from brooks@spindle.one-eyed-alien.net) Received: from spindle.one-eyed-alien.net (spindle.one-eyed-alien.net [199.48.129.229]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id F3BB01785; Mon, 30 Nov 2015 19:32:24 +0000 (UTC) (envelope-from brooks@spindle.one-eyed-alien.net) Received: by spindle.one-eyed-alien.net (Postfix, from userid 3001) id B87EF5A9F12; Mon, 30 Nov 2015 19:23:48 +0000 (UTC) Date: Mon, 30 Nov 2015 19:23:48 +0000 From: Brooks Davis To: Aaron Zauner Cc: Dag-Erling Sm??rgrav , freebsd-security@freebsd.org, freebsd-current@freebsd.org, Dewayne Geraghty , Benjamin Kaduk Subject: Re: OpenSSH HPN Message-ID: <20151130192348.GD81246@spindle.one-eyed-alien.net> References: <86y4e47uty.fsf@desk.des.no> <56436F4B.8050002@FreeBSD.org> <86r3jwfpiq.fsf@desk.des.no> <20151111181339.GE48728@zxy.spb.ru> <86io58flhk.fsf@desk.des.no> <20151111184448.GR31314@zxy.spb.ru> <86egfu9z0j.fsf@desk.des.no> <20151124212613.4ff9b25ea0@80601bfc61c7744> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="GvXjxJ+pjyke8COw" Content-Disposition: inline In-Reply-To: <20151124212613.4ff9b25ea0@80601bfc61c7744> User-Agent: Mutt/1.5.24 (2015-08-30) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Nov 2015 19:32:25 -0000 --GvXjxJ+pjyke8COw Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Nov 24, 2015 at 09:29:44PM +0100, Aaron Zauner wrote: > Hi, >=20 > Please forgive my ignorance but what's the reason FreeBSD ships > OpenSSH patched with HPN by default? Besides my passion for > security, I've been working in the HPC sector for a while and > benchmarked the patch for a customer about 1.5 years ago. The > CTR-multi threading patch is actually *slower* than upstream OpenSSH > with AES in CTR mode. GCM being, of course, the fastest mode on > AESNI plattforms. We never imported the AES bits as they were broken and AESNI was available. > The NULL mode is a security concern as some have noted, I can only > imagine that the window-scaling patch is of such importance? Both NULL and window-scaling were merged because both are useful in some environments. -- Brooks --GvXjxJ+pjyke8COw Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJWXKJDAAoJEKzQXbSebgfASrgH/1p/MkvhO0k28KFPB9wE0eKG MwNfbV7LzVJNR7ZZPUZHbvuR4OS1XR497q9yHBEmcpwEDCMqPZazHrSsaam9z46N e1sUcbLzPE1qeWIiHZX4cDddTQZMDkK53Wb368doSPF04SO+FseJWBZi0N0UEcjI RdRXtGkqH4pjvUc9g7HgKrhGQuL8qTpym9QGkfqTla3JrOHYK92DqNU2VNQnDX5T /N3OsD9BprvoQo+rrjwMc0znODGpBFFaxY8LxyCNJFb8k4S69yhrSufoad3/sTFj Q+tPhl01pNKRBxfN0O5Zz1hrx1U36A5OcpNfhcImnK5nI8RfXvqP8cFzdqkgASc= =uiPE -----END PGP SIGNATURE----- --GvXjxJ+pjyke8COw-- From owner-freebsd-security@freebsd.org Tue Dec 1 04:34:11 2015 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id AEB8EA3D8EE for ; Tue, 1 Dec 2015 04:34:11 +0000 (UTC) (envelope-from julian@freebsd.org) Received: from vps1.elischer.org (vps1.elischer.org [204.109.63.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 832071119 for ; Tue, 1 Dec 2015 04:34:11 +0000 (UTC) (envelope-from julian@freebsd.org) Received: from Julian-MBP3.local (50-196-156-133-static.hfc.comcastbusiness.net [50.196.156.133]) (authenticated bits=0) by vps1.elischer.org (8.15.2/8.15.2) with ESMTPSA id tB14Y4tH004047 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Mon, 30 Nov 2015 20:34:07 -0800 (PST) (envelope-from julian@freebsd.org) Subject: Re: OpenSSH HPN To: Brooks Davis , Aaron Zauner References: <86y4e47uty.fsf@desk.des.no> <56436F4B.8050002@FreeBSD.org> <86r3jwfpiq.fsf@desk.des.no> <20151111181339.GE48728@zxy.spb.ru> <86io58flhk.fsf@desk.des.no> <20151111184448.GR31314@zxy.spb.ru> <86egfu9z0j.fsf@desk.des.no> <20151124212613.4ff9b25ea0@80601bfc61c7744> <20151130192348.GD81246@spindle.one-eyed-alien.net> Cc: Dag-Erling Sm??rgrav , freebsd-security@freebsd.org, freebsd-current@freebsd.org, Dewayne Geraghty , Benjamin Kaduk From: Julian Elischer Message-ID: <565D2336.60505@freebsd.org> Date: Tue, 1 Dec 2015 12:33:58 +0800 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:38.0) Gecko/20100101 Thunderbird/38.4.0 MIME-Version: 1.0 In-Reply-To: <20151130192348.GD81246@spindle.one-eyed-alien.net> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Dec 2015 04:34:11 -0000 On 1/12/2015 3:23 AM, Brooks Davis wrote: > On Tue, Nov 24, 2015 at 09:29:44PM +0100, Aaron Zauner wrote: >> Hi, >> >> Please forgive my ignorance but what's the reason FreeBSD ships >> OpenSSH patched with HPN by default? Besides my passion for >> security, I've been working in the HPC sector for a while and >> benchmarked the patch for a customer about 1.5 years ago. The >> CTR-multi threading patch is actually *slower* than upstream OpenSSH >> with AES in CTR mode. GCM being, of course, the fastest mode on >> AESNI plattforms. > We never imported the AES bits as they were broken and AESNI was > available. > >> The NULL mode is a security concern as some have noted, I can only >> imagine that the window-scaling patch is of such importance? > Both NULL and window-scaling were merged because both are useful in some > environments. yeah but Null was just unmerged. window scaling is also on the block I think > > -- Brooks From owner-freebsd-security@freebsd.org Sat Dec 5 10:16:48 2015 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7BB5EA4270B for ; Sat, 5 Dec 2015 10:16:48 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id 6D38718A8; Sat, 5 Dec 2015 10:16:48 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: by freefall.freebsd.org (Postfix, from userid 1035) id 6DA8E1C7E; Sat, 5 Dec 2015 10:16:48 +0000 (UTC) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory FreeBSD-SA-15:26.openssl Reply-To: freebsd-security@freebsd.org Precedence: bulk Message-Id: <20151205101648.6DA8E1C7E@freefall.freebsd.org> Date: Sat, 5 Dec 2015 10:16:48 +0000 (UTC) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 05 Dec 2015 10:16:48 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-15:26.openssl Security Advisory The FreeBSD Project Topic: Multiple OpenSSL vulnerabilities Category: contrib Module: openssl Announced: 2015-12-05 Affects: All supported versions of FreeBSD. Corrected: 2015-12-03 21:18:48 UTC (stable/10, 10.2-STABLE) 2015-12-05 09:53:58 UTC (releng/10.2, 10.2-RELEASE-p8) 2015-12-05 09:53:58 UTC (releng/10.1, 10.1-RELEASE-p25) 2015-12-03 21:24:40 UTC (stable/9, 9.3-STABLE) 2015-12-05 09:53:58 UTC (releng/9.3, 9.3-RELEASE-p31) CVE Name: CVE-2015-3194, CVE-2015-3195, CVE-2015-3196 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. II. Problem Description The signature verification routines will crash with a NULL pointer dereference if presented with an ASN.1 signature using the RSA PSS algorithm and absent mask generation function parameter. [CVE-2015-3194] When presented with a malformed X509_ATTRIBUTE structure, OpenSSL will leak memory. [CVE-2015-3195] If PSK identity hints are received by a multi-threaded client then the values are incorrectly updated in the parent SSL_CTX structure. [CVE-2015-3196] III. Impact A remote attacker who can present a specifically crafted certificate may cause a OpenSSL client or server application that performs certificate signature verification to crash with a NULL pointer dereference, resulting in a Denial of Service. [CVE-2015-3194] This affects FreeBSD 10.x only. An attacker who is able to feed specifically crafted PKCS#7/CMS data to an OpenSSL application can cause memory leak which may eventually result in a Denial of Service. [CVE-2015-3195] A remote attacker who can send PSK identity hints to a multi-thread client may trigger a double fault of hint data, which may lead to crash the client application. [CVE-2015-3196]. This affects FreeBSD 10.1 only. IV. Workaround No workaround is available. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. Reboot is optional but recommended. 2) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install Reboot is optional but recommended. 3) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 9.3] # fetch https://security.FreeBSD.org/patches/SA-15:26/openssl-9.3.patch # fetch https://security.FreeBSD.org/patches/SA-15:26/openssl-9.3.patch.asc # gpg --verify openssl-9.3.patch.asc [FreeBSD 10.1] # fetch https://security.FreeBSD.org/patches/SA-15:26/openssl-10.1.patch # fetch https://security.FreeBSD.org/patches/SA-15:26/openssl-10.1.patch.asc # gpg --verify openssl-10.1.patch.asc [FreeBSD 10.2] # fetch https://security.FreeBSD.org/patches/SA-15:26/openssl-10.2.patch # fetch https://security.FreeBSD.org/patches/SA-15:26/openssl-10.2.patch.asc # gpg --verify openssl-10.2.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in . Restart all deamons using the library, or reboot the system. VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/9/ r291722 releng/9.3/ r291854 stable/10/ r291721 releng/10.1/ r291854 releng/10.2/ r291854 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.1.8 (FreeBSD) iQIcBAEBCgAGBQJWYrWXAAoJEO1n7NZdz2rnLS8QAJvvKkFk/l4lvh34dmy9rGU5 pEoeR47Mw9KGirjARBwuOerqykBO+2vUPAnOFUMcQTuG4V23s9u2v9T8dO70feu8 o6eTtYrOyliECEywoGmuKmTVjtpGnXTg5BeAuG6i/C2XphEB+6Qq7eCz64n8TZQN NB9emfqE6p0/ndxf3oyrcgw6gLgawmfBH4cWGa07Vd9X2XVc6sPjODDoXmXS8uj3 xtPNFy7L48YfMAhd6l55hO9qxqTY5Pq8EkvZVWPlCYSET+4FBwIIU6Nwpzgpr8bd viTHhwk/pf5wk1rMZzQVbrriQ7vAW4TG6oVsbTHLLC/prNzmTvW2KPqXyWWscRHS 2HWQ1at/b0brA+0rnzEVMQk/nH2031AuXy8o1gizNJoLItuS9Lp7P6xOPaogqss5 J1wmaEkWRSItCGlCIJAxiw1dqbk5tH8Isy1Axno7doTKloeLFanhdPoJP5BexLuo Vbl7A92xQVJLJKLoklVy3QaiKmcbJ/tdgSeI7e3gP8MDkblvSd6UIvHQfUigrA5B JXYQWQgsHpc3tIGaDsbnrkV27O0yUXNipnj8PAEgaknXX5n6Zpyz9Z9Vitfnj1tC 1LAGo/kW8+L1hAX3W5XgsIOe9jWxae19uTGOoaM8tnVtH5bQpjjdWFE2zunzzfJe bCPjBJfZw5z5rvQAkBuY =p0x+ -----END PGP SIGNATURE-----