From owner-freebsd-security@FreeBSD.ORG Wed Apr 30 05:36:11 2014 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 7BA26D60 for ; Wed, 30 Apr 2014 05:36:11 +0000 (UTC) Received: from fate.ctgameinfo.com (ns1.ctgameinfo.com [184.172.20.152]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 51B7F1FAB for ; Wed, 30 Apr 2014 05:36:10 +0000 (UTC) Received: from [192.168.2.10] (S0106687f749dc87e.vs.shawcable.net [184.65.77.230]) by fate.ctgameinfo.com (Postfix) with ESMTPA id 380344513F for ; Tue, 29 Apr 2014 22:27:17 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.97.8 at spamass Message-ID: <536089BC.3060002@ctgameinfo.com> Date: Tue, 29 Apr 2014 22:27:24 -0700 From: Cstdenis User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.4.0 MIME-Version: 1.0 To: freebsd-security@freebsd.org Subject: Re: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-14:09.openssl References: <201404300435.s3U4ZA17093706@freefall.freebsd.org> In-Reply-To: <201404300435.s3U4ZA17093706@freefall.freebsd.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Mailman-Approved-At: Wed, 30 Apr 2014 11:24:14 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Apr 2014 05:36:11 -0000 Based on the CVE, it looks like older versions may also be vulnerable. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5298 On 4/29/2014 9:35 PM, FreeBSD Security Advisories wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > ============================================================================= > FreeBSD-SA-14:09.openssl Security Advisory > The FreeBSD Project > > Topic: OpenSSL use-after-free vulnerability > > Category: contrib > Module: openssl > Announced: 2014-04-30 > Affects: FreeBSD 10.x. > Corrected: 2014-04-30 04:03:05 UTC (stable/10, 10.0-STABLE) > 2014-04-30 04:04:42 UTC (releng/10.0, 10.0-RELEASE-p2) > CVE Name: CVE-2010-5298 > > For general information regarding FreeBSD Security Advisories, > including descriptions of the fields above, security branches, and the > following sections, please visit . > > I. Background > > FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is > a collaborative effort to develop a robust, commercial-grade, full-featured > Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) > and Transport Layer Security (TLS v1) protocols as well as a full-strength > general purpose cryptography library. > > OpenSSL context can be set to a mode called SSL_MODE_RELEASE_BUFFERS, which > requests the library to release the memory it holds when a read or write buffer > is no longer needed for the context. > > II. Problem Description > > The buffer may be released before the library have finished using it. It is > possible that a different SSL connection in the same process would use the > released buffer and write data into it. > > III. Impact > > An attacker may be able to inject data to a different connection that they > should not be able to. > > IV. Workaround > > No workaround is available, but systems that do not use OpenSSL to implement > the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) > protocols, or not using SSL_MODE_RELEASE_BUFFERS and use the same process > to handle multiple SSL connections, are not vulnerable. > > The FreeBSD base system service daemons and utilities do not use the > SSL_MODE_RELEASE_BUFFERS mode. However, many third party software uses this > mode to reduce their memory footprint and may therefore be affected by this > issue. > > V. Solution > > Perform one of the following: > > 1) Upgrade your vulnerable system to a supported FreeBSD stable or > release / security branch (releng) dated after the correction date. > > 2) To update your vulnerable system via a source code patch: > > The following patches have been verified to apply to the applicable > FreeBSD release branches. > > a) Download the relevant patch from the location below, and verify the > detached PGP signature using your PGP utility. > > # fetch http://security.FreeBSD.org/patches/SA-14:09/openssl.patch > # fetch http://security.FreeBSD.org/patches/SA-14:09/openssl.patch.asc > # gpg --verify openssl.patch.asc > > Restart all deamons using the library, or reboot the system. > > 3) To update your vulnerable system via a binary patch: > > Systems running a RELEASE version of FreeBSD on the i386 or amd64 > platforms can be updated via the freebsd-update(8) utility: > > # freebsd-update fetch > # freebsd-update install > > VI. Correction details > > The following list contains the correction revision numbers for each > affected branch. > > Branch/path Revision > - ------------------------------------------------------------------------- > stable/10/ r265122 > releng/10.0/ r265124 > - ------------------------------------------------------------------------- > > To see which files were modified by a particular revision, run the > following command, replacing NNNNNN with the revision number, on a > machine with Subversion installed: > > # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base > > Or visit the following URL, replacing NNNNNN with the revision number: > > > > VII. References > > > > > > > > The latest revision of this advisory is available at > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2.0.22 (FreeBSD) > > iQIcBAEBCgAGBQJTYHsHAAoJEO1n7NZdz2rn2EsP+wYlobS4EiYtgspXAFgKLha1 > 0aeA7UokUs21QRTV9tIiFD0Se5HwdmHdh94bRJMRFraU22QYbAelG5GPsZPdRCt4 > 0ECLKUBDK6ng2M7UNyKhkstsL0+wBq6y5dzKjpR49QX4Vh2zEUYw5BcC5vrIk+YK > Qazq8l1t5bl9ebm9rIDmd2uCv/Qe1MgnMlAczeH9HckfzMiH6NhnAuiYpP7K0mIL > By6gpSxsHPeQShgJN/5kJjVGkdQK1/A1q0KnNf5r/itQdSC96NazKpCCpkud6RMm > k9aPxI5As5Scl70zuCUDAS6vbNI3dvzCU46k8t65/FTeYQO2lxje0QZpqaDiB3+2 > tbN5kDviQdWHlJyygCeNK3jxdv0H3+zUZidjPuo158Zcbhb4ckTEZtMtgTn0fRoY > alG8qLn3hLj51fPHQK3Ff96xL+1DrhT+3D18OYIbjx7LKtsJJbnorB3jrbW68Ggr > h0bW+8yAm1jDFM4kPQw6gcrmtyjxNhnVRLoeoBPSIkmS9cm+12YcXufbSyLm/WqG > hkpPCrvUXibZmLi0CDlRMhLkjaOUhEXQsV3OR0gCmuFtN52gncyrIoPaxs79HZ1A > g2JxLp7b56B2XOyakEmNc+rqJJkzi+LV8HTp5DcrbXjAunYk9ipfxPakqXFDD6jV > L3ElC6aFDJ2UchtmjBRk > =Y+tE > -----END PGP SIGNATURE----- > _______________________________________________ > freebsd-announce@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-announce > To unsubscribe, send any mail to "freebsd-announce-unsubscribe@freebsd.org"