From owner-freebsd-security@FreeBSD.ORG Wed Apr 30 12:58:56 2014 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id AD363282 for ; Wed, 30 Apr 2014 12:58:56 +0000 (UTC) Received: from chroot.pl (unknown [IPv6:2001:470:1f0b:3ba::3]) by mx1.freebsd.org (Postfix) with ESMTP id 048431D36 for ; Wed, 30 Apr 2014 12:58:56 +0000 (UTC) Message-ID: <5360F38B.3000205@chroot.pl> Date: Wed, 30 Apr 2014 14:58:51 +0200 From: Lukasz User-Agent: WebMail MIME-Version: 1.0 To: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-14:09.openssl References: <201404300435.s3U4ZAga093727@freefall.freebsd.org> In-Reply-To: <201404300435.s3U4ZAga093727@freefall.freebsd.org> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Virus-Scanned: clamav-milter 0.98.1 at chroot.pl X-Virus-Status: Clean X-Spam-Status: No, score=-0.9 required=3.0 tests=ALL_TRUSTED,MISSING_MID autolearn=no autolearn_force=no version=3.4.0 X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on chroot.pl X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Apr 2014 12:58:56 -0000 Hi! Is there something missing in this SA? 2) "b) Execute the following commands as root: # cd /usr/src # patch < /path/to/patch Recompile the operating system using buildworld and installworld as described in ." Regards. On 04/30/2014 06:35 AM, FreeBSD Security Advisories wrote: > ============================================================================= > FreeBSD-SA-14:09.openssl Security Advisory > The FreeBSD Project > > Topic: OpenSSL use-after-free vulnerability > > Category: contrib > Module: openssl > Announced: 2014-04-30 > Affects: FreeBSD 10.x. > Corrected: 2014-04-30 04:03:05 UTC (stable/10, 10.0-STABLE) > 2014-04-30 04:04:42 UTC (releng/10.0, 10.0-RELEASE-p2) > CVE Name: CVE-2010-5298 > > For general information regarding FreeBSD Security Advisories, > including descriptions of the fields above, security branches, and the > following sections, please visit . > > I. Background > > FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is > a collaborative effort to develop a robust, commercial-grade, full-featured > Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) > and Transport Layer Security (TLS v1) protocols as well as a full-strength > general purpose cryptography library. > > OpenSSL context can be set to a mode called SSL_MODE_RELEASE_BUFFERS, which > requests the library to release the memory it holds when a read or write buffer > is no longer needed for the context. > > II. Problem Description > > The buffer may be released before the library have finished using it. It is > possible that a different SSL connection in the same process would use the > released buffer and write data into it. > > III. Impact > > An attacker may be able to inject data to a different connection that they > should not be able to. > > IV. Workaround > > No workaround is available, but systems that do not use OpenSSL to implement > the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) > protocols, or not using SSL_MODE_RELEASE_BUFFERS and use the same process > to handle multiple SSL connections, are not vulnerable. > > The FreeBSD base system service daemons and utilities do not use the > SSL_MODE_RELEASE_BUFFERS mode. However, many third party software uses this > mode to reduce their memory footprint and may therefore be affected by this > issue. > > V. Solution > > Perform one of the following: > > 1) Upgrade your vulnerable system to a supported FreeBSD stable or > release / security branch (releng) dated after the correction date. > > 2) To update your vulnerable system via a source code patch: > > The following patches have been verified to apply to the applicable > FreeBSD release branches. > > a) Download the relevant patch from the location below, and verify the > detached PGP signature using your PGP utility. > > # fetch http://security.FreeBSD.org/patches/SA-14:09/openssl.patch > # fetch http://security.FreeBSD.org/patches/SA-14:09/openssl.patch.asc > # gpg --verify openssl.patch.asc > > Restart all deamons using the library, or reboot the system. > > 3) To update your vulnerable system via a binary patch: > > Systems running a RELEASE version of FreeBSD on the i386 or amd64 > platforms can be updated via the freebsd-update(8) utility: > > # freebsd-update fetch > # freebsd-update install > > VI. Correction details > > The following list contains the correction revision numbers for each > affected branch. > > Branch/path Revision > ------------------------------------------------------------------------- > stable/10/ r265122 > releng/10.0/ r265124 > ------------------------------------------------------------------------- > > To see which files were modified by a particular revision, run the > following command, replacing NNNNNN with the revision number, on a > machine with Subversion installed: > > # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base > > Or visit the following URL, replacing NNNNNN with the revision number: > > > > VII. References > > > > > > > > The latest revision of this advisory is available at > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" >