Date: Wed, 29 Nov 2017 08:38:01 +0100 From: Franco Fichtner <franco@lastsummer.de> To: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-17:11.openssl Message-ID: <3855CF30-0FD4-4F8C-9349-3CA7BEE3E460@lastsummer.de> In-Reply-To: <20171129061559.38CB8C999@freefall.freebsd.org> References: <20171129061559.38CB8C999@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, releng/11.1 is missing the bump to p5 patch level in sys/conf/newvers.sh Cheers, Franco > On 29. Nov 2017, at 7:15 AM, FreeBSD Security Advisories <security-advisories@freebsd.org> wrote: > > Signed PGP part > ============================================================================= > FreeBSD-SA-17:11.openssl Security Advisory > The FreeBSD Project > > Topic: OpenSSL multiple vulnerabilities > > Category: contrib > Module: openssl > Announced: 2017-11-29 > Affects: All supported versions of FreeBSD. > Corrected: 2017-11-02 18:30:41 UTC (stable/11, 11.1-STABLE) > 2017-11-29 05:59:12 UTC (releng/11.1, 11.1-RELEASE-p5) > 2017-11-29 05:59:12 UTC (releng/11.0, 11.0-RELEASE-p16) > 2017-11-29 05:35:28 UTC (stable/10, 10.4-STABLE) > 2017-11-29 05:59:50 UTC (releng/10.4, 10.4-RELEASE-p4) > 2017-11-29 05:59:50 UTC (releng/10.3, 10.3-RELEASE-p25) > CVE Name: CVE-2017-3735, CVE-2017-3736 > > For general information regarding FreeBSD Security Advisories, > including descriptions of the fields above, security branches, and the > following sections, please visit <URL:https://security.FreeBSD.org/>. > > I. Background > > FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is > a collaborative effort to develop a robust, commercial-grade, full-featured > Open Source toolkit for the Transport Layer Security (TLS) and Secure Sockets > Layer (SSL) protocols. It is also a full-strength general purpose > cryptography library. > > II. Problem Description > > If an X.509 certificate has a malformed IPAddressFamily extension, OpenSSL > could do a one-byte buffer overread. [CVE-2017-3735] > > There is a carry propagating bug in the x86_64 Montgomery squaring procedure. > This only affects processors that support the BMI1, BMI2 and ADX extensions > like Intel Broadwell (5th generation) and later or AMD Ryzen. [CVE-2017-3736] > This bug only affects FreeBSD 11.x. > > III. Impact > > Application using OpenSSL may display erroneous certificate in text format. > [CVE-2017-3735] > > Mishandling of carry propagation will produce incorrect output, and make it > easier for a remote attacker to obtain sensitive private-key information. > No EC algorithms are affected, analysis suggests that attacks against RSA > and DSA as a result of this defect would be very difficult to perform and > are not believed likely. > > Attacks against DH are considered just feasible (although very difficult) > because most of the work necessary to deduce information about a private > key may be performed offline. The amount of resources required for such > an attack would be very significant and likely only accessible to a limited > number of attackers. An attacker would additionally need online access to > an unpatched system using the target private key in a scenario with > persistent DH parameters and a private key that is shared between multiple > clients. [CVE-2017-3736] > > IV. Workaround > > No workaround is available. > > V. Solution > > Perform one of the following: > > 1) Upgrade your vulnerable system to a supported FreeBSD stable or > release / security branch (releng) dated after the correction date. > > Restart all daemons that use the library, or reboot the system. > > 2) To update your vulnerable system via a binary patch: > > Systems running a RELEASE version of FreeBSD on the i386 or amd64 > platforms can be updated via the freebsd-update(8) utility: > > # freebsd-update fetch > # freebsd-update install > > Restart all daemons that use the library, or reboot the system. > > 3) To update your vulnerable system via a source code patch: > > The following patches have been verified to apply to the applicable > FreeBSD release branches. > > a) Download the relevant patch from the location below, and verify the > detached PGP signature using your PGP utility. > > [FreeBSD 10.3] > # fetch https://security.FreeBSD.org/patches/SA-17:11/openssl-10.patch > # fetch https://security.FreeBSD.org/patches/SA-17:11/openssl-10.patch.asc > # gpg --verify openssl-10.patch.asc > > [FreeBSD 11.x] > # fetch https://security.FreeBSD.org/patches/SA-17:11/openssl.patch > # fetch https://security.FreeBSD.org/patches/SA-17:11/openssl.patch.asc > # gpg --verify openssl.patch.asc > > b) Apply the patch. Execute the following commands as root: > > # cd /usr/src > # patch < /path/to/patch > > c) Recompile the operating system using buildworld and installworld as > described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. > > Restart all daemons that use the library, or reboot the system. > > VI. Correction details > > The following list contains the correction revision numbers for each > affected branch. > > Branch/path Revision > ------------------------------------------------------------------------- > stable/10/ r326357 > releng/10.3/ r326359 > releng/10.4/ r326359 > stable/11/ r325337 > releng/11.0/ r326358 > releng/11.1/ r326358 > ------------------------------------------------------------------------- > > To see which files were modified by a particular revision, run the > following command, replacing NNNNNN with the revision number, on a > machine with Subversion installed: > > # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base > > Or visit the following URL, replacing NNNNNN with the revision number: > > <URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>; > > VII. References > > <URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3735>; > > <URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3736>; > > <URL:https://www.openssl.org/news/secadv/20171102.txt>; > > The latest revision of this advisory is available at > <URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-17:11.openssl.asc>; > > _______________________________________________ > freebsd-security@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3855CF30-0FD4-4F8C-9349-3CA7BEE3E460>