From owner-freebsd-security@freebsd.org Wed Nov 29 07:38:05 2017 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B9001DFBCA1 for ; Wed, 29 Nov 2017 07:38:05 +0000 (UTC) (envelope-from franco@lastsummer.de) Received: from host64.shmhost.net (host64.shmhost.net [213.239.241.64]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 5B7F669A95 for ; Wed, 29 Nov 2017 07:38:04 +0000 (UTC) (envelope-from franco@lastsummer.de) Received: from [10.41.201.18] (fwext.boll.ch [194.191.86.3]) by host64.shmhost.net (Postfix) with ESMTPSA id 36A4616CFA1 for ; Wed, 29 Nov 2017 08:38:01 +0100 (CET) From: Franco Fichtner Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\)) Subject: Re: FreeBSD Security Advisory FreeBSD-SA-17:11.openssl Date: Wed, 29 Nov 2017 08:38:01 +0100 References: <20171129061559.38CB8C999@freefall.freebsd.org> To: freebsd-security@freebsd.org In-Reply-To: <20171129061559.38CB8C999@freefall.freebsd.org> Message-Id: <3855CF30-0FD4-4F8C-9349-3CA7BEE3E460@lastsummer.de> X-Mailer: Apple Mail (2.3273) X-Virus-Scanned: clamav-milter 0.99.2 at host64.shmhost.net X-Virus-Status: Clean X-Spam-Flag: NO X-Spam-Score: -1.0 X-Spam-Status: No score=-1.0 tagged_above=10.0 required=10.0 tests=[ALL_TRUSTED] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Nov 2017 07:38:05 -0000 Hi, releng/11.1 is missing the bump to p5 patch level in sys/conf/newvers.sh Cheers, Franco > On 29. Nov 2017, at 7:15 AM, FreeBSD Security Advisories = wrote: >=20 > Signed PGP part > = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D > FreeBSD-SA-17:11.openssl Security = Advisory > The FreeBSD = Project >=20 > Topic: OpenSSL multiple vulnerabilities >=20 > Category: contrib > Module: openssl > Announced: 2017-11-29 > Affects: All supported versions of FreeBSD. > Corrected: 2017-11-02 18:30:41 UTC (stable/11, 11.1-STABLE) > 2017-11-29 05:59:12 UTC (releng/11.1, 11.1-RELEASE-p5) > 2017-11-29 05:59:12 UTC (releng/11.0, = 11.0-RELEASE-p16) > 2017-11-29 05:35:28 UTC (stable/10, 10.4-STABLE) > 2017-11-29 05:59:50 UTC (releng/10.4, 10.4-RELEASE-p4) > 2017-11-29 05:59:50 UTC (releng/10.3, = 10.3-RELEASE-p25) > CVE Name: CVE-2017-3735, CVE-2017-3736 >=20 > For general information regarding FreeBSD Security Advisories, > including descriptions of the fields above, security branches, and the > following sections, please visit . >=20 > I. Background >=20 > FreeBSD includes software from the OpenSSL Project. The OpenSSL = Project is > a collaborative effort to develop a robust, commercial-grade, = full-featured > Open Source toolkit for the Transport Layer Security (TLS) and Secure = Sockets > Layer (SSL) protocols. It is also a full-strength general purpose > cryptography library. >=20 > II. Problem Description >=20 > If an X.509 certificate has a malformed IPAddressFamily extension, = OpenSSL > could do a one-byte buffer overread. [CVE-2017-3735] >=20 > There is a carry propagating bug in the x86_64 Montgomery squaring = procedure. > This only affects processors that support the BMI1, BMI2 and ADX = extensions > like Intel Broadwell (5th generation) and later or AMD Ryzen. = [CVE-2017-3736] > This bug only affects FreeBSD 11.x. >=20 > III. Impact >=20 > Application using OpenSSL may display erroneous certificate in text = format. > [CVE-2017-3735] >=20 > Mishandling of carry propagation will produce incorrect output, and = make it > easier for a remote attacker to obtain sensitive private-key = information. > No EC algorithms are affected, analysis suggests that attacks against = RSA > and DSA as a result of this defect would be very difficult to perform = and > are not believed likely. >=20 > Attacks against DH are considered just feasible (although very = difficult) > because most of the work necessary to deduce information about a = private > key may be performed offline. The amount of resources required for = such > an attack would be very significant and likely only accessible to a = limited > number of attackers. An attacker would additionally need online access = to > an unpatched system using the target private key in a scenario with > persistent DH parameters and a private key that is shared between = multiple > clients. [CVE-2017-3736] >=20 > IV. Workaround >=20 > No workaround is available. >=20 > V. Solution >=20 > Perform one of the following: >=20 > 1) Upgrade your vulnerable system to a supported FreeBSD stable or > release / security branch (releng) dated after the correction date. >=20 > Restart all daemons that use the library, or reboot the system. >=20 > 2) To update your vulnerable system via a binary patch: >=20 > Systems running a RELEASE version of FreeBSD on the i386 or amd64 > platforms can be updated via the freebsd-update(8) utility: >=20 > # freebsd-update fetch > # freebsd-update install >=20 > Restart all daemons that use the library, or reboot the system. >=20 > 3) To update your vulnerable system via a source code patch: >=20 > The following patches have been verified to apply to the applicable > FreeBSD release branches. >=20 > a) Download the relevant patch from the location below, and verify the > detached PGP signature using your PGP utility. >=20 > [FreeBSD 10.3] > # fetch https://security.FreeBSD.org/patches/SA-17:11/openssl-10.patch > # fetch = https://security.FreeBSD.org/patches/SA-17:11/openssl-10.patch.asc > # gpg --verify openssl-10.patch.asc >=20 > [FreeBSD 11.x] > # fetch https://security.FreeBSD.org/patches/SA-17:11/openssl.patch > # fetch = https://security.FreeBSD.org/patches/SA-17:11/openssl.patch.asc > # gpg --verify openssl.patch.asc >=20 > b) Apply the patch. Execute the following commands as root: >=20 > # cd /usr/src > # patch < /path/to/patch >=20 > c) Recompile the operating system using buildworld and installworld as > described in . >=20 > Restart all daemons that use the library, or reboot the system. >=20 > VI. Correction details >=20 > The following list contains the correction revision numbers for each > affected branch. >=20 > Branch/path = Revision > = ------------------------------------------------------------------------- > stable/10/ = r326357 > releng/10.3/ = r326359 > releng/10.4/ = r326359 > stable/11/ = r325337 > releng/11.0/ = r326358 > releng/11.1/ = r326358 > = ------------------------------------------------------------------------- >=20 > To see which files were modified by a particular revision, run the > following command, replacing NNNNNN with the revision number, on a > machine with Subversion installed: >=20 > # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base >=20 > Or visit the following URL, replacing NNNNNN with the revision number: >=20 > >=20 > VII. References >=20 > >=20 > >=20 > >=20 > The latest revision of this advisory is available at > = = >=20 > _______________________________________________ > freebsd-security@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to = "freebsd-security-unsubscribe@freebsd.org"