Security Information / 2016 / Security Information -- DSA-3500-1 openssl

Debian Security Advisory

DSA-3500-1 openssl -- security update

Date Reported:

01 Mar 2016

Affected Packages:

openssl

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0798, CVE-2016-0799, CVE-2016-2842.

More information:

Several vulnerabilities were discovered in OpenSSL, a Secure Socket Layer toolkit.

• CVE-2016-0702

  Yuval Yarom from the University of Adelaide and NICTA, Daniel Genkin from Technion and Tel Aviv University, and Nadia Heninger from the University of Pennsylvania discovered a side-channel attack which makes use of cache-bank conflicts on the Intel Sandy-Bridge microarchitecture. This could allow local attackers to recover RSA private keys.

• CVE-2016-0705

  Adam Langley from Google discovered a double free bug when parsing malformed DSA private keys. This could allow remote attackers to cause a denial of service or memory corruption in applications parsing DSA private keys received from untrusted sources.

• CVE-2016-0797

  Guido Vranken discovered an integer overflow in the BN_hex2bn and BN_dec2bn functions that can lead to a NULL pointer dereference and heap corruption. This could allow remote attackers to cause a denial of service or memory corruption in applications processing hex or dec data received from untrusted sources.

• CVE-2016-0798

  Emilia Käsper of the OpenSSL development team discovered a memory leak in the SRP database lookup code. To mitigate the memory leak, the seed handling in SRP_VBASE_get_by_user is now disabled even if the user has configured a seed. Applications are advised to migrate to the SRP_VBASE_get1_by_user function.

• CVE-2016-0799, CVE-2016-2842

  Guido Vranken discovered an integer overflow in the BIO_*printf functions that could lead to an OOB read when printing very long strings. Additionally the internal doapr_outch function can attempt to write to an arbitrary memory location in the event of a memory allocation failure. These issues will only occur on platforms where sizeof(size_t)> sizeof(int) like many 64 bit systems. This could allow remote attackers to cause a denial of service or memory corruption in applications that pass large amounts of untrusted data to the BIO_*printf functions.

Additionally the EXPORT and LOW ciphers were disabled since thay could be used as part of the DROWN (CVE-2016-0800) and SLOTH (CVE-2015-7575) attacks, but note that the oldstable (wheezy) and stable (jessie) distributions are not affected by those attacks since the SSLv2 protocol has already been dropped in the openssl package version 1.0.0c-2.

For the oldstable distribution (wheezy), these problems have been fixed in version 1.0.1e-2+deb7u20.

For the stable distribution (jessie), these problems have been fixed in version 1.0.1k-3+deb8u4.

For the unstable distribution (sid), these problems will be fixed shortly.

We recommend that you upgrade your openssl packages.