Bug 17292

Summary: openssl new security issues CVE-2015-319[3-5] and CVE-2015-1794
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: major    
Priority: Normal CC: davidwhodgins, sysadmin-bugs
Version: 5Keywords: validated_update
Target Milestone: ---   
Hardware: i586   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/666889/
Whiteboard: has_procedure MGA5-64-OK advisory
Source RPM: openssl-1.0.2d-1.mga5.src.rpm CVE:
Status comment:

Description David Walser 2015-12-04 18:49:06 CET 
Upstream has issued an advisory on December 3:
http://openssl.org/news/secadv/20151203.txt

Debian has issued an advisory for this today (December 4):
https://www.debian.org/security/2015/dsa-3413

Updated packages uploaded for Mageia 5 and Cauldron.

Advisory:
========================

Updated openssl packages fix security vulnerability:

If a client receives a ServerKeyExchange for an anonymous DH ciphersuite with
the value of p set to 0 then a seg fault can occur leading to a possible
denial of service attack (CVE-2015-1794).

Loic Jonas Etienne of Qnective AG discovered that the signature verification
routines will crash with a NULL pointer dereference if presented with an
ASN.1 signature using the RSA PSS algorithm and absent mask generation
function parameter. A remote attacker can exploit this flaw to crash any
certificate verification operation and mount a denial of service attack
(CVE-2015-3194).

Adam Langley of Google/BoringSSL discovered that OpenSSL will leak memory
when presented with a malformed X509_ATTRIBUTE structure (CVE-2015-3195).

A race condition flaw in the handling of PSK identify hints was discovered,
potentially leading to a double free of the identify hint data
(CVE-2015-3196).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1794
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3193
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3194
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3195
http://openssl.org/news/secadv/20151203.txt
https://www.debian.org/security/2015/dsa-3413
========================

Updated packages in core/updates_testing:
========================
openssl-1.0.2e-1.mga5
libopenssl-engines1.0.0-1.0.2e-1.mga5
libopenssl1.0.0-1.0.2e-1.mga5
libopenssl-devel-1.0.2e-1.mga5
libopenssl-static-devel-1.0.2e-1.mga5

from openssl-1.0.2e-1.mga5.src.rpm

Reproducible: 

Steps to Reproduce:
Comment 1 David Walser 2015-12-04 18:49:18 CET 
Testing procedure:
https://wiki.mageia.org/en/QA_procedure:Openssl

Whiteboard: (none) => has_procedure

Dave Hodgins 2015-12-05 03:37:17 CET

Keywords: (none) => validated_update
Whiteboard: has_procedure => has_procedure MGA5-64-OK advisory
CC: (none) => davidwhodgins, sysadmin-bugs

Comment 2 Mageia Robot 2015-12-05 11:05:12 CET 
An update for this issue has been pushed to Mageia Updates repository.

http://advisories.mageia.org/MGASA-2015-0466.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED