Bug 17292 - openssl new security issues CVE-2015-319[3-5] and CVE-2015-1794
Summary: openssl new security issues CVE-2015-319[3-5] and CVE-2015-1794
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 5
Hardware: i586 Linux
Priority: Normal major
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL: http://lwn.net/Vulnerabilities/666889/
Whiteboard: has_procedure MGA5-64-OK advisory
Keywords: validated_update
Depends on:
Blocks:
 
Reported: 2015-12-04 18:49 CET by David Walser
Modified: 2015-12-05 11:05 CET (History)
2 users (show)

See Also:
Source RPM: openssl-1.0.2d-1.mga5.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2015-12-04 18:49:06 CET 
Upstream has issued an advisory on December 3:
http://openssl.org/news/secadv/20151203.txt

Debian has issued an advisory for this today (December 4):
https://www.debian.org/security/2015/dsa-3413

Updated packages uploaded for Mageia 5 and Cauldron.

Advisory:
========================

Updated openssl packages fix security vulnerability:

If a client receives a ServerKeyExchange for an anonymous DH ciphersuite with
the value of p set to 0 then a seg fault can occur leading to a possible
denial of service attack (CVE-2015-1794).

Loic Jonas Etienne of Qnective AG discovered that the signature verification
routines will crash with a NULL pointer dereference if presented with an
ASN.1 signature using the RSA PSS algorithm and absent mask generation
function parameter. A remote attacker can exploit this flaw to crash any
certificate verification operation and mount a denial of service attack
(CVE-2015-3194).

Adam Langley of Google/BoringSSL discovered that OpenSSL will leak memory
when presented with a malformed X509_ATTRIBUTE structure (CVE-2015-3195).

A race condition flaw in the handling of PSK identify hints was discovered,
potentially leading to a double free of the identify hint data
(CVE-2015-3196).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1794
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3193
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3194
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3195
http://openssl.org/news/secadv/20151203.txt
https://www.debian.org/security/2015/dsa-3413
========================

Updated packages in core/updates_testing:
========================
openssl-1.0.2e-1.mga5
libopenssl-engines1.0.0-1.0.2e-1.mga5
libopenssl1.0.0-1.0.2e-1.mga5
libopenssl-devel-1.0.2e-1.mga5
libopenssl-static-devel-1.0.2e-1.mga5

from openssl-1.0.2e-1.mga5.src.rpm

Reproducible: 

Steps to Reproduce:
Comment 1 David Walser 2015-12-04 18:49:18 CET 
Testing procedure:
https://wiki.mageia.org/en/QA_procedure:Openssl

Whiteboard: (none) => has_procedure

Dave Hodgins 2015-12-05 03:37:17 CET

Keywords: (none) => validated_update
Whiteboard: has_procedure => has_procedure MGA5-64-OK advisory
CC: (none) => davidwhodgins, sysadmin-bugs

Comment 2 Mageia Robot 2015-12-05 11:05:12 CET 
An update for this issue has been pushed to Mageia Updates repository.

http://advisories.mageia.org/MGASA-2015-0466.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED
Note You need to log in before you can comment on or make changes to this bug.