From nobody Thu Sep 05 00:00:14 2024 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Wzfd21nNRz5W0Hw for ; Thu, 05 Sep 2024 00:00:22 +0000 (UTC) (envelope-from roy@rjcc.net) Received: from sender4-op-o12.zoho.com (sender4-op-o12.zoho.com [136.143.188.12]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4Wzfd14Zvbz4rnC for ; Thu, 5 Sep 2024 00:00:21 +0000 (UTC) (envelope-from roy@rjcc.net) Authentication-Results: mx1.freebsd.org; none ARC-Seal: i=1; a=rsa-sha256; t=1725494417; cv=none; d=zohomail.com; s=zohoarc; b=UwIWyoLwfvSlGGng7WBbTrQ35BbHGnwFlxcqX5MJgnZ+yaHwkw3RTwt2DOkOZGokg71a2BCa4pB8TXNj3MeoMdNd2QpXyzYWqR5tNykRrFGbVAspw6nYuQxKeHncmxjvtCuU+5nW5vhvB5Qoc0QkC5kObhQKaQ7qmBmRbtEvlVQ= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1725494417; h=Content-Type:Date:Date:From:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:Subject:To:To:Message-Id:Reply-To:Cc; bh=3A5lErqEtwKDlC+2w7utmkXvqT2eANFe43EzLS4TRVA=; b=LePOtA7T/Wo5qKSBvu4Rw1azfgg72+ENSJwk422GfuANFY0BVpYGgV7WIsI3cosTI4ZFw6zgUQF5yv6QPjegQIYBpWE2dsUUYfJ2icepH2zNdNh0Ob7IcJ7MC9p25iR1Q+LUGu4fIBBvuXXr6LfSdDqlHEXn5dlWK89yX3H2xkw= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass header.i=rjcc.net; spf=pass smtp.mailfrom=roy@rjcc.net; dmarc=pass header.from= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1725494417; s=zoho; d=rjcc.net; i=roy@rjcc.net; h=Date:Date:From:From:To:To:Message-Id:Message-Id:In-Reply-To:References:Subject:Subject:MIME-Version:Content-Type:Reply-To:Cc; bh=3A5lErqEtwKDlC+2w7utmkXvqT2eANFe43EzLS4TRVA=; b=DVswWplEeJkAJNKG0BcfNnydBcJriV8xJKvQ/O40IdUF8bpCdde77p5/sKIUwztz I45pcxxbOXGmLIlPuJ+3KdOKBe3ebw1sR3DB/UZz5xP1I8siy+Buj8MC4dEoNFPRhBy A9tkRoeeS4wNaD+NievbWrIQiUL0jXtqjDZIc1wU= Received: from mail.zoho.com by mx.zohomail.com with SMTP id 1725494414735113.35870869725807; Wed, 4 Sep 2024 17:00:14 -0700 (PDT) Date: Wed, 04 Sep 2024 20:00:14 -0400 From: "Roy J. Meyers III" To: "Freebsd security" Message-Id: <191bf7b4d8b.ff637171130769.1597532176720296497@rjcc.net> In-Reply-To: <20240904233724.B62BF2724C@freefall.freebsd.org> References: <20240904233724.B62BF2724C@freefall.freebsd.org> Subject: Re: FreeBSD Security Advisory FreeBSD-SA-24:13.openssl List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-security@freebsd.org Sender: owner-freebsd-security@FreeBSD.org MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_313599_213137764.1725494414731" User-Agent: Zoho Mail X-Mailer: Zoho Mail X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:2639, ipnet:136.143.188.0/23, country:US] X-Rspamd-Queue-Id: 4Wzfd14Zvbz4rnC ------=_Part_313599_213137764.1725494414731 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable =20 =20 Unsubscribe=C2=A0=C2=A0=C2=A0=C2=A0 - Roy ---- On Wed, 04 Se= p 2024 19:37:24 -0400 FreeBSD Security Advisories wrote ---- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 =3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= FreeBSD-SA-24:13.openssl Security Advis= ory The FreeBSD P= roject Topic: Possible DoS in X.509 name checks in OpenSSL Categ= ory: contrib Module: openssl Announced: 2024-09-03 Credi= ts: David Benjamin (Google) Affects: FreeBSD 14.x Corrected: = 2024-09-03 17:09:21 UTC (stable/14, 14.1-STABLE) 2024-= 09-04 21:07:35 UTC (releng/14.1, 14.1-RELEASE-p4) 2024-09-0= 4 20:54:20 UTC (releng/14.0, 14.0-RELEASE-p10) CVE Name: CVE-2024-611= 9 For general information regarding FreeBSD Security Advisories, including= descriptions of the fields above, security branches, and the following sec= tions, please visit . I. Background = FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is= a collaborative effort to develop a robust, commercial-grade, full-feature= d Open Source toolkit for the Transport Layer Security (TLS) protocol. It = is also a general-purpose cryptography library. II. Problem Description = Applications performing certificate name checks (e.g., TLS clients checking= server certificates) may attempt to read an invalid memory address when co= mparing the expected name with an otherName subject alternative name of an = X.509 certificate. Basic certificate chain validation is not affected. The= issue only occurs when an application also specifies an expected DNS name,= Email address or IP address. III. Impact Applications affected by the pr= oblem may result in a termination, leading to a denial of service. IV. Wo= rkaround No workaround is available. V. Solution Upgrade your vulnerab= le system to a supported FreeBSD stable or release / security branch (relen= g) dated after the correction date. Perform one of the following: 1) To u= pdate your vulnerable system via a binary patch: Systems running a RELEASE= version of FreeBSD on the amd64 or arm64 platforms, or the i386 platform o= n FreeBSD 13, can be updated via the freebsd-update(8) utility: # freebsd-= update fetch # freebsd-update install 2) To update your vulnerable system = via a source code patch: The following patches have been verified to apply= to the applicable FreeBSD release branches. a) Download the relevant patc= h from the location below, and verify the detached PGP signature using your= PGP utility. # fetch https://security.FreeBSD.org/patches/SA-24:13/openss= l.patch # fetch https://security.FreeBSD.org/patches/SA-24:13/openssl.patch= .asc # gpg --verify openssl.patch.asc b) Apply the patch. Execute the fol= lowing commands as root: # cd /usr/src # patch < /path/to/patch c) Recomp= ile the operating system using buildworld and installworld as described in = . Restart all daemons= that use the library, or reboot the system. VI. Correction details This= issue is corrected as of the corresponding Git commit hash in the followin= g stable and release branches: Branch/path Has= h Revision - ------------------------------------------= ------------------------------- stable/14/ 594= 6b0c6cbc7 stable/14-n268645 releng/14.1/ 9a5a= 7c90d5e5 releng/14.1-n267703 releng/14.0/ abd3a= 7939117 releng/14.0-n265440 - --------------------------------------------= ----------------------------- Run the following command to see which files= were modified by a particular commit: # git show --stat Or= visit the following URL, replacing NNNNNN with the hash: To determine the commit count in a = working tree (for comparison against nNNNNNN in the table above), run: # g= it rev-list --count --first-parent HEAD VII. References The latest revision of this advisory= is available at -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEthUnfoEIffd= cgYM7bljekB8AGu8FAmbY55AACgkQbljekB8A Gu/qxQ/9H4Iaao+a5X4aXiV1iU+fT2KSli8fM= ZKeRw/OOIAztSOHZp7go0noAX65 SVwsb0fShwqAfDpeZhSjzMjpMmfkwQUkRbMK1SD+zLznSmC= 1McKF/EIAWrMwr78z zDLv497wh26tY+3CUZJQPwkodTvkHnwU0jeUSTjHqC+lOQeOcQ9HwL0T4= FsHw4HF BJEX/k6uabpXsQe4H9U8C3MbUlOxiKfwFZAxDBhei2zZN/kfAY63iQhVH6/Ls5BG ei= 7TcEF2e6ylhdaLcCxpArRrdql1VQ4SanAGVW4MQ/2s3YpxQYweKGMg4VSZvqXt 07mBlNHcLeps= HK1/qXhDqO/UMO5QsSsH1trwiohmZRQZJp4wXFsGhc102dezDbun TEJutKpNsojvWQ01IFcykC= kvH2AAGXHJTB8H3jVXhBIU6DuqcmjVc8WXbrdN0vX8 KcZgI7S5PyQ0WF+ESqR5MHGXx7Qr9uZP= KSMvPq0/g2d+6G52/Yw4oZ3rZtqU34iO uLq+FApa0Ema3jzxhq89c9oybfADpBDmYsAfqfMqex= S+nIuPjeUpcv9gCukr2Of3 rJDxx2hF/1c/hd83Pp7MKBT/x/4E3vombPjeNeP/sBLhXFSKiVxU= DYGYgm6yw3GA E7rv33ZJ09RaDGp9jbYaV5rOuEWAZpy42X/LsHjI9W3v0sGCJvU=3D =3DJDHd= -----END PGP SIGNATURE----- =20 =20 =20 =20 =20 ------=_Part_313599_213137764.1725494414731 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable =
Unsubscribe 



  &= nbsp; - Roy




---- O= n Wed, 04 Sep 2024 19:37:24 -0400 FreeBSD Security Advisories<security-= advisories@freebsd.org> wrote ----

-----BEGI= N PGP SIGNED MESSAGE-----
Hash: SHA512

=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
FreeBSD-SA= -24:13.openssl Security Advisory
= The FreeBSD Project =

Topic: Possible DoS in X.509 name checks in OpenSSL
=
Category: contrib
Module: openssl
Announced: = 2024-09-03
Credits: David Benjamin (Google)
Affects: = FreeBSD 14.x
Corrected: 2024-09-03 17:09:21 UTC (stable/14, 14.1-= STABLE)
2024-09-04 21:07:35 UTC (releng/14.1, 14.1-RELE= ASE-p4)
2024-09-04 20:54:20 UTC (releng/14.0, 14.0-RELE= ASE-p10)
CVE Name: CVE-2024-6119

For general information= regarding FreeBSD Security Advisories,
including descriptions of the f= ields above, security branches, and the
following sections, please visi= t <URL:https= ://security.FreeBSD.org/>.

I. Background

FreeBSD= includes software from the OpenSSL Project. The OpenSSL Project is a
= collaborative effort to develop a robust, commercial-grade, full-featured <= br>Open Source toolkit for the Transport Layer Security (TLS) protocol. It= is
also a general-purpose cryptography library.

II. Problem = Description

Applications performing certificate name checks (e.g.,= TLS clients checking
server certificates) may attempt to read an inval= id memory address when
comparing the expected name with an otherName su= bject alternative name of an
X.509 certificate.

Basic certific= ate chain validation is not affected. The issue only occurs
when an app= lication also specifies an expected DNS name, Email address or IP
addre= ss.

III. Impact

Applications affected by the problem may = result in a termination, leading to
a denial of service.

IV. = Workaround

No workaround is available.

V. Solution
=
Upgrade your vulnerable system to a supported FreeBSD stable or
re= lease / security branch (releng) dated after the correction date.

= Perform one of the following:

1) To update your vulnerable system = via a binary patch:

Systems running a RELEASE version of FreeBSD o= n the amd64 or arm64 platforms,
or the i386 platform on FreeBSD 13, can= be updated via the freebsd-update(8)
utility:

# freebsd-updat= e fetch
# freebsd-update install

2) To update your vulnerable = system via a source code patch:

The following patches have been ve= rified to apply to the applicable
FreeBSD release branches.

a)= Download the relevant patch from the location below, and verify the
de= tached PGP signature using your PGP utility.

# fetch https://security.FreeBSD.org/patches/SA-24:13/openssl.patch
# fet= ch https://security.FreeBSD.org/patches/SA-24:13/openssl= .patch.asc
# gpg --verify openssl.patch.asc

b) Apply the p= atch. Execute the following commands as root:

# cd /usr/src
#= patch < /path/to/patch

c) Recompile the operating system using= buildworld and installworld as
described in <URL:https://www.Fre= eBSD.org/handbook/makeworld.html>.

Restart all daemons that= use the library, or reboot the system.

VI. Correction details
This issue is corrected as of the corresponding Git commit hash in t= he
following stable and release branches:

Branch/path = Hash Revision
- ---------------= ----------------------------------------------------------
stable/14/ = 5946b0c6cbc7 stable/14-n268645
releng/14= .1/ 9a5a7c90d5e5 releng/14.1-n267703
releng= /14.0/ abd3a7939117 releng/14.0-n265440
- -= ------------------------------------------------------------------------
Run the following command to see which files were modified by a
= particular commit:

# git show --stat <commit hash>

= Or visit the following URL, replacing NNNNNN with the hash:

<UR= L:https://cgit.freebsd.org/src/commit/?id=3DNNNNNN>

To = determine the commit count in a working tree (for comparison against
nN= NNNNN in the table above), run:

# git rev-list --count --first-par= ent HEAD

VII. References

<URL:https://www.cve.org/= CVERecord?id=3DCVE-2024-6119>

The latest revision of this a= dvisory is available at
<URL:https://securit= y.FreeBSD.org/advisories/FreeBSD-SA-24:13.openssl.asc>
-----BEGI= N PGP SIGNATURE-----

iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FA= mbY55AACgkQbljekB8A
Gu/qxQ/9H4Iaao+a5X4aXiV1iU+fT2KSli8fMZKeRw/OOIAztSO= HZp7go0noAX65
SVwsb0fShwqAfDpeZhSjzMjpMmfkwQUkRbMK1SD+zLznSmC1McKF/EIAW= rMwr78z
zDLv497wh26tY+3CUZJQPwkodTvkHnwU0jeUSTjHqC+lOQeOcQ9HwL0T4FsHw4H= F
BJEX/k6uabpXsQe4H9U8C3MbUlOxiKfwFZAxDBhei2zZN/kfAY63iQhVH6/Ls5BG
= ei7TcEF2e6ylhdaLcCxpArRrdql1VQ4SanAGVW4MQ/2s3YpxQYweKGMg4VSZvqXt
07mBlN= HcLepsHK1/qXhDqO/UMO5QsSsH1trwiohmZRQZJp4wXFsGhc102dezDbun
TEJutKpNsojv= WQ01IFcykCkvH2AAGXHJTB8H3jVXhBIU6DuqcmjVc8WXbrdN0vX8
KcZgI7S5PyQ0WF+ESq= R5MHGXx7Qr9uZPKSMvPq0/g2d+6G52/Yw4oZ3rZtqU34iO
uLq+FApa0Ema3jzxhq89c9oy= bfADpBDmYsAfqfMqexS+nIuPjeUpcv9gCukr2Of3
rJDxx2hF/1c/hd83Pp7MKBT/x/4E3v= ombPjeNeP/sBLhXFSKiVxUDYGYgm6yw3GA
E7rv33ZJ09RaDGp9jbYaV5rOuEWAZpy42X/L= sHjI9W3v0sGCJvU=3D
=3DJDHd
-----END PGP SIGNATURE-----


------=_Part_313599_213137764.1725494414731--