FreeBSD Security Advisory FreeBSD-SA-17:11.openssl

Franco Fichtner franco at lastsummer.de
Wed Nov 29 07:38:05 UTC 2017


Hi,

releng/11.1 is missing the bump to p5 patch level in sys/conf/newvers.sh


Cheers,
Franco

> On 29. Nov 2017, at 7:15 AM, FreeBSD Security Advisories <security-advisories at freebsd.org> wrote:
> 
> Signed PGP part
> =============================================================================
> FreeBSD-SA-17:11.openssl                                    Security Advisory
>                                                           The FreeBSD Project
> 
> Topic:          OpenSSL multiple vulnerabilities
> 
> Category:       contrib
> Module:         openssl
> Announced:      2017-11-29
> Affects:        All supported versions of FreeBSD.
> Corrected:      2017-11-02 18:30:41 UTC (stable/11, 11.1-STABLE)
>                 2017-11-29 05:59:12 UTC (releng/11.1, 11.1-RELEASE-p5)
>                 2017-11-29 05:59:12 UTC (releng/11.0, 11.0-RELEASE-p16)
>                 2017-11-29 05:35:28 UTC (stable/10, 10.4-STABLE)
>                 2017-11-29 05:59:50 UTC (releng/10.4, 10.4-RELEASE-p4)
>                 2017-11-29 05:59:50 UTC (releng/10.3, 10.3-RELEASE-p25)
> CVE Name:       CVE-2017-3735, CVE-2017-3736
> 
> For general information regarding FreeBSD Security Advisories,
> including descriptions of the fields above, security branches, and the
> following sections, please visit <URL:https://security.FreeBSD.org/>.
> 
> I.   Background
> 
> FreeBSD includes software from the OpenSSL Project.  The OpenSSL Project is
> a collaborative effort to develop a robust, commercial-grade, full-featured
> Open Source toolkit for the Transport Layer Security (TLS) and Secure Sockets
> Layer (SSL) protocols. It is also a full-strength general purpose
> cryptography library.
> 
> II.  Problem Description
> 
> If an X.509 certificate has a malformed IPAddressFamily extension, OpenSSL
> could do a one-byte buffer overread. [CVE-2017-3735]
> 
> There is a carry propagating bug in the x86_64 Montgomery squaring procedure.
> This only affects processors that support the BMI1, BMI2 and ADX extensions
> like Intel Broadwell (5th generation) and later or AMD Ryzen. [CVE-2017-3736]
> This bug only affects FreeBSD 11.x.
> 
> III. Impact
> 
> Application using OpenSSL may display erroneous certificate in text format.
> [CVE-2017-3735]
> 
> Mishandling of carry propagation will produce incorrect output, and make it
> easier for a remote attacker to obtain sensitive private-key information.
> No EC algorithms are affected, analysis suggests that attacks against RSA
> and DSA as a result of this defect would be very difficult to perform and
> are not believed likely.
> 
> Attacks against DH are considered just feasible (although very difficult)
> because most of the work necessary to deduce information about a private
> key may be performed offline.  The amount of resources required for such
> an attack would be very significant and likely only accessible to a limited
> number of attackers. An attacker would additionally need online access to
> an unpatched system using the target private key in a scenario with
> persistent DH parameters and a private key that is shared between multiple
> clients. [CVE-2017-3736]
> 
> IV.  Workaround
> 
> No workaround is available.
> 
> V.   Solution
> 
> Perform one of the following:
> 
> 1) Upgrade your vulnerable system to a supported FreeBSD stable or
> release / security branch (releng) dated after the correction date.
> 
> Restart all daemons that use the library, or reboot the system.
> 
> 2) To update your vulnerable system via a binary patch:
> 
> Systems running a RELEASE version of FreeBSD on the i386 or amd64
> platforms can be updated via the freebsd-update(8) utility:
> 
> # freebsd-update fetch
> # freebsd-update install
> 
> Restart all daemons that use the library, or reboot the system.
> 
> 3) To update your vulnerable system via a source code patch:
> 
> The following patches have been verified to apply to the applicable
> FreeBSD release branches.
> 
> a) Download the relevant patch from the location below, and verify the
> detached PGP signature using your PGP utility.
> 
> [FreeBSD 10.3]
> # fetch https://security.FreeBSD.org/patches/SA-17:11/openssl-10.patch
> # fetch https://security.FreeBSD.org/patches/SA-17:11/openssl-10.patch.asc
> # gpg --verify openssl-10.patch.asc
> 
> [FreeBSD 11.x]
> # fetch https://security.FreeBSD.org/patches/SA-17:11/openssl.patch
> # fetch https://security.FreeBSD.org/patches/SA-17:11/openssl.patch.asc
> # gpg --verify openssl.patch.asc
> 
> b) Apply the patch.  Execute the following commands as root:
> 
> # cd /usr/src
> # patch < /path/to/patch
> 
> c) Recompile the operating system using buildworld and installworld as
> described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
> 
> Restart all daemons that use the library, or reboot the system.
> 
> VI.  Correction details
> 
> The following list contains the correction revision numbers for each
> affected branch.
> 
> Branch/path                                                      Revision
> -------------------------------------------------------------------------
> stable/10/                                                        r326357
> releng/10.3/                                                      r326359
> releng/10.4/                                                      r326359
> stable/11/                                                        r325337
> releng/11.0/                                                      r326358
> releng/11.1/                                                      r326358
> -------------------------------------------------------------------------
> 
> To see which files were modified by a particular revision, run the
> following command, replacing NNNNNN with the revision number, on a
> machine with Subversion installed:
> 
> # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
> 
> Or visit the following URL, replacing NNNNNN with the revision number:
> 
> <URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
> 
> VII. References
> 
> <URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3735>
> 
> <URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3736>
> 
> <URL:https://www.openssl.org/news/secadv/20171102.txt>
> 
> The latest revision of this advisory is available at
> <URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-17:11.openssl.asc>
> 
> _______________________________________________
> freebsd-security at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org"



More information about the freebsd-security mailing list