svn commit: r51235 - in head/share: security/advisories security/patches/SA-17:11 xml
Xin LI
delphij at FreeBSD.org
Wed Nov 29 06:13:17 UTC 2017
Author: delphij
Date: Wed Nov 29 06:13:15 2017
New Revision: 51235
URL: https://svnweb.freebsd.org/changeset/doc/51235
Log:
Add SA-17:11.
Added:
head/share/security/advisories/FreeBSD-SA-17:11.openssl.asc (contents, props changed)
head/share/security/patches/SA-17:11/
head/share/security/patches/SA-17:11/openssl-10.patch (contents, props changed)
head/share/security/patches/SA-17:11/openssl-10.patch.asc (contents, props changed)
head/share/security/patches/SA-17:11/openssl.patch (contents, props changed)
head/share/security/patches/SA-17:11/openssl.patch.asc (contents, props changed)
Modified:
head/share/xml/advisories.xml
Added: head/share/security/advisories/FreeBSD-SA-17:11.openssl.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/advisories/FreeBSD-SA-17:11.openssl.asc Wed Nov 29 06:13:15 2017 (r51235)
@@ -0,0 +1,166 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-17:11.openssl Security Advisory
+ The FreeBSD Project
+
+Topic: OpenSSL multiple vulnerabilities
+
+Category: contrib
+Module: openssl
+Announced: 2017-11-29
+Affects: All supported versions of FreeBSD.
+Corrected: 2017-11-02 18:30:41 UTC (stable/11, 11.1-STABLE)
+ 2017-11-29 05:59:12 UTC (releng/11.1, 11.1-RELEASE-p5)
+ 2017-11-29 05:59:12 UTC (releng/11.0, 11.0-RELEASE-p16)
+ 2017-11-29 05:35:28 UTC (stable/10, 10.4-STABLE)
+ 2017-11-29 05:59:50 UTC (releng/10.4, 10.4-RELEASE-p4)
+ 2017-11-29 05:59:50 UTC (releng/10.3, 10.3-RELEASE-p25)
+CVE Name: CVE-2017-3735, CVE-2017-3736
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is
+a collaborative effort to develop a robust, commercial-grade, full-featured
+Open Source toolkit for the Transport Layer Security (TLS) and Secure Sockets
+Layer (SSL) protocols. It is also a full-strength general purpose
+cryptography library.
+
+II. Problem Description
+
+If an X.509 certificate has a malformed IPAddressFamily extension, OpenSSL
+could do a one-byte buffer overread. [CVE-2017-3735]
+
+There is a carry propagating bug in the x86_64 Montgomery squaring procedure.
+This only affects processors that support the BMI1, BMI2 and ADX extensions
+like Intel Broadwell (5th generation) and later or AMD Ryzen. [CVE-2017-3736]
+This bug only affects FreeBSD 11.x.
+
+III. Impact
+
+Application using OpenSSL may display erroneous certificate in text format.
+[CVE-2017-3735]
+
+Mishandling of carry propagation will produce incorrect output, and make it
+easier for a remote attacker to obtain sensitive private-key information.
+No EC algorithms are affected, analysis suggests that attacks against RSA
+and DSA as a result of this defect would be very difficult to perform and
+are not believed likely.
+
+Attacks against DH are considered just feasible (although very difficult)
+because most of the work necessary to deduce information about a private
+key may be performed offline. The amount of resources required for such
+an attack would be very significant and likely only accessible to a limited
+number of attackers. An attacker would additionally need online access to
+an unpatched system using the target private key in a scenario with
+persistent DH parameters and a private key that is shared between multiple
+clients. [CVE-2017-3736]
+
+IV. Workaround
+
+No workaround is available.
+
+V. Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+
+Restart all daemons that use the library, or reboot the system.
+
+2) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+Restart all daemons that use the library, or reboot the system.
+
+3) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 10.3]
+# fetch https://security.FreeBSD.org/patches/SA-17:11/openssl-10.patch
+# fetch https://security.FreeBSD.org/patches/SA-17:11/openssl-10.patch.asc
+# gpg --verify openssl-10.patch.asc
+
+[FreeBSD 11.x]
+# fetch https://security.FreeBSD.org/patches/SA-17:11/openssl.patch
+# fetch https://security.FreeBSD.org/patches/SA-17:11/openssl.patch.asc
+# gpg --verify openssl.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+Restart all daemons that use the library, or reboot the system.
+
+VI. Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+stable/10/ r326357
+releng/10.3/ r326359
+releng/10.4/ r326359
+stable/11/ r325337
+releng/11.0/ r326358
+releng/11.1/ r326358
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3735>
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3736>
+
+<URL:https://www.openssl.org/news/secadv/20171102.txt>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-17:11.openssl.asc>
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.2.3 (FreeBSD)
+
+iQIzBAEBCgAdFiEEHPf/b631yp++G4yy7Wfs1l3PaucFAloeTmQACgkQ7Wfs1l3P
+aueQNRAAzUxb6H1JAgmgCRUKzN00FunkUNygvcvJRL9jK6h1TRCGvKk/jhdmakqZ
+r/x7zjWSWBh3oBg6V3egTRIMcpSDmjKIkf/H/q9eeSlQKfHR5MVadCedghy1nq3c
+XmpDlKyLp1zuy8gzkJNQCiIqn9BvxBRaUCzPJKFlpmgQwZStZvqpxUScJOX3X4ZC
+tjlF3kaBE/9IKX8p8vulWWM+vXwsDxVKRulUeFAL75eIwo9YWva1hsUBLruKo1xg
+CgWPJ4AXa9PL8WdJsYFkOA9R9wqBs1q6A+zuUQQJw5qQnQdg/rMchKsdS8I/dV7F
+01qYYfM25q109pnNFEhIZNsZ4mIbBpW0hxzTwaq6f8bd8+7JuP3mH2xFHxIfNUzp
+jrK1DSn/kOGf0Dun8mrBAsO4y+3F92GbqOHdUzPnTAtHOHwmjIY3ljsbHnTNtUxm
+44X2O+6XIGmzUxQMOFqAfe8wRkBhIGMcEpY4NTW6g8hPJBk1o0dQgtDLpg6i+Wj/
+p+jDSNgkD4aFzsMoGc1kYsIT7qVBqn8jBydIUyrY5wQMNC+15+cDoF2QwKjGIU2H
+yWEjaec2dY6YtakMiQV8U0WPRSEj18lrSs7L9uizZSS0UHquP/xY8b6yFrBPvwXQ
+gVS3ZVKLOvCgGvl9MsJzB/FAR2jdOZdz6QzWchyG0PVZQVCPjBQ=
+=9Q78
+-----END PGP SIGNATURE-----
Added: head/share/security/patches/SA-17:11/openssl-10.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/SA-17:11/openssl-10.patch Wed Nov 29 06:13:15 2017 (r51235)
@@ -0,0 +1,19 @@
+--- crypto/openssl/crypto/x509v3/v3_addr.c.orig
++++ crypto/openssl/crypto/x509v3/v3_addr.c
+@@ -130,10 +130,12 @@
+ */
+ unsigned int v3_addr_get_afi(const IPAddressFamily *f)
+ {
+- return ((f != NULL &&
+- f->addressFamily != NULL && f->addressFamily->data != NULL)
+- ? ((f->addressFamily->data[0] << 8) | (f->addressFamily->data[1]))
+- : 0);
++ if (f == NULL
++ || f->addressFamily == NULL
++ || f->addressFamily->data == NULL
++ || f->addressFamily->length < 2)
++ return 0;
++ return (f->addressFamily->data[0] << 8) | f->addressFamily->data[1];
+ }
+
+ /*
Added: head/share/security/patches/SA-17:11/openssl-10.patch.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/SA-17:11/openssl-10.patch.asc Wed Nov 29 06:13:15 2017 (r51235)
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.2.3 (FreeBSD)
+
+iQIzBAABCgAdFiEEHPf/b631yp++G4yy7Wfs1l3PaucFAloeToEACgkQ7Wfs1l3P
+aufSLA//X4kKoir7fhdlprg9oTE54WmueGfgE5qYj8ZOelJJ6zR1c7stXDZ6BY4D
+2aYlkL8C3j0iPPuN7pPq+g1zM3TybllcQH91coBpF/r8QnWAID9ZIARWmck11K/3
+9a3oMtMXC5Zsy5e3cXCWQvKwjZy3/83/WdOh1aOZKTRnB6zvHbu94PwFj2EvW4YZ
+kypD2/8MZUCDSvMDDwNHGgXqCuqXR8RTxt9Z7PyiQcms5qwn77UtdlUhIGt+SRWB
+XsdryyQnS/zGcRy606qBweitN3S6hBUhLDWAruBFN+3R3Rk+Tcf1EV3mqcUGqPj1
+KpD8LLgVnriwm0pZjn2bX+uXv38RvosrFRutOq3G3gFfsa4zzAzSjdRLzczDQcor
+r7yBxqQs8Xm/OiHmXD5Ch2ly7mTwwbnqIgDYkVlDKZFIVcJkqgQlIx4m+z3WDixM
+FjN+HoXWF9AfgWoS7Ka287uqWE/3Yzgi8d8t9YGyjqYaSVzN864JmpULqDBF74dU
+4X7OGZqyeD7SrjZZwxktcTvNLtrR2ftTBWvRoosPq1qs+5kQv97TtdDvhtTsrfgP
+TOHOc72aEqjERKFaXzwn+RCrDZ7ljTEhrcHa1nYfoKSX9jwIxAFK26fQ/6nyIiqx
+vqLrYYY1bx2YMHyDAskMXVrXPNC8doG3CazHF8L5fiThDRaMEC8=
+=QvsH
+-----END PGP SIGNATURE-----
Added: head/share/security/patches/SA-17:11/openssl.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/SA-17:11/openssl.patch Wed Nov 29 06:13:15 2017 (r51235)
@@ -0,0 +1,67 @@
+--- crypto/openssl/crypto/bn/asm/x86_64-mont5.pl.orig
++++ crypto/openssl/crypto/bn/asm/x86_64-mont5.pl
+@@ -3090,11 +3090,19 @@
+
+ .align 32
+ .Lsqrx8x_break:
+- sub 16+8(%rsp),%r8 # consume last carry
++ xor $zero,$zero
++ sub 16+8(%rsp),%rbx # mov 16(%rsp),%cf
++ adcx $zero,%r8
+ mov 24+8(%rsp),$carry # initial $tptr, borrow $carry
++ adcx $zero,%r9
+ mov 0*8($aptr),%rdx # a[8], modulo-scheduled
+- xor %ebp,%ebp # xor $zero,$zero
++ adc \$0,%r10
+ mov %r8,0*8($tptr)
++ adc \$0,%r11
++ adc \$0,%r12
++ adc \$0,%r13
++ adc \$0,%r14
++ adc \$0,%r15
+ cmp $carry,$tptr # cf=0, of=0
+ je .Lsqrx8x_outer_loop
+
+--- crypto/openssl/crypto/x509v3/v3_addr.c.orig
++++ crypto/openssl/crypto/x509v3/v3_addr.c
+@@ -130,10 +130,12 @@
+ */
+ unsigned int v3_addr_get_afi(const IPAddressFamily *f)
+ {
+- return ((f != NULL &&
+- f->addressFamily != NULL && f->addressFamily->data != NULL)
+- ? ((f->addressFamily->data[0] << 8) | (f->addressFamily->data[1]))
+- : 0);
++ if (f == NULL
++ || f->addressFamily == NULL
++ || f->addressFamily->data == NULL
++ || f->addressFamily->length < 2)
++ return 0;
++ return (f->addressFamily->data[0] << 8) | f->addressFamily->data[1];
+ }
+
+ /*
+--- secure/lib/libcrypto/amd64/x86_64-mont5.S.orig
++++ secure/lib/libcrypto/amd64/x86_64-mont5.S
+@@ -3077,11 +3077,19 @@
+
+ .align 32
+ .Lsqrx8x_break:
+- subq 16+8(%rsp),%r8
++ xorq %rbp,%rbp
++ subq 16+8(%rsp),%rbx
++ adcxq %rbp,%r8
+ movq 24+8(%rsp),%rcx
++ adcxq %rbp,%r9
+ movq 0(%rsi),%rdx
+- xorl %ebp,%ebp
++ adcq $0,%r10
+ movq %r8,0(%rdi)
++ adcq $0,%r11
++ adcq $0,%r12
++ adcq $0,%r13
++ adcq $0,%r14
++ adcq $0,%r15
+ cmpq %rcx,%rdi
+ je .Lsqrx8x_outer_loop
+
Added: head/share/security/patches/SA-17:11/openssl.patch.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/SA-17:11/openssl.patch.asc Wed Nov 29 06:13:15 2017 (r51235)
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.2.3 (FreeBSD)
+
+iQIzBAABCgAdFiEEHPf/b631yp++G4yy7Wfs1l3PaucFAloeToIACgkQ7Wfs1l3P
+aueWcg//RlFQI3WV/Tp0/Rr97YHQz1UD4rdqGLq+Thl3alcW3Qv/78SdAGe8uH+D
+gNsz75tNH5GAR1jrxawXQfrYttasfJgL+gmJxFZWx5NeVW0XbP2i9XIcc6cwgN5x
+hRWRbaBrnmGDwP/DFhqPr/Dc4bT8UpfEKSOKt51F5XiZMSNcNFoh3rbBCf4Vr631
+0NroVSCKNJAOKl0ZXF//tm3tbMmWgrI8SMlJjfDa9sqd0e3iJoouHe+z+kYDpbQ1
+tx78U1PaUV651T+gMc9ynyG4+V9TBFS+5pEjEw+IKBSQ4EW8rsEOzin80CdgcwJo
+uFmnCXyr/xOy9pNNWipug9qo0f1beQ5txo1LQb55eR5U4N58Pp90+OoMc7noAfBd
+kHJUJQkbqoi+CNivK0W7zLOcWw0iBWEhiI3FIEDXnXI86r7evVTHozPPJhcp276c
+k1KTJPxcs7YOEpKJYIXL5Ec3SXzXgGPwhUvq64sKrSSmB0nUb/vbH/SlDrT6Q99d
+ifFgpZ2gZmGVkQM0eIDeChQCD19xu1BLbw9mvlw8RqA1NIbqWlBdxmlLGY00iPy2
+TxiHJWaOdF0OnhS/LHe6BtKmhcpllpERMvCrDtlnG37DR07VPs5hM6mSFDwYZN7/
+0/MdsoODCQIOdsXMUo/d74F36/cPL/1QgPYpO3OdVpIovzl3MRQ=
+=CiUu
+-----END PGP SIGNATURE-----
Modified: head/share/xml/advisories.xml
==============================================================================
--- head/share/xml/advisories.xml Wed Nov 29 02:59:18 2017 (r51234)
+++ head/share/xml/advisories.xml Wed Nov 29 06:13:15 2017 (r51235)
@@ -11,6 +11,14 @@
<name>11</name>
<day>
+ <name>29</name>
+
+ <advisory>
+ <name>FreeBSD-SA-17:11.openssl</name>
+ </advisory>
+ </day>
+
+ <day>
<name>15</name>
<advisory>
More information about the svn-doc-head
mailing list