Mail Archives: cygwin/2012/01/11/04:20:34
I've updated the version of OpenSSL to 0.9.8s-1. This also includes the
openssl-devel packages.
This is an upstream security release. The Cygwin release is build from
the vanilla sources, no additional patches. Here's the official
security advisory:
------------------------------------------------------------------------
OpenSSL Security Advisory [04 Jan 2012]
=======================================
Six security flaws have been fixed in OpenSSL 1.0.0f and 0.9.8s.
DTLS Plaintext Recovery Attack (CVE-2011-4108)
==============================================
Nadhem Alfardan and Kenny Paterson have discovered an extension of the
Vaudenay padding oracle attack on CBC mode encryption which enables an
efficient plaintext recovery attack against the OpenSSL implementation
of DTLS. Their attack exploits timing differences arising during
decryption processing. A research paper describing this attack can be
found at http://www.isg.rhul.ac.uk/~kp/dtls.pdf
Thanks go to Nadhem Alfardan and Kenny Paterson of the Information
Security Group at Royal Holloway, University of London
(www.isg.rhul.ac.uk) for discovering this flaw and to Robin Seggelmann
<seggelmann AT fh-muenster DOT de> and Michael Tuexen <tuexen AT fh-muenster DOT de>
for preparing the fix.
Affected users should upgrade to OpenSSL 1.0.0f or 0.9.8s.
Double-free in Policy Checks (CVE-2011-4109)
============================================
If X509_V_FLAG_POLICY_CHECK is set in OpenSSL 0.9.8, then a policy
check failure can lead to a double-free. The bug does not occur
unless this flag is set. Users of OpenSSL 1.0.0 are not affected.
This flaw was discovered by Ben Laurie and a fix provided by Emilia
Kasper <ekasper AT google DOT com> of Google.
Affected users should upgrade to OpenSSL 0.9.8s.
Uninitialized SSL 3.0 Padding (CVE-2011-4576)
=============================================
OpenSSL prior to 1.0.0f and 0.9.8s failed to clear the bytes used as
block cipher padding in SSL 3.0 records. This affects both clients and
servers that accept SSL 3.0 handshakes: those that call SSL_CTX_new with
SSLv3_{server|client}_method or SSLv23_{server|client}_method. It does
not affect TLS.
As a result, in each record, up to 15 bytes of uninitialized memory
may be sent, encrypted, to the SSL peer. This could include sensitive
contents of previously freed memory.
However, in practice, most deployments do not use
SSL_MODE_RELEASE_BUFFERS and therefore have a single write buffer per
connection. That write buffer is partially filled with non-sensitive,
handshake data at the beginning of the connection and, thereafter,
only records which are longer any any previously sent record leak any
non-encrypted data. This, combined with the small number of bytes
leaked per record, serves to limit to severity of this issue.
Thanks to Adam Langley <agl AT chromium DOT org> for identifying and fixing
this issue.
Affected users should upgrade to OpenSSL 1.0.0f or 0.9.8s.
Malformed RFC 3779 Data Can Cause Assertion Failures (CVE-2011-4577)
====================================================================
RFC 3779 data can be included in certificates, and if it is malformed,
may trigger an assertion failure. This could be used in a
denial-of-service attack.
Note, however, that in the standard release of OpenSSL, RFC 3779
support is disabled by default, and in this case OpenSSL is not
vulnerable. Builds of OpenSSL are vulnerable if configured with
"enable-rfc3779".
Thanks to Andrew Chi, BBN Technologies, for discovering the flaw, and
Rob Austein <sra AT hactrn DOT net> for fixing it.
Affected users should upgrade to OpenSSL 1.0.0f or 0.9.8s.
SGC Restart DoS Attack (CVE-2011-4619)
======================================
Support for handshake restarts for server gated cryptograpy (SGC) can
be used in a denial-of-service attack.
Thanks to Adam Langley <agl AT chromium DOT org> for identifying and fixing
this issue.
Affected users should upgrade to OpenSSL 1.0.0f or 0.9.8s.
Invalid GOST parameters DoS Attack (CVE-2012-0027)
===================================================
A malicious TLS client can send an invalid set of GOST parameters
which will cause the server to crash due to lack of error checking.
This could be used in a denial-of-service attack.
Only users of the OpenSSL GOST ENGINE are affected by this bug.
Thanks to Andrey Kulikov <amdeich AT gmail DOT com> for identifying and fixing
this issue.
Affected users should upgrade to OpenSSL 1.0.0f.
References
==========
URL for this Security Advisory:
http://www.openssl.org/news/secadv_20120104.txt
------------------------------------------------------------------------
To update your installation, click on the "Install Cygwin now" link on
the http://cygwin.com/ web page. This downloads setup.exe to your
system. Then, run setup and answer all of the questions.
*** CYGWIN-ANNOUNCE UNSUBSCRIBE INFO ***
If you want to unsubscribe from the cygwin-announce mailing list, look
at the "List-Unsubscribe: " tag in the email header of this message.
Send email to the address specified there. It will be in the format:
cygwin-announce-unsubscribe-you=yourdomain DOT com AT cygwin DOT com
If you need more information on unsubscribing, start reading here:
http://sourceware.org/lists.html#unsubscribe-simple
Please read *all* of the information on unsubscribing that is available
starting at the above URL.
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Project Co-Leader cygwin AT cygwin DOT com
Red Hat
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
- Raw text -