131 lines
4.7 KiB
Text
131 lines
4.7 KiB
Text
-----BEGIN PGP SIGNED MESSAGE-----
|
|
Hash: SHA512
|
|
|
|
=============================================================================
|
|
FreeBSD-SA-16:27.openssl Security Advisory
|
|
The FreeBSD Project
|
|
|
|
Topic: Regression in OpenSSL suite
|
|
|
|
Category: contrib
|
|
Module: openssl
|
|
Announced: 2016-10-10
|
|
Credits: OpenSSL Project
|
|
Affects: FreeBSD 11.0
|
|
Corrected: 2016-09-26 14:30:19 UTC (stable/11, 11.0-STABLE)
|
|
2016-09-26 20:26:19 UTC (releng/11.0, 11.0-RELEASE-p1)
|
|
CVE Name: CVE-2016-7052
|
|
|
|
For general information regarding FreeBSD Security Advisories,
|
|
including descriptions of the fields above, security branches, and the
|
|
following sections, please visit <URL:https://security.FreeBSD.org/>.
|
|
|
|
I. Background
|
|
|
|
FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is
|
|
a collaborative effort to develop a robust, commercial-grade, full-featured
|
|
Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)
|
|
and Transport Layer Security (TLS v1) protocols as well as a full-strength
|
|
general purpose cryptography library.
|
|
|
|
II. Problem Description
|
|
|
|
The OpenSSL version included in FreeBSD 11.0-RELEASE is 1.0.2i. The version
|
|
has bug fix for CVE-2016-7052, which should have included CRL sanity check,
|
|
but the check was omitted.
|
|
|
|
III. Impact
|
|
|
|
Any attempt to use CRLs in OpenSSL 1.0.2i will crash with a null pointer
|
|
exception.
|
|
|
|
IV. Workaround
|
|
|
|
No workaround is available.
|
|
|
|
V. Solution
|
|
|
|
Perform one of the following:
|
|
|
|
1) Upgrade your vulnerable system to a supported FreeBSD stable or
|
|
release / security branch (releng) dated after the correction date.
|
|
|
|
Restart all daemons that use the library, or reboot the system.
|
|
|
|
2) To update your vulnerable system via a binary patch:
|
|
|
|
Systems running a RELEASE version of FreeBSD on the i386 or amd64
|
|
platforms can be updated via the freebsd-update(8) utility:
|
|
|
|
# freebsd-update fetch
|
|
# freebsd-update install
|
|
|
|
Restart all daemons that use the library, or reboot the system.
|
|
|
|
3) To update your vulnerable system via a source code patch:
|
|
|
|
The following patches have been verified to apply to the applicable
|
|
FreeBSD release branches.
|
|
|
|
a) Download the relevant patch from the location below, and verify the
|
|
detached PGP signature using your PGP utility.
|
|
|
|
# fetch https://security.FreeBSD.org/patches/SA-16:27/openssl.patch
|
|
# fetch https://security.FreeBSD.org/patches/SA-16:27/openssl.patch.asc
|
|
# gpg --verify openssl.patch.asc
|
|
|
|
b) Apply the patch. Execute the following commands as root:
|
|
|
|
# cd /usr/src
|
|
# patch < /path/to/patch
|
|
|
|
c) Recompile the operating system using buildworld and installworld as
|
|
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
|
|
|
|
Restart all daemons that use the library, or reboot the system.
|
|
|
|
VI. Correction details
|
|
|
|
The following list contains the correction revision numbers for each
|
|
affected branch.
|
|
|
|
Branch/path Revision
|
|
- -------------------------------------------------------------------------
|
|
stable/11/ r306343
|
|
releng/11.0/ r306354
|
|
- -------------------------------------------------------------------------
|
|
|
|
To see which files were modified by a particular revision, run the
|
|
following command, replacing NNNNNN with the revision number, on a
|
|
machine with Subversion installed:
|
|
|
|
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
|
|
|
|
Or visit the following URL, replacing NNNNNN with the revision number:
|
|
|
|
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
|
|
|
|
VII. References
|
|
|
|
<URL:https://www.openssl.org/news/secadv/20160926.txt>
|
|
|
|
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7052>
|
|
|
|
The latest revision of this advisory is available at
|
|
<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-16:27.openssl.asc>
|
|
-----BEGIN PGP SIGNATURE-----
|
|
|
|
iQIcBAEBCgAGBQJX/AhFAAoJEO1n7NZdz2rndIsP/0i/NvoofoAiKWlEmH5KEhFX
|
|
mwzwvXFt8YFuwXNQ4g8E2QTmX6O5k8s5N5AMZWyfWtPE1NzZbyDMo4JMgHeRjS/e
|
|
qlVywAX4wEQ7M71xQilpGivgK5TGil9g75AgoDV/+oL+c9UMNQafBc2hc0AYPV/b
|
|
XnErz/I/E7nA4jC5UTo1xg1CRFOx7ZvpMC+WPzFohNzRtfLV42jf2jL+V5AlddlE
|
|
yEht85v5zcyvhgS6j8i8d8w/XfCf3P/rt45lz2ENuyFQMfNraMmgdUjeBjyHW4/9
|
|
Aiv0NIqMd/J6mPEdZwV5uw/w54dufmfj5TH0kQZvat4bhTLOSKGPievf0AU5dehM
|
|
Znrrg+jnb2MaDy5KMXDKW/QYHt1kDRO4+1v0APfuIxeejQljRsb/Z3pKa9h4m/8v
|
|
jsT2lfAoOShAYEBV0HmFyAjsSbd0X8JgW7mMMk3cHvqqqg8+e49YHmoLOchpMOgS
|
|
8acyuraij7IK4Ag+2KcwaPmC3ov4RzLM+6mCbT0xlEbB3qxlgo81aVhDxQIWobLT
|
|
+uIJFwgWGNvKWY/XSTB70JscbsG9YeJSxV4lc3biHbbadZNmGYfz2KkwqUZSh83+
|
|
9sq1SD0LRJgiAFuPl20DmUDyG/unif7wIHjmiIUMn0UyBOnVKVVQyPz9XXCuZHtB
|
|
Tt0MBVzJ4LLIbxR80ojw
|
|
=bU3Q
|
|
-----END PGP SIGNATURE-----
|