openembedded-core.git/meta/recipes-connectivity, branch dylan Mirror of openembedded-core openssl: fix for CVE-2010-5298 2014-06-09T12:57:13+00:00 Yue Tao Yue.Tao@windriver.com 2014-05-19T07:00:38+00:00 bf2d5380808bb3e0ad470e7853e3ae20617bbfd6 Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5298 (From OE-Core master rev: 751f81ed8dc488c500837aeb3eb41ebf3237e10b) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> 
Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL
through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote
attackers to inject data across sessions or cause a denial of service
(use-after-free and parsing error) via an SSL connection in a
multithreaded environment.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5298

(From OE-Core master rev: 751f81ed8dc488c500837aeb3eb41ebf3237e10b)

Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
openssl: fix CVE-2014-3470 2014-06-09T12:57:13+00:00 Paul Eggleton paul.eggleton@linux.intel.com 2014-06-09T10:29:30+00:00 299de5ea53446bc211e6aadf158d6ef7576384ab From the OpenSSL Security Advisory [05 Jun 2014] http://www.openssl.org/news/secadv_20140605.txt Anonymous ECDH denial of service (CVE-2014-3470) OpenSSL TLS clients enabling anonymous ECDH ciphersuites are subject to a denial of service attack. (Patch borrowed from Fedora.) Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> 
From the OpenSSL Security Advisory [05 Jun 2014]
http://www.openssl.org/news/secadv_20140605.txt

Anonymous ECDH denial of service (CVE-2014-3470)

OpenSSL TLS clients enabling anonymous ECDH ciphersuites are subject to a
denial of service attack.

(Patch borrowed from Fedora.)

Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
openssl: fix CVE-2014-0224 2014-06-09T12:57:13+00:00 Paul Eggleton paul.eggleton@linux.intel.com 2014-06-09T10:27:20+00:00 50050c9c2449d14a0d3da91eed5d16cddce9cf76 From the OpenSSL Security Advisory [05 Jun 2014] http://www.openssl.org/news/secadv_20140605.txt SSL/TLS MITM vulnerability (CVE-2014-0224) An attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. This can be exploited by a Man-in-the-middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server. The attack can only be performed between a vulnerable client *and* server. OpenSSL clients are vulnerable in all versions of OpenSSL. Servers are only known to be vulnerable in OpenSSL 1.0.1 and 1.0.2-beta1. Users of OpenSSL servers earlier than 1.0.1 are advised to upgrade as a precaution. (Patch borrowed from Fedora.) Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> 
From the OpenSSL Security Advisory [05 Jun 2014]
http://www.openssl.org/news/secadv_20140605.txt

SSL/TLS MITM vulnerability (CVE-2014-0224)

An attacker using a carefully crafted handshake can force the use of weak
keying material in OpenSSL SSL/TLS clients and servers. This can be exploited
by a Man-in-the-middle (MITM) attack where the attacker can decrypt and
modify traffic from the attacked client and server.

The attack can only be performed between a vulnerable client *and*
server. OpenSSL clients are vulnerable in all versions of OpenSSL. Servers
are only known to be vulnerable in OpenSSL 1.0.1 and 1.0.2-beta1. Users
of OpenSSL servers earlier than 1.0.1 are advised to upgrade as a precaution.

(Patch borrowed from Fedora.)

Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
openssl: fix CVE-2014-0221 2014-06-09T12:57:13+00:00 Paul Eggleton paul.eggleton@linux.intel.com 2014-06-09T10:26:53+00:00 2a9e46a319d32e99266fd44e1ea1ca2b5e7c9a6a From the OpenSSL Security Advisory [05 Jun 2014] http://www.openssl.org/news/secadv_20140605.txt DTLS recursion flaw (CVE-2014-0221) By sending an invalid DTLS handshake to an OpenSSL DTLS client the code can be made to recurse eventually crashing in a DoS attack. Only applications using OpenSSL as a DTLS client are affected. (Patch borrowed from Fedora.) Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> 
From the OpenSSL Security Advisory [05 Jun 2014]
http://www.openssl.org/news/secadv_20140605.txt

DTLS recursion flaw (CVE-2014-0221)

By sending an invalid DTLS handshake to an OpenSSL DTLS client the code
can be made to recurse eventually crashing in a DoS attack.

Only applications using OpenSSL as a DTLS client are affected.

(Patch borrowed from Fedora.)

Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
openssl: use upstream fix for CVE-2014-0198 2014-06-09T12:57:13+00:00 Paul Eggleton paul.eggleton@linux.intel.com 2014-06-09T10:23:28+00:00 26a6e230ebb4f69c992ec909d46d586ee42bfdf6 This replaces the fix for CVE-2014-0198 with one borrowed from Fedora, which is the same as the patch which was actually applied upstream for the issue, i.e.: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=b107586c0c3447ea22dba8698ebbcd81bb29d48c Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> 
This replaces the fix for CVE-2014-0198 with one borrowed from Fedora,
which is the same as the patch which was actually applied upstream for
the issue, i.e.:

https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=b107586c0c3447ea22dba8698ebbcd81bb29d48c

Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
openssl: fix CVE-2014-0195 2014-06-09T12:57:13+00:00 Paul Eggleton paul.eggleton@linux.intel.com 2014-06-09T10:21:20+00:00 aac6d15448e9a471a8d4ce086538b39f0b928518 From the OpenSSL Security Advisory [05 Jun 2014] http://www.openssl.org/news/secadv_20140605.txt DTLS invalid fragment vulnerability (CVE-2014-0195) A buffer overrun attack can be triggered by sending invalid DTLS fragments to an OpenSSL DTLS client or server. This is potentially exploitable to run arbitrary code on a vulnerable client or server. Only applications using OpenSSL as a DTLS client or server affected. (Patch borrowed from Fedora.) Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> 
From the OpenSSL Security Advisory [05 Jun 2014]
http://www.openssl.org/news/secadv_20140605.txt

DTLS invalid fragment vulnerability (CVE-2014-0195)

A buffer overrun attack can be triggered by sending invalid DTLS fragments
to an OpenSSL DTLS client or server. This is potentially exploitable to
run arbitrary code on a vulnerable client or server.

Only applications using OpenSSL as a DTLS client or server affected.

(Patch borrowed from Fedora.)

Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
openssl: fix CVE-2014-0198 2014-05-12T16:06:22+00:00 Maxin B. John maxin.john@enea.com 2014-05-09T21:20:01+00:00 ffe6bdcb896dc39750144944be1f635baf33f6a0 A null pointer dereference bug was discovered in do_ssl3_write(). An attacker could possibly use this to cause OpenSSL to crash, resulting in a denial of service. https://access.redhat.com/security/cve/CVE-2014-0198 Signed-off-by: Maxin B. John <maxin.john@enea.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
A null pointer dereference bug was discovered in do_ssl3_write().
An attacker could possibly use this to cause OpenSSL to crash, resulting
in a denial of service.

https://access.redhat.com/security/cve/CVE-2014-0198

Signed-off-by: Maxin B. John <maxin.john@enea.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
openssl: bump PR 2014-04-11T13:17:19+00:00 Paul Eggleton paul.eggleton@linux.intel.com 2014-04-11T12:29:51+00:00 c50da4a2c1128f599b2c66d06b7d2ea80215f9d0 We don't normally do this, but with the recent CVE fixes (most importantly the one for the serious CVE-2014-0160 vulnerability) I am bumping PR explicitly to make it a bit more obvious that the patch has been applied. Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
We don't normally do this, but with the recent CVE fixes (most
importantly the one for the serious CVE-2014-0160 vulnerability) I am
bumping PR explicitly to make it a bit more obvious that the patch has
been applied.

Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
openssl: backport fix for CVE-2014-0160 2014-04-09T07:59:00+00:00 Paul Eggleton paul.eggleton@linux.intel.com 2014-04-08T18:37:40+00:00 bebed954e8fea9d805a0eb6b284dd90177379242 Fixes the "heartbleed" TLS vulnerability (CVE-2014-0160). More information here: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160 Patch borrowed from Debian; this is just a tweaked version of the upstream commit (without patching the CHANGES file which otherwise would fail to apply on top of this version). Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
Fixes the "heartbleed" TLS vulnerability (CVE-2014-0160). More
information here:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160

Patch borrowed from Debian; this is just a tweaked version of the
upstream commit (without patching the CHANGES file which otherwise
would fail to apply on top of this version).

Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Security Advisory - openssl - CVE-2013-6449 2014-04-09T07:59:00+00:00 Yue Tao Yue.Tao@windriver.com 2014-04-08T18:37:39+00:00 0d3d2d7062a181e878435487c06e26c6547e492f The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2 obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service (daemon crash) via crafted traffic from a TLS 1.2 client. (From OE-Core master rev: 3e0ac7357a962e3ef6595d21ec4843b078a764dd) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2
obtains a certain version number from an incorrect data structure, which
allows remote attackers to cause a denial of service (daemon crash) via
crafted traffic from a TLS 1.2 client.

(From OE-Core master rev: 3e0ac7357a962e3ef6595d21ec4843b078a764dd)

Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>