CVS commit: [pkgsrc-2016Q1] pkgsrc/security/openssl

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: [pkgsrc-2016Q1] pkgsrc/security/openssl
From: "Benny Siegert" <bsiegert%netbsd.org@localhost>
Date: Wed, 11 May 2016 15:04:17 +0000

Module Name:    pkgsrc
Committed By:   bsiegert
Date:           Wed May 11 15:04:17 UTC 2016

Modified Files:
        pkgsrc/security/openssl [pkgsrc-2016Q1]: Makefile PLIST.common distinfo

Log Message:
Pullup ticket #5013 - requested by taca
security/openssl: security fix

Revisions pulled up:
- security/openssl/Makefile                                     1.223
- security/openssl/PLIST.common                                 1.29
- security/openssl/distinfo                                     1.122

---
   Module Name: pkgsrc
   Committed By:        jperkin
   Date:                Tue May  3 14:51:17 UTC 2016

   Modified Files:
        pkgsrc/security/openssl: Makefile PLIST.common distinfo

   Log Message:
   Update security/openssl to version 1.0.2h.

   Changes between 1.0.2g and 1.0.2h [3 May 2016]

   *) Prevent padding oracle in AES-NI CBC MAC check

     A MITM attacker can use a padding oracle attack to decrypt traffic
     when the connection uses an AES CBC cipher and the server support
     AES-NI.

     This issue was introduced as part of the fix for Lucky 13 padding
     attack (CVE-2013-0169). The padding check was rewritten to be in
     constant time by making sure that always the same bytes are read and
     compared against either the MAC or padding bytes. But it no longer
     checked that there was enough data to have both the MAC and padding
     bytes.

     This issue was reported by Juraj Somorovsky using TLS-Attacker.
     (CVE-2016-2107)
     [Kurt Roeckx]

   *) Fix EVP_EncodeUpdate overflow

     An overflow can occur in the EVP_EncodeUpdate() function which is used for
     Base64 encoding of binary data. If an attacker is able to supply very large
     amounts of input data then a length check can overflow resulting in a heap
     corruption.

     Internally to OpenSSL the EVP_EncodeUpdate() function is primarly used by
     the PEM_write_bio* family of functions. These are mainly used within the
     OpenSSL command line applications, so any application which processes data
     from an untrusted source and outputs it as a PEM file should be considered
     vulnerable to this issue. User applications that call these APIs directly
     with large amounts of untrusted data may also be vulnerable.

     This issue was reported by Guido Vranken.
     (CVE-2016-2105)
     [Matt Caswell]

   *) Fix EVP_EncryptUpdate overflow

     An overflow can occur in the EVP_EncryptUpdate() function. If an attacker
     is able to supply very large amounts of input data after a previous call to
     EVP_EncryptUpdate() with a partial block then a length check can overflow
     resulting in a heap corruption. Following an analysis of all OpenSSL
     internal usage of the EVP_EncryptUpdate() function all usage is one of two
     forms. The first form is where the EVP_EncryptUpdate() call is known to be
     the first called function after an EVP_EncryptInit(), and therefore that
     specific call must be safe. The second form is where the length passed to
     EVP_EncryptUpdate() can be seen from the code to be some small value and
     therefore there is no possibility of an overflow. Since all instances are
     one of these two forms, it is believed that there can be no overflows in
     internal code due to this problem. It should be noted that
     EVP_DecryptUpdate() can call EVP_EncryptUpdate() in certain code paths.
     Also EVP_CipherUpdate() is a synonym for EVP_EncryptUpdate(). All instances
     of these calls have also been analysed too and it is believed there are no
     instances in internal usage where an overflow could occur.

     This issue was reported by Guido Vranken.
     (CVE-2016-2106)
     [Matt Caswell]

   *) Prevent ASN.1 BIO excessive memory allocation

     When ASN.1 data is read from a BIO using functions such as d2i_CMS_bio()
     a short invalid encoding can casuse allocation of large amounts of memory
     potentially consuming excessive resources or exhausting memory.

     Any application parsing untrusted data through d2i BIO functions is
     affected. The memory based functions such as d2i_X509() are *not* affected.
     Since the memory based functions are used by the TLS library, TLS
     applications are not affected.

     This issue was reported by Brian Carpenter.
     (CVE-2016-2109)
     [Stephen Henson]

   *) EBCDIC overread

     ASN1 Strings that are over 1024 bytes can cause an overread in applications
     using the X509_NAME_oneline() function on EBCDIC systems. This could result
     in arbitrary stack data being returned in the buffer.

     This issue was reported by Guido Vranken.
     (CVE-2016-2176)
     [Matt Caswell]

   *) Modify behavior of ALPN to invoke callback after SNI/servername
     callback, such that updates to the SSL_CTX affect ALPN.
     [Todd Short]

   *) Remove LOW from the DEFAULT cipher list.  This removes singles DES from the
     default.
     [Kurt Roeckx]

   *) Only remove the SSLv2 methods with the no-ssl2-method option. When the
     methods are enabled and ssl2 is disabled the methods return NULL.
     [Kurt Roeckx]


To generate a diff of this commit:
cvs rdiff -u -r1.222 -r1.222.2.1 pkgsrc/security/openssl/Makefile
cvs rdiff -u -r1.28 -r1.28.2.1 pkgsrc/security/openssl/PLIST.common
cvs rdiff -u -r1.121 -r1.121.2.1 pkgsrc/security/openssl/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: [pkgsrc-2016Q1] pkgsrc/devel/xulrunner192
Next by Date: CVS commit: [pkgsrc-2016Q1] pkgsrc/doc
Previous by Thread: CVS commit: [pkgsrc-2016Q1] pkgsrc/devel/xulrunner192
Next by Thread: CVS commit: [pkgsrc-2016Q1] pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index