My next class:

OpenSSL Update Released

Published: 2016-09-22. Last Updated: 2016-09-22 13:52:16 UTC
by Johannes Ullrich (Version: 1)
2 comment(s)

As announced earlier this week, OpenSSL released an update today for all currently supported versions (1.0.1, 1.0.2, 1.1.0).

The update fixes 14 different vulnerabilities. Only one vulnerability is rated "High". This vulnerability, CVE-2016-6304, can lead to memory exhaustion and a denial of service if the client sends multiple large OCSP requests.

With this update, the latest versions of OpenSSL for the various branches are 1.0.1u, 1.0.2i and 1.1.0a. All three branches are currently supported.

The table below shows which vulnerabilities apply to each branch.

CVE Description Rating 1.0.1 1.0.2 1.1.0
CVE-2016-6304 OCSP Status Request extension unbounded memory growth High x x x
CVE-2016-6305 SSL_peek() hang on empty record (CVE-2016-6305) Moderate     x
CVE-2016-2183 SWEET32 Mitigation (CVE-2016-2183) Low x x  
CVE-2016-6303 OOB write in MDC2_Update() Low x x  
CVE-2016-6302 Malformed SHA512 ticket DoS Low x x  
CVE-2016-2182 OOB write in BN_bn2dec() Low x x  
CVE-2016-2180 OOB read in TS_OBJ_print_bio() (CVE-2016-2180) Low x x  
CVE-2016-2177 Pointer arithmetic undefined behaviour (CVE-2016-2177) Low x x  
CVE-2016-2178 Constant time flag not preserved in DSA signing Low x x  
CVE-2016-2179 DTLS buffered message DoS Low x x  
CVE-2016-2181 DTLS replay protection DoS Low x x  
CVE-2016-6306 Certificate message OOB reads Low x x  
CVE-2016-6307 Excessive allocation of memory in tls_get_message_header() Low     x
CVE-2016-6308 Excessive allocation of memory in dtls1_preprocess_fragment() Low     x

---
Johannes B. Ullrich, Ph.D.
STI|Twitter|LinkedIn

 

Keywords:
2 comment(s)
My next class:

Comments

SA can be found at https://www.openssl.org/news/secadv/20160922.txt
SWEET32 disclosure at https://sweet32.info/. Affects 64-bit block ciphers; i.e. 3DES and Blowfish. Similar to BEAST for RC4 and need 32GB of data for successful attack though.


OpenSSL blog at https://www.openssl.org/blog/blog/2016/08/24/sweet32/ states that "triple-DES should now be considered as “bad” as RC4".

WinXP was the last major OS that requires 3DES as it does not support AES. (There is a patch for AES support to Windows Server 2003). Time to deprecate or remove 3DES cipher support from web servers.

Blowfish is the default for OpenVPN. Wiki entry at https://community.openvpn.net/openvpn/wiki/SWEET32.

Diary Archives