From ff4ef5e93678718c4d130530e6a8a8dbd146ea7b Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Jun 10 2014 12:13:31 +0000 Subject: import openssl-1.0.1e-34.el7_0.3 --- diff --git a/SOURCES/openssl-1.0.1e-cve-2010-5298.patch b/SOURCES/openssl-1.0.1e-cve-2010-5298.patch new file mode 100644 index 0000000..b4f92cd --- /dev/null +++ b/SOURCES/openssl-1.0.1e-cve-2010-5298.patch @@ -0,0 +1,21 @@ +From: Ben Laurie +Date: Wed, 23 Apr 2014 06:24:03 +0000 (+0100) +Subject: Fix use after free. +X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=94d1f4b + +Fix use after free. +--- + +diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c +index b9e45c7..d601a18 100644 +--- a/ssl/s3_pkt.c ++++ b/ssl/s3_pkt.c +@@ -1334,7 +1334,7 @@ start: + { + s->rstate=SSL_ST_READ_HEADER; + rr->off=0; +- if (s->mode & SSL_MODE_RELEASE_BUFFERS) ++ if (s->mode & SSL_MODE_RELEASE_BUFFERS && s->s3->rbuf.left == 0) + ssl3_release_read_buffer(s); + } + } diff --git a/SOURCES/openssl-1.0.1e-cve-2014-0195.patch b/SOURCES/openssl-1.0.1e-cve-2014-0195.patch new file mode 100644 index 0000000..434eee2 --- /dev/null +++ b/SOURCES/openssl-1.0.1e-cve-2014-0195.patch @@ -0,0 +1,36 @@ +commit 208d54db20d58c9a5e45e856a0650caadd7d9612 +Author: Dr. Stephen Henson +Date: Tue May 13 18:48:31 2014 +0100 + + Fix for CVE-2014-0195 + + A buffer overrun attack can be triggered by sending invalid DTLS fragments + to an OpenSSL DTLS client or server. This is potentially exploitable to + run arbitrary code on a vulnerable client or server. + + Fixed by adding consistency check for DTLS fragments. + + Thanks to Jüri Aedla for reporting this issue. + +diff --git a/ssl/d1_both.c b/ssl/d1_both.c +index 2e8cf68..07f67f8 100644 +--- a/ssl/d1_both.c ++++ b/ssl/d1_both.c +@@ -627,7 +627,16 @@ dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok) + frag->msg_header.frag_off = 0; + } + else ++ { + frag = (hm_fragment*) item->data; ++ if (frag->msg_header.msg_len != msg_hdr->msg_len) ++ { ++ item = NULL; ++ frag = NULL; ++ goto err; ++ } ++ } ++ + + /* If message is already reassembled, this must be a + * retransmit and can be dropped. + diff --git a/SOURCES/openssl-1.0.1e-cve-2014-0198.patch b/SOURCES/openssl-1.0.1e-cve-2014-0198.patch new file mode 100644 index 0000000..2c94bca --- /dev/null +++ b/SOURCES/openssl-1.0.1e-cve-2014-0198.patch @@ -0,0 +1,33 @@ +From: Matt Caswell +Date: Sun, 11 May 2014 23:38:37 +0000 (+0100) +Subject: Fixed NULL pointer dereference. See PR#3321 +X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=b107586 + +Fixed NULL pointer dereference. See PR#3321 +--- + +diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c +index 40eb0dd..d961d12 100644 +--- a/ssl/s3_pkt.c ++++ b/ssl/s3_pkt.c +@@ -657,9 +657,6 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, + SSL3_BUFFER *wb=&(s->s3->wbuf); + SSL_SESSION *sess; + +- if (wb->buf == NULL) +- if (!ssl3_setup_write_buffer(s)) +- return -1; + + /* first check if there is a SSL3_BUFFER still being written + * out. This will happen with non blocking IO */ +@@ -675,6 +672,10 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, + /* if it went, fall through and send more stuff */ + } + ++ if (wb->buf == NULL) ++ if (!ssl3_setup_write_buffer(s)) ++ return -1; ++ + if (len == 0 && !create_empty_fragment) + return 0; + diff --git a/SOURCES/openssl-1.0.1e-cve-2014-0221.patch b/SOURCES/openssl-1.0.1e-cve-2014-0221.patch new file mode 100644 index 0000000..deb3a8b --- /dev/null +++ b/SOURCES/openssl-1.0.1e-cve-2014-0221.patch @@ -0,0 +1,34 @@ +commit d30e582446b027868cdabd0994681643682045a4 +Author: Dr. Stephen Henson +Date: Fri May 16 13:00:45 2014 +0100 + + Fix CVE-2014-0221 + + Unnecessary recursion when receiving a DTLS hello request can be used to + crash a DTLS client. Fixed by handling DTLS hello request without recursion. + + Thanks to Imre Rad (Search-Lab Ltd.) for discovering this issue. + +diff --git a/ssl/d1_both.c b/ssl/d1_both.c +index 07f67f8..4c2fd03 100644 +--- a/ssl/d1_both.c ++++ b/ssl/d1_both.c +@@ -793,6 +793,7 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok) + int i,al; + struct hm_header_st msg_hdr; + ++ redo: + /* see if we have the required fragment already */ + if ((frag_len = dtls1_retrieve_buffered_fragment(s,max,ok)) || *ok) + { +@@ -851,8 +852,7 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok) + s->msg_callback_arg); + + s->init_num = 0; +- return dtls1_get_message_fragment(s, st1, stn, +- max, ok); ++ goto redo; + } + else /* Incorrectly formated Hello request */ + { + diff --git a/SOURCES/openssl-1.0.1e-cve-2014-0224.patch b/SOURCES/openssl-1.0.1e-cve-2014-0224.patch new file mode 100644 index 0000000..173f0e1 --- /dev/null +++ b/SOURCES/openssl-1.0.1e-cve-2014-0224.patch @@ -0,0 +1,88 @@ +diff -up openssl-1.0.1e/ssl/ssl3.h.keying-mitm openssl-1.0.1e/ssl/ssl3.h +--- openssl-1.0.1e/ssl/ssl3.h.keying-mitm 2014-06-02 19:48:04.518100562 +0200 ++++ openssl-1.0.1e/ssl/ssl3.h 2014-06-02 19:48:04.642103429 +0200 +@@ -388,6 +388,7 @@ typedef struct ssl3_buffer_st + #define TLS1_FLAGS_TLS_PADDING_BUG 0x0008 + #define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010 + #define TLS1_FLAGS_KEEP_HANDSHAKE 0x0020 ++#define SSL3_FLAGS_CCS_OK 0x0080 + + /* SSL3_FLAGS_SGC_RESTART_DONE is set when we + * restart a handshake because of MS SGC and so prevents us +diff -up openssl-1.0.1e/ssl/s3_clnt.c.keying-mitm openssl-1.0.1e/ssl/s3_clnt.c +--- openssl-1.0.1e/ssl/s3_clnt.c.keying-mitm 2013-02-11 16:26:04.000000000 +0100 ++++ openssl-1.0.1e/ssl/s3_clnt.c 2014-06-02 19:49:57.042701985 +0200 +@@ -559,6 +559,7 @@ int ssl3_connect(SSL *s) + case SSL3_ST_CR_FINISHED_A: + case SSL3_ST_CR_FINISHED_B: + ++ s->s3->flags |= SSL3_FLAGS_CCS_OK; + ret=ssl3_get_finished(s,SSL3_ST_CR_FINISHED_A, + SSL3_ST_CR_FINISHED_B); + if (ret <= 0) goto end; +@@ -916,6 +917,7 @@ int ssl3_get_server_hello(SSL *s) + SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT); + goto f_err; + } ++ s->s3->flags |= SSL3_FLAGS_CCS_OK; + s->hit=1; + } + else /* a miss or crap from the other end */ +diff -up openssl-1.0.1e/ssl/s3_pkt.c.keying-mitm openssl-1.0.1e/ssl/s3_pkt.c +--- openssl-1.0.1e/ssl/s3_pkt.c.keying-mitm 2014-06-02 19:48:04.640103383 +0200 ++++ openssl-1.0.1e/ssl/s3_pkt.c 2014-06-02 19:48:04.643103452 +0200 +@@ -1298,6 +1298,15 @@ start: + goto f_err; + } + ++ if (!(s->s3->flags & SSL3_FLAGS_CCS_OK)) ++ { ++ al=SSL_AD_UNEXPECTED_MESSAGE; ++ SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_CCS_RECEIVED_EARLY); ++ goto f_err; ++ } ++ ++ s->s3->flags &= ~SSL3_FLAGS_CCS_OK; ++ + rr->length=0; + + if (s->msg_callback) +@@ -1432,7 +1441,7 @@ int ssl3_do_change_cipher_spec(SSL *s) + + if (s->s3->tmp.key_block == NULL) + { +- if (s->session == NULL) ++ if (s->session == NULL || s->session->master_key_length == 0) + { + /* might happen if dtls1_read_bytes() calls this */ + SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC,SSL_R_CCS_RECEIVED_EARLY); +diff -up openssl-1.0.1e/ssl/s3_srvr.c.keying-mitm openssl-1.0.1e/ssl/s3_srvr.c +--- openssl-1.0.1e/ssl/s3_srvr.c.keying-mitm 2014-06-02 19:48:04.630103151 +0200 ++++ openssl-1.0.1e/ssl/s3_srvr.c 2014-06-02 19:48:04.643103452 +0200 +@@ -673,6 +673,7 @@ int ssl3_accept(SSL *s) + case SSL3_ST_SR_CERT_VRFY_A: + case SSL3_ST_SR_CERT_VRFY_B: + ++ s->s3->flags |= SSL3_FLAGS_CCS_OK; + /* we should decide if we expected this one */ + ret=ssl3_get_cert_verify(s); + if (ret <= 0) goto end; +@@ -700,6 +701,7 @@ int ssl3_accept(SSL *s) + + case SSL3_ST_SR_FINISHED_A: + case SSL3_ST_SR_FINISHED_B: ++ s->s3->flags |= SSL3_FLAGS_CCS_OK; + ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A, + SSL3_ST_SR_FINISHED_B); + if (ret <= 0) goto end; +@@ -770,7 +772,10 @@ int ssl3_accept(SSL *s) + s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A; + #else + if (s->s3->next_proto_neg_seen) ++ { ++ s->s3->flags |= SSL3_FLAGS_CCS_OK; + s->s3->tmp.next_state=SSL3_ST_SR_NEXT_PROTO_A; ++ } + else + s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A; + #endif diff --git a/SOURCES/openssl-1.0.1e-cve-2014-3470.patch b/SOURCES/openssl-1.0.1e-cve-2014-3470.patch new file mode 100644 index 0000000..32f4487 --- /dev/null +++ b/SOURCES/openssl-1.0.1e-cve-2014-3470.patch @@ -0,0 +1,26 @@ +commit 4ad43d511f6cf064c66eb4bfd0fb0919b5dd8a86 +Author: Dr. Stephen Henson +Date: Thu May 29 15:00:05 2014 +0100 + + Fix CVE-2014-3470 + + Check session_cert is not NULL before dereferencing it. + +diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c +index d35376d..4324f8d 100644 +--- a/ssl/s3_clnt.c ++++ b/ssl/s3_clnt.c +@@ -2511,6 +2511,13 @@ int ssl3_send_client_key_exchange(SSL *s) + int ecdh_clnt_cert = 0; + int field_size = 0; + ++ if (s->session->sess_cert == NULL) ++ { ++ ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE); ++ SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE); ++ goto err; ++ } ++ + /* Did we send out the client's + * ECDH share for use in premaster + * computation as part of client certificate? diff --git a/SPECS/openssl.spec b/SPECS/openssl.spec index a67dd77..886fbf2 100644 --- a/SPECS/openssl.spec +++ b/SPECS/openssl.spec @@ -23,7 +23,7 @@ Summary: Utilities from the general purpose cryptography library with TLS implementation Name: openssl Version: 1.0.1e -Release: 34%{?dist} +Release: 34%{?dist}.3 Epoch: 1 # We have to remove certain patented algorithms from the openssl source # tarball with the hobble-openssl script which is included below. @@ -93,6 +93,12 @@ Patch87: openssl-1.0.1e-cve-2013-6450.patch Patch88: openssl-1.0.1e-cve-2013-4353.patch Patch89: openssl-1.0.1e-ephemeral-key-size.patch Patch90: openssl-1.0.1e-cve-2014-0160.patch +Patch91: openssl-1.0.1e-cve-2010-5298.patch +Patch92: openssl-1.0.1e-cve-2014-0195.patch +Patch93: openssl-1.0.1e-cve-2014-0198.patch +Patch94: openssl-1.0.1e-cve-2014-0221.patch +Patch95: openssl-1.0.1e-cve-2014-0224.patch +Patch96: openssl-1.0.1e-cve-2014-3470.patch License: OpenSSL Group: System Environment/Libraries @@ -217,6 +223,12 @@ cp %{SOURCE12} %{SOURCE13} crypto/ec/ %patch88 -p1 -b .handshake-crash %patch89 -p1 -b .ephemeral %patch90 -p1 -b .heartbeat +%patch91 -p1 -b .freelist +%patch92 -p1 -b .dtls1-overflow +%patch93 -p1 -b .null-deref +%patch94 -p1 -b .dtls1-dos +%patch95 -p1 -b .keying-mitm +%patch96 -p1 -b .anon-ecdh-dos sed -i 's/SHLIB_VERSION_NUMBER "1.0.0"/SHLIB_VERSION_NUMBER "%{version}"/' crypto/opensslv.h @@ -480,6 +492,14 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.* %postun libs -p /sbin/ldconfig %changelog +* Tue Jun 3 2014 Tomáš Mráz 1.0.1e-34.3 +- fix CVE-2010-5298 - possible use of memory after free +- fix CVE-2014-0195 - buffer overflow via invalid DTLS fragment +- fix CVE-2014-0198 - possible NULL pointer dereference +- fix CVE-2014-0221 - DoS from invalid DTLS handshake packet +- fix CVE-2014-0224 - SSL/TLS MITM vulnerability +- fix CVE-2014-3470 - client-side DoS when using anonymous ECDH + * Tue Apr 8 2014 Tomáš Mráz 1.0.1e-34 - fix CVE-2014-0160 - information disclosure in TLS heartbeat extension