Date: Wed, 30 Apr 2014 14:58:51 +0200 From: Lukasz <lukasz@chroot.pl> To: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-14:09.openssl Message-ID: <5360F38B.3000205@chroot.pl> In-Reply-To: <201404300435.s3U4ZAga093727@freefall.freebsd.org> References: <201404300435.s3U4ZAga093727@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi! Is there something missing in this SA? 2) "b) Execute the following commands as root: # cd /usr/src # patch < /path/to/patch Recompile the operating system using buildworld and installworld as described in <URL:http://www.FreeBSD.org/handbook/makeworld.html>." Regards. On 04/30/2014 06:35 AM, FreeBSD Security Advisories wrote: > ============================================================================= > FreeBSD-SA-14:09.openssl Security Advisory > The FreeBSD Project > > Topic: OpenSSL use-after-free vulnerability > > Category: contrib > Module: openssl > Announced: 2014-04-30 > Affects: FreeBSD 10.x. > Corrected: 2014-04-30 04:03:05 UTC (stable/10, 10.0-STABLE) > 2014-04-30 04:04:42 UTC (releng/10.0, 10.0-RELEASE-p2) > CVE Name: CVE-2010-5298 > > For general information regarding FreeBSD Security Advisories, > including descriptions of the fields above, security branches, and the > following sections, please visit <URL:http://security.FreeBSD.org/>. > > I. Background > > FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is > a collaborative effort to develop a robust, commercial-grade, full-featured > Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) > and Transport Layer Security (TLS v1) protocols as well as a full-strength > general purpose cryptography library. > > OpenSSL context can be set to a mode called SSL_MODE_RELEASE_BUFFERS, which > requests the library to release the memory it holds when a read or write buffer > is no longer needed for the context. > > II. Problem Description > > The buffer may be released before the library have finished using it. It is > possible that a different SSL connection in the same process would use the > released buffer and write data into it. > > III. Impact > > An attacker may be able to inject data to a different connection that they > should not be able to. > > IV. Workaround > > No workaround is available, but systems that do not use OpenSSL to implement > the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) > protocols, or not using SSL_MODE_RELEASE_BUFFERS and use the same process > to handle multiple SSL connections, are not vulnerable. > > The FreeBSD base system service daemons and utilities do not use the > SSL_MODE_RELEASE_BUFFERS mode. However, many third party software uses this > mode to reduce their memory footprint and may therefore be affected by this > issue. > > V. Solution > > Perform one of the following: > > 1) Upgrade your vulnerable system to a supported FreeBSD stable or > release / security branch (releng) dated after the correction date. > > 2) To update your vulnerable system via a source code patch: > > The following patches have been verified to apply to the applicable > FreeBSD release branches. > > a) Download the relevant patch from the location below, and verify the > detached PGP signature using your PGP utility. > > # fetch http://security.FreeBSD.org/patches/SA-14:09/openssl.patch > # fetch http://security.FreeBSD.org/patches/SA-14:09/openssl.patch.asc > # gpg --verify openssl.patch.asc > > Restart all deamons using the library, or reboot the system. > > 3) To update your vulnerable system via a binary patch: > > Systems running a RELEASE version of FreeBSD on the i386 or amd64 > platforms can be updated via the freebsd-update(8) utility: > > # freebsd-update fetch > # freebsd-update install > > VI. Correction details > > The following list contains the correction revision numbers for each > affected branch. > > Branch/path Revision > ------------------------------------------------------------------------- > stable/10/ r265122 > releng/10.0/ r265124 > ------------------------------------------------------------------------- > > To see which files were modified by a particular revision, run the > following command, replacing NNNNNN with the revision number, on a > machine with Subversion installed: > > # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base > > Or visit the following URL, replacing NNNNNN with the revision number: > > <URL:http://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>; > > VII. References > > <URL:http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/004_openssl.patch.sig>; > > <URL:https://rt.openssl.org/Ticket/Display.html?id=2167&user=guest&pass=guest>; > > <URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298>; > > The latest revision of this advisory is available at > <URL:http://security.FreeBSD.org/advisories/FreeBSD-SA-14:09.openssl.asc>; > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5360F38B.3000205>