[FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-21:17.openssl

FreeBSD Security Advisories security-advisories at freebsd.org
Tue Aug 24 20:53:05 UTC 2021

Hash: SHA512

FreeBSD-SA-21:17.openssl                                    Security Advisory
                                                          The FreeBSD Project

Topic:          Multiple vulnerabilities in OpenSSL

Category:       contrib
Module:         openssl
Announced:      2021-08-24
Affects:        FreeBSD 12.2 and FreeBSD 11.4
Corrected:      2021-02-18 23:55:09 UTC (stable/12, 12.2-STABLE)
                2021-08-24 18:32:22 UTC (releng/12.2, 12.2-RELEASE-p10)
                2021-02-19 16:21:03 UTC (stable/11, 11.4-STABLE)
                2021-08-24 18:31:34 UTC (releng/11.4, 11.4-RELEASE-p13)
CVE Name:       CVE-2021-23840, CVE-2021-23841

For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:https://security.FreeBSD.org/>.

I.   Background

FreeBSD includes software from the OpenSSL Project.  The OpenSSL Project is a
collaborative effort to develop a robust, commercial-grade, full-featured
Open Source toolkit for the Transport Layer Security (TLS) protocol.  It is
also a general-purpose cryptography library.

II.  Problem Description

This advisory covers two distinct OpenSSL issues:

Calls to EVP_CipherUpdate(), EVP_EncryptUpdate() and EVP_DecryptUpdate()
may overflow the output length argument in some cases where the input
length is close to the maximum permissable length for an integer on the
platform.  In such cases the return value from the function call will be
1 (indicating success), but the output length value will be negative.

The OpenSSL public API function X509_issuer_and_serial_hash() attempts
to create a unique hash value based on the issuer and serial number data
contained within an X509 certificate.  However it fails to correctly
handle any errors that may occur while parsing the issuer field (which
might occur if the issuer field is maliciously constructed).

III. Impact

The integer overflow in EVP_*Update() could cause applications to behave
incorrectly or crash leading to a potential denial of service attack.

The X509_issuer_and_serial_hash() issue may result in a NULL pointer
dereference and a crash leading to a potential denial of service attack.

IV.  Workaround

No workaround is available.

The function X509_issuer_and_serial_hash() is never directly called by
OpenSSL itself so applications are only vulnerable if they use this
function directly and they use it on certificates that may have been
obtained from untrusted sources.

V.   Solution

Upgrade your vulnerable system to a supported FreeBSD stable or
release / security branch (releng) dated after the correction date.

Perform one of the following:

1) To update your vulnerable system via a binary patch:

Systems running a RELEASE version of FreeBSD on the amd64, i386, or
(on FreeBSD 13 and later) arm64 platforms can be updated via the
freebsd-update(8) utility:

# freebsd-update fetch
# freebsd-update install

2) To update your vulnerable system via a source code patch:

The following patches have been verified to apply to the applicable
FreeBSD release branches.

a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.

[FreeBSD 12.2]
# fetch https://security.FreeBSD.org/patches/SA-21:17/openssl.12.patch
# fetch https://security.FreeBSD.org/patches/SA-21:17/openssl.12.patch.asc
# gpg --verify openssl.12.patch.asc

[FreeBSD 11.4]
# fetch https://security.FreeBSD.org/patches/SA-21:17/openssl.11.patch
# fetch https://security.FreeBSD.org/patches/SA-21:17/openssl.11.patch.asc
# gpg --verify openssl.11.patch.asc

b) Apply the patch.  Execute the following commands as root:

# cd /usr/src
# patch < /path/to/patch

c) Recompile the operating system using buildworld and installworld as
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.

Restart all daemons that use the library, or reboot the system.

VI.  Correction details

This issue is corrected by the corresponding Git commit hash or Subversion
revision number in the following stable and release branches:

Branch/path                             Hash                     Revision
- -------------------------------------------------------------------------
stable/12/                                                        r369284
releng/12.2/                                                      r370397
stable/11/                                                        r369299
releng/11.4/                                                      r370389
- -------------------------------------------------------------------------

Run the following command to see which files were modified by a particular
revision, replacing NNNNNN with the revision number:

# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base

Or visit the following URL, replacing NNNNNN with the revision number:


VII. References



The latest revision of this advisory is available at


More information about the freebsd-announce mailing list