FreeBSD Security Advisory FreeBSD-SA-14:09.openssl
Lukasz
lukasz at chroot.pl
Wed Apr 30 12:58:56 UTC 2014
Hi!
Is there something missing in this SA?
2)
"b) Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
Recompile the operating system using buildworld and installworld as
described in <URL:http://www.FreeBSD.org/handbook/makeworld.html>."
Regards.
On 04/30/2014 06:35 AM, FreeBSD Security Advisories wrote:
> =============================================================================
> FreeBSD-SA-14:09.openssl Security Advisory
> The FreeBSD Project
>
> Topic: OpenSSL use-after-free vulnerability
>
> Category: contrib
> Module: openssl
> Announced: 2014-04-30
> Affects: FreeBSD 10.x.
> Corrected: 2014-04-30 04:03:05 UTC (stable/10, 10.0-STABLE)
> 2014-04-30 04:04:42 UTC (releng/10.0, 10.0-RELEASE-p2)
> CVE Name: CVE-2010-5298
>
> For general information regarding FreeBSD Security Advisories,
> including descriptions of the fields above, security branches, and the
> following sections, please visit <URL:http://security.FreeBSD.org/>.
>
> I. Background
>
> FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is
> a collaborative effort to develop a robust, commercial-grade, full-featured
> Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)
> and Transport Layer Security (TLS v1) protocols as well as a full-strength
> general purpose cryptography library.
>
> OpenSSL context can be set to a mode called SSL_MODE_RELEASE_BUFFERS, which
> requests the library to release the memory it holds when a read or write buffer
> is no longer needed for the context.
>
> II. Problem Description
>
> The buffer may be released before the library have finished using it. It is
> possible that a different SSL connection in the same process would use the
> released buffer and write data into it.
>
> III. Impact
>
> An attacker may be able to inject data to a different connection that they
> should not be able to.
>
> IV. Workaround
>
> No workaround is available, but systems that do not use OpenSSL to implement
> the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
> protocols, or not using SSL_MODE_RELEASE_BUFFERS and use the same process
> to handle multiple SSL connections, are not vulnerable.
>
> The FreeBSD base system service daemons and utilities do not use the
> SSL_MODE_RELEASE_BUFFERS mode. However, many third party software uses this
> mode to reduce their memory footprint and may therefore be affected by this
> issue.
>
> V. Solution
>
> Perform one of the following:
>
> 1) Upgrade your vulnerable system to a supported FreeBSD stable or
> release / security branch (releng) dated after the correction date.
>
> 2) To update your vulnerable system via a source code patch:
>
> The following patches have been verified to apply to the applicable
> FreeBSD release branches.
>
> a) Download the relevant patch from the location below, and verify the
> detached PGP signature using your PGP utility.
>
> # fetch http://security.FreeBSD.org/patches/SA-14:09/openssl.patch
> # fetch http://security.FreeBSD.org/patches/SA-14:09/openssl.patch.asc
> # gpg --verify openssl.patch.asc
>
> Restart all deamons using the library, or reboot the system.
>
> 3) To update your vulnerable system via a binary patch:
>
> Systems running a RELEASE version of FreeBSD on the i386 or amd64
> platforms can be updated via the freebsd-update(8) utility:
>
> # freebsd-update fetch
> # freebsd-update install
>
> VI. Correction details
>
> The following list contains the correction revision numbers for each
> affected branch.
>
> Branch/path Revision
> -------------------------------------------------------------------------
> stable/10/ r265122
> releng/10.0/ r265124
> -------------------------------------------------------------------------
>
> To see which files were modified by a particular revision, run the
> following command, replacing NNNNNN with the revision number, on a
> machine with Subversion installed:
>
> # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
>
> Or visit the following URL, replacing NNNNNN with the revision number:
>
> <URL:http://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
>
> VII. References
>
> <URL:http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/004_openssl.patch.sig>
>
> <URL:https://rt.openssl.org/Ticket/Display.html?id=2167&user=guest&pass=guest>
>
> <URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298>
>
> The latest revision of this advisory is available at
> <URL:http://security.FreeBSD.org/advisories/FreeBSD-SA-14:09.openssl.asc>
> _______________________________________________
> freebsd-security at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org"
>
More information about the freebsd-security
mailing list