Arch Linux Security Advisory ASA-201603-2 ========================================= Severity: High Date : 2016-03-07 CVE-ID : CVE-2016-0702 CVE-2016-0705 CVE-2016-0797 CVE-2016-0798 CVE-2016-0799 CVE-2016-0800 Package : openssl Type : multiple issues Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package openssl before version 1.0.2.g-3 is vulnerable to multiple issues including but not limited to private key extraction, denial of service, arbitrary code execution, resource consumption and cross-protocol attacks leading to cipher text decryption. Resolution ========== Upgrade to 1.0.2.g-3. # pacman -Syu "openssl>=1.0.2.g-3" The problems have been fixed upstream in version 1.0.2.g-3. Workaround ========== None. Description =========== - CVE-2016-0702 (private key extraction) A side-channel attack was found that makes use of cache-bank conflicts on the Intel Sandy-Bridge microarchitecture. An attacker who has the ability to control code in a thread running on the same hyper-threaded core as the victim's thread that is performing decryption, could use this flaw to recover RSA private keys. - CVE-2016-0705 (denial of service) A double-free flaw was found in the way OpenSSL parsed certain malformed DSA (Digital Signature Algorithm) private keys. An attacker could create specially crafted DSA private keys that, when processed by an application compiled against OpenSSL, could cause the application to crash. - CVE-2016-0797 (arbitrary code execution) An integer overflow flaw, leading to a NULL pointer dereference or a heap-based memory corruption, was found in the way some BIGNUM functions of OpenSSL were implemented. Applications that use these functions with large untrusted input could crash or, potentially, execute arbitrary code. - CVE-2016-0798 (resource consumption) A memory leak flaw was found in the way OpenSSL performed SRP user database look-ups using the SRP_VBASE_get_by_user() function. A remote attacker connecting to certain SRP servers with an invalid user name could leak approximately 300 bytes of the server's memory per connection. - CVE-2016-0799 (denial of service) The fmtstr function in crypto/bio/b_print.c improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842. - CVE-2016-0800 (cross-protocol attack) A padding oracle flaw was found in the Secure Sockets Layer version 2.0 (SSLv2) protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN. Impact ====== A remote attacker is able to use multiple issues to perform a denial of service attack, trigger a memory leak resulting in resource consumption, use a cross-protocol attack that is leading to cipher text decryption or possibly execute arbitrary code under certain circumstances. Furthermore a local attacker may be able to extract the RSA private key by running code in a thread that is running on the same hyper-threaded core as the victim's thread that is performing decryption. References ========== https://www.openssl.org/news/secadv/20160301.txt https://access.redhat.com/security/cve/CVE-2016-0702 https://access.redhat.com/security/cve/CVE-2016-0705 https://access.redhat.com/security/cve/CVE-2016-0797 https://access.redhat.com/security/cve/CVE-2016-0798 https://access.redhat.com/security/cve/CVE-2016-0799 https://access.redhat.com/security/cve/CVE-2016-0800