[arch-security] [ASA-201507-12] lib32-openssl: man-in-the-middle
anthraxx at archlinux.org
Mon Jul 13 15:04:53 UTC 2015
Arch Linux Security Advisory ASA-201507-12
Date : 2015-07-13
CVE-ID : CVE-2015-1793
Package : lib32-openssl
Type : man-in-the-middle
Remote : Yes
Link : https://wiki.archlinux.org/index.php/CVE
The package lib32-openssl before version 1.0.2.d-1 is vulnerable to
Upgrade to 1.0.2.d-1.
# pacman -Syu "lib32-openssl>=1.0.2.d-1"
The problem has been fixed upstream in version 1.0.2.d.
During certificate verification, OpenSSL will attempt to find an
alternative certificate chain if the first attempt to build such a chain
fails. An error in the implementation of this logic can mean that an
attacker could cause certain checks on untrusted certificates to be
bypassed, such as the CA flag, enabling them to use a valid leaf
certificate to act as a CA and "issue" an invalid certificate.
This issue will impact any application that verifies certificates
including SSL/TLS/DTLS clients and SSL/TLS/DTLS servers using client
A remote attacker is able to use a valid leaf certificate to act as a CA
and "issue" an invalid certificate that behaves valid to possibly
perform a man-in-the-middle attack.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
Desc: OpenPGP digital signature
More information about the arch-security