[Buildroot] [PATCH] package/libopenssl: security bump to version 1.1.1j

Peter Korsgaard peter at korsgaard.com
Wed Feb 17 16:23:02 UTC 2021


>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:

 > Fixes the following security issues:
 > - CVE-2021-23841: Null pointer deref in X509_issuer_and_serial_hash()

 >   The OpenSSL public API function X509_issuer_and_serial_hash() attempts to
 >   create a unique hash value based on the issuer and serial number data
 >   contained within an X509 certificate.  However it fails to correctly
 >   handle any errors that may occur while parsing the issuer field (which
 >   might occur if the issuer field is maliciously constructed).  This may
 >   subsequently result in a NULL pointer deref and a crash leading to a
 >   potential denial of service attack.

 >   The function X509_issuer_and_serial_hash() is never directly called by
 >   OpenSSL itself so applications are only vulnerable if they use this
 >   function directly and they use it on certificates that may have been
 >   obtained from untrusted sources.

 > - CVE-2021-23839: Incorrect SSLv2 rollback protection

 >   OpenSSL 1.0.2 supports SSLv2.  If a client attempts to negotiate SSLv2
 >   with a server that is configured to support both SSLv2 and more recent SSL
 >   and TLS versions then a check is made for a version rollback attack when
 >   unpadding an RSA signature.  Clients that support SSL or TLS versions
 >   greater than SSLv2 are supposed to use a special form of padding.  A
 >   server that supports greater than SSLv2 is supposed to reject connection
 >   attempts from a client where this special form of padding is present,
 >   because this indicates that a version rollback has occurred (i.e.  both
 >   client and server support greater than SSLv2, and yet this is the version
 >   that is being requested).

 >   The implementation of this padding check inverted the logic so that the
 >   connection attempt is accepted if the padding is present, and rejected if
 >   it is absent.  This means that such as server will accept a connection if
 >   a version rollback attack has occurred.  Further the server will
 >   erroneously reject a connection if a normal SSLv2 connection attempt is
 >   made.

 >   OpenSSL 1.1.1 does not have SSLv2 support and therefore is not vulnerable
 >   to this issue.  The underlying error is in the implementation of the
 >   RSA_padding_check_SSLv23() function.  This also affects the
 >   RSA_SSLV23_PADDING padding mode used by various other functions.  Although
 >   1.1.1 does not support SSLv2 the RSA_padding_check_SSLv23() function still
 >   exists, as does the RSA_SSLV23_PADDING padding mode.  Applications that
 >   directly call that function or use that padding mode will encounter this
 >   issue.  However since there is no support for the SSLv2 protocol in 1.1.1
 >   this is considered a bug and not a security issue in that version.

 > - CVE-2021-23840: Integer overflow in CipherUpdate

 >   Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may
 >   overflow the output length argument in some cases where the input length
 >   is close to the maximum permissable length for an integer on the platform.
 >   In such cases the return value from the function call will be 1
 >   (indicating success), but the output length value will be negative.  This
 >   could cause applications to behave incorrectly or crash.

 > For more details, see the advisory:
 > https://www.openssl.org/news/secadv/20210216.txt

 > Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
 > ---
 >  package/libopenssl/libopenssl.hash | 4 ++--
 >  package/libopenssl/libopenssl.mk   | 2 +-
 >  2 files changed, 3 insertions(+), 3 deletions(-)

Committed to 2020.02.x and 2020.11.x, thanks.

-- 
Bye, Peter Korsgaard



More information about the buildroot mailing list