Update OpenSSL from 1.1.1s to 1.1.1t #2901
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[Change-log](https://www.openssl.org/news/cl111.txt): > Changes between 1.1.1s and 1.1.1t [7 Feb 2023] > > *) Fixed X.400 address type confusion in X.509 GeneralName. > > There is a type confusion vulnerability relating to X.400 address processing > inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING > but subsequently interpreted by GENERAL_NAME_cmp as an ASN1_TYPE. This > vulnerability may allow an attacker who can provide a certificate chain and > CRL (neither of which need have a valid signature) to pass arbitrary > pointers to a memcmp call, creating a possible read primitive, subject to > some constraints. Refer to the advisory for more information. Thanks to > David Benjamin for discovering this issue. (CVE-2023-0286) > > This issue has been fixed by changing the public header file definition of > GENERAL_NAME so that x400Address reflects the implementation. It was not > possible for any existing application to successfully use the existing > definition; however, if any application references the x400Address field > (e.g. in dead code), note that the type of this field has changed. There is > no ABI change. > [Hugo Landau] > > *) Fixed Use-after-free following BIO_new_NDEF. > > The public API function BIO_new_NDEF is a helper function used for > streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL > to support the SMIME, CMS and PKCS7 streaming capabilities, but may also > be called directly by end user applications. > > The function receives a BIO from the caller, prepends a new BIO_f_asn1 > filter BIO onto the front of it to form a BIO chain, and then returns > the new head of the BIO chain to the caller. Under certain conditions, > for example if a CMS recipient public key is invalid, the new filter BIO > is freed and the function returns a NULL result indicating a failure. > However, in this case, the BIO chain is not properly cleaned up and the > BIO passed by the caller still retains internal pointers to the previously > freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO > then a use-after-free will occur. This will most likely result in a crash. > (CVE-2023-0215) > [Viktor Dukhovni, Matt Caswell] > > *) Fixed Double free after calling PEM_read_bio_ex. > > The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and > decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload > data. If the function succeeds then the "name_out", "header" and "data" > arguments are populated with pointers to buffers containing the relevant > decoded data. The caller is responsible for freeing those buffers. It is > possible to construct a PEM file that results in 0 bytes of payload data. > In this case PEM_read_bio_ex() will return a failure code but will populate > the header argument with a pointer to a buffer that has already been freed. > If the caller also frees this buffer then a double free will occur. This > will most likely lead to a crash. > > The functions PEM_read_bio() and PEM_read() are simple wrappers around > PEM_read_bio_ex() and therefore these functions are also directly affected. > > These functions are also called indirectly by a number of other OpenSSL > functions including PEM_X509_INFO_read_bio_ex() and > SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL > internal uses of these functions are not vulnerable because the caller does > not free the header argument if PEM_read_bio_ex() returns a failure code. > (CVE-2022-4450) > [Kurt Roeckx, Matt Caswell] > > *) Fixed Timing Oracle in RSA Decryption. > > A timing based side channel exists in the OpenSSL RSA Decryption > implementation which could be sufficient to recover a plaintext across > a network in a Bleichenbacher style attack. To achieve a successful > decryption an attacker would have to be able to send a very large number > of trial messages for decryption. The vulnerability affects all RSA padding > modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. > (CVE-2022-4304) > [Dmitry Belyavsky, Hubert Kario]
|
1.1.1.u ETA 30.5. |
Sign in
to join this conversation on GitHub.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Tested on invidia: