openssl-1.0.1e-16.AXS4.14

エラータID: AXSA:2014-381:03

Release date: 
Monday, June 9, 2014 - 18:30
Subject: 
openssl-1.0.1e-16.AXS4.14
Affected Channels: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
High
Description: 

OpenSSL is a toolkit for supporting cryptography. The openssl-devel package contains include files needed to develop applications which support various cryptographic algorithms and protocols.

Security issues fixed with this release:

• CVE-2010-5298
Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment.

• CVE-2014-0195
The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment.

• CVE-2014-0198
The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition.

• CVE-2014-0221
The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake.

• CVE-2014-0224
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability.

• CVE-2014-3470
The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value.

Solution: 

Update packages.

CVEs: 
CVE-2010-5298
Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment.
CVE-2014-0195
The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment.
CVE-2014-0198
The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition.
CVE-2014-0221
The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake.
CVE-2014-0224
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability.
CVE-2014-3470
The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value.




Additional Info: 

N/A

Download: 

SRPMS
  1. openssl-1.0.1e-16.AXS4.14.src.rpm
    MD5: d9ef26fe963cbc7e5d0c9eca3c6c38b4
    SHA-256: aaa2b1c5d51140bad930605c19435fa526803f084d70d66adefd481747c96efb
    Size: 2.98 MB

Asianux Server 4 for x86
  1. openssl-1.0.1e-16.AXS4.14.i686.rpm
    MD5: 0f6b91e7ae5f702143de267d078f7780
    SHA-256: 05fb97bc99546554bd781ce768390aa0a8548853b137c89f04c748c76824799e
    Size: 1.50 MB
  2. openssl-devel-1.0.1e-16.AXS4.14.i686.rpm
    MD5: 528b1af766d2c5f07bc3c90c65d1ca6c
    SHA-256: fece5f2cb8701a158ae3c182ea880e8525524c14cc00fe46b7f5badfaf56ea9c
    Size: 1.16 MB

Asianux Server 4 for x86_64
  1. openssl-1.0.1e-16.AXS4.14.x86_64.rpm
    MD5: 6e538ddb234aad3be96d4fb3d3e547f5
    SHA-256: 44072f6a8c7e2f967b370dae2088f503bbc3835819e0bf3d5bab7815638ce180
    Size: 1.51 MB
  2. openssl-devel-1.0.1e-16.AXS4.14.x86_64.rpm
    MD5: bcc2caf370a1e0afc06bb12b1cac2f13
    SHA-256: 78b2de4bfd13aa8ed7753f163a831230124112a66fd41db64482323b6dd72c66
    Size: 1.16 MB
  3. openssl-1.0.1e-16.AXS4.14.i686.rpm
    MD5: 0f6b91e7ae5f702143de267d078f7780
    SHA-256: 05fb97bc99546554bd781ce768390aa0a8548853b137c89f04c748c76824799e
    Size: 1.50 MB
  4. openssl-devel-1.0.1e-16.AXS4.14.i686.rpm
    MD5: 528b1af766d2c5f07bc3c90c65d1ca6c
    SHA-256: fece5f2cb8701a158ae3c182ea880e8525524c14cc00fe46b7f5badfaf56ea9c
    Size: 1.16 MB