Last Updated: 2016-03-01 14:41:23 UTC
by Johannes Ullrich (Version: 1)
As announced last week, an update to the OpenSSL library and tools was released today. The update fixes 6 vulnerabilities and disables weak ciphers in the default build for SSLv3 and higher. SSLv2 is also no longer included in the default build. Also the "req" app used to create certificate signing requests will now create 2048 bit keys by default just like other parts of OpenSSL.
CVE-2016-0799 is probably the only vulnerability with some potential of remote code execution. But its exposure is limited.
CVE-2016-0800: Disable SSLv2 default build, default negotiations, and weak ciphers
This patch will make it less likely that SSLv2 is used. A developer will have to specifically request SSLv2 to be used, and any "version flexible" methods will use SSLv3. SSlv2 40 bit EXPORT ciphers, and 56 bit DES is no longer available as these ciphers can be brute forced easily (for a long time now).
CVE-2016-0705: Fix a double free in DSA Code
If OpenSSL parses corrupt private DSA keys, a memory corruption and denial of service may be triggered. For the most part, private keys are configured by administrators and only in very few cases, an attacker may be able to provide a private key. Exposure of this vulnerability is unlikely.
CVE-2016-0798: Disable SRP fake user seed to address a server memory leak
This patch introduces a new function, SRP_VBASE_get1_by_user which will replace SRP_VBASE_get_by_user. The new function ignores a "fake user" SRP seed that lead to the memory leak.
CVE-2016-0797: Fix BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption
If large ammounts of data are passed to BN_hex2nb/BN_dec2bn, then a heap corruption can occur. This function is used to parse configuration data, that tends to be trusted and the bug is unlikely to be exploitable.
CVE-2016-0799: Fix memory issues in BIO_*printf functions
Details about the BIO_*printf function vulnerability were released already, giving attackers a slight head start on this one. However, exploitation is unlikely. Applications could use the function directly and expose it that way. OpenSSL only uses it to print human-readable dumps of ASN.1 data, which tends not to happen in servers (more likely in the command line utilities that are used interactively).
CVE-2016-0702: Fix side channel attack on modular exponentiation
This fixes a problem specific to Intel's Sandy Bridge CPUs. The vulnerability could lead to leaks of private keys if the attacker's code runs on the same CPU core as te SSL code using the key.