FreeBSD Security Advisories
2021-Aug-24 20:53 UTC
FreeBSD Security Advisory FreeBSD-SA-21:17.openssl
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================FreeBSD-SA-21:17.openssl Security Advisory The FreeBSD Project Topic: Multiple vulnerabilities in OpenSSL Category: contrib Module: openssl Announced: 2021-08-24 Affects: FreeBSD 12.2 and FreeBSD 11.4 Corrected: 2021-02-18 23:55:09 UTC (stable/12, 12.2-STABLE) 2021-08-24 18:32:22 UTC (releng/12.2, 12.2-RELEASE-p10) 2021-02-19 16:21:03 UTC (stable/11, 11.4-STABLE) 2021-08-24 18:31:34 UTC (releng/11.4, 11.4-RELEASE-p13) CVE Name: CVE-2021-23840, CVE-2021-23841 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:https://security.FreeBSD.org/>. I. Background FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured Open Source toolkit for the Transport Layer Security (TLS) protocol. It is also a general-purpose cryptography library. II. Problem Description This advisory covers two distinct OpenSSL issues: Calls to EVP_CipherUpdate(), EVP_EncryptUpdate() and EVP_DecryptUpdate() may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. [CVE-2021-23840] The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). [CVE-2021-23841] III. Impact The integer overflow in EVP_*Update() could cause applications to behave incorrectly or crash leading to a potential denial of service attack. The X509_issuer_and_serial_hash() issue may result in a NULL pointer dereference and a crash leading to a potential denial of service attack. IV. Workaround No workaround is available. The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources. V. Solution Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. Perform one of the following: 1) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the amd64, i386, or (on FreeBSD 13 and later) arm64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 12.2] # fetch https://security.FreeBSD.org/patches/SA-21:17/openssl.12.patch # fetch https://security.FreeBSD.org/patches/SA-21:17/openssl.12.patch.asc # gpg --verify openssl.12.patch.asc [FreeBSD 11.4] # fetch https://security.FreeBSD.org/patches/SA-21:17/openssl.11.patch # fetch https://security.FreeBSD.org/patches/SA-21:17/openssl.11.patch.asc # gpg --verify openssl.11.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. Restart all daemons that use the library, or reboot the system. VI. Correction details This issue is corrected by the corresponding Git commit hash or Subversion revision number in the following stable and release branches: Branch/path Hash Revision - ------------------------------------------------------------------------- stable/12/ r369284 releng/12.2/ r370397 stable/11/ r369299 releng/11.4/ r370389 - ------------------------------------------------------------------------- Run the following command to see which files were modified by a particular revision, replacing NNNNNN with the revision number: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: <URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> VII. References <URL:https://www.openssl.org/news/secadv/20210216.txt> <URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23840> <URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23841> The latest revision of this advisory is available at <URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-21:17.openssl.asc> -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmElV18ACgkQ05eS9J6n 5cIngA/9Hncs91cNHSVTuvNvrATmpxpnCyiphivR297oiDKRCOoHxA7W8AAigSQH gNM8XGZ8aANmoGfh7M86V5Dvlq0qeRn0Pe8cEus53OumEqpbSkMu97ftv7gFkM/S +uEEoNA+pK/lrupQQ7gAHwWbzaNumJwGXpH/FLh865TjngvI2hFW41TfMxHQvymf tAIzRdg/QYASnXTXBn56ad0i34v+/Z4Cz6XFJ4bBkqPJpiCvzJPWB37CSxw1D6YM 4w5yBhu7db1VJKLP89/YnRnsB4ryOE5cCGtg086pa2DdacB63XTEgc/m90UtfHYl Dk6LVr79SqFPDRukNCTBozcwkHr8aKSg1eR4o2vV3yfq5OUhHmCA9FXstyxXPYe+ DjtSG8X9m/XKiz4Eok2EIv3PwBT29M3lVnKG20kvpxoguOUTg4VLtyyDIZxKmNpY XC3OAmUViDS9iEA8uqKjUEt5YEsNvs6qIKasZHdznST04nuEimIiMUOD57odwL7M rAeJu4GBPHJqNQsfFPRddjrVimnUtGHFDW5r4JtqPP5sZZCIBplWuMzay875EYCL amYGuewZhsacUSgUktsFPrM9z8rd24k86IPn3PEIwsVbubDDz40Q1/v1McgquZ0n boUnhYSRG5qVgOItsikahk1OpQMQhsXDRo6RotGdl90pqdngNjQ=T3/+ -----END PGP SIGNATURE-----