ALAS-2014-391


Amazon Linux AMI Security Advisory: ALAS-2014-391
Advisory Release Date: 2014-09-19 11:59 Pacific
Severity: Medium

Issue Overview:

A flaw was discovered in the way OpenSSL handled DTLS packets. A remote attacker could use this flaw to cause a DTLS server or client using OpenSSL to crash or use excessive amounts of memory.

Multiple buffer overflows in crypto/srp/srp_lib.c in the SRP implementation in OpenSSL 1.0.1 before 1.0.1i allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an invalid SRP (1) g, (2) A, or (3) B parameter.

A flaw was found in the way OpenSSL handled fragmented handshake packets. A man-in-the-middle attacker could use this flaw to force a TLS/SSL server using OpenSSL to use TLS 1.0, even if both the client and the server supported newer protocol versions.

A NULL pointer dereference flaw was found in the way OpenSSL performed a handshake when using the anonymous Diffie-Hellman (DH) key exchange. A malicious server could cause a DTLS client using OpenSSL to crash if that client had anonymous DH cipher suites enabled.

It was discovered that the OBJ_obj2txt() function could fail to properly NUL-terminate its output. This could possibly cause an application using OpenSSL functions to format fields of X.509 certificates to disclose portions of its memory.

A race condition was found in the way OpenSSL handled ServerHello messages with an included Supported EC Point Format extension. A malicious server could possibly use this flaw to cause a multi-threaded TLS/SSL client using OpenSSL to write into freed memory, causing the client to crash or execute arbitrary code.

The ssl_set_client_disabled function in t1_lib.c in OpenSSL 1.0.1 before 1.0.1i allows remote SSL servers to cause a denial of service (NULL pointer dereference and client application crash) via a ServerHello message that includes an SRP ciphersuite without the required negotiation of that ciphersuite with the client.


Affected Packages:

openssl


Issue Correction:
Run yum update openssl to update your system.

New Packages:
i686:
    openssl-devel-1.0.1i-1.78.amzn1.i686
    openssl-debuginfo-1.0.1i-1.78.amzn1.i686
    openssl-perl-1.0.1i-1.78.amzn1.i686
    openssl-1.0.1i-1.78.amzn1.i686
    openssl-static-1.0.1i-1.78.amzn1.i686

src:
    openssl-1.0.1i-1.78.amzn1.src

x86_64:
    openssl-static-1.0.1i-1.78.amzn1.x86_64
    openssl-debuginfo-1.0.1i-1.78.amzn1.x86_64
    openssl-devel-1.0.1i-1.78.amzn1.x86_64
    openssl-1.0.1i-1.78.amzn1.x86_64
    openssl-perl-1.0.1i-1.78.amzn1.x86_64