httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 47649] New: OpenSSL version is out of date; Upgrade to 0.9.8k
Date Wed, 05 Aug 2009 20:23:52 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=47649

           Summary: OpenSSL version is out of date; Upgrade to 0.9.8k
           Product: Apache httpd-2
           Version: 2.2.12
          Platform: PC
        OS/Version: Windows Server 2003
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Win32 MSI Installer
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: business2008@rodneybeede.com


--- Comment #0 from Rodney <business2008@rodneybeede.com> 2009-08-05 13:23:50 PDT ---
OpenSSL bundled with the Win32 installer comes with an out-of-date version of
OpenSSL.

OpenSSL version 0.9.8k should be used which resolves the following issues:

---------------

OpenSSL before 0.9.8k are affected by multiple vulnerabilities:

ASN1 printing crash (CVE-2009-0590). The ASN1_STRING_print_ex function in
affected versions of OpenSSL could allow remote attackers to cause a denial of
service (invalid memory access and application crash) via vectors that trigger
printing of a BMPString or UniversalString with an invalid length.
Incorrect Error Checking During CMS verification (CVE-2009-0591). When CMS is
enabled, the CMS_verify function does not properly handle errors associated
with malformed signed attributes. This could allow remote attackers to
repudiate a signature that originally appeared to be valid but was actually
invalid.
Invalid ASN1 clearing check (CVE-2009-0789). On WIN64 and certain other
platforms affected versions of OpenSSL do not properly handle a malformed ASN.1
structure. This could allow remote attackers to cause a denial of service
(invalid memory access and application crash) by placing this structure in the
public key of a certificate, as demonstrated by an RSA public key.

--------------

Multiple OpenSSL DTLS Denial of Service Vulnerabilities

The dtls1_buffer_record function in OpenSSL 0.9.8k and earlier could allow
remote attackers to cause a denial of service (memory consumption) via a large
series of "future epoch" DTLS records that are buffered in a queue, aka "DTLS
record buffer limitation bug". (CVE-2009-1377)

OpenSSL 0.9.8 up to and including 0.9.8k could allow remote attackers to cause
a denial of service (memory consumption) via DTLS records that are duplicates,
or have sequence numbers much greater than current sequence numbers (DTLS
fragment handling memory leak). (CVE-2009-1378)

OpenSSL 1.0.0 Beta2 contains a use-after-free vulnerability in the
dtls1_retrieve_fragment function. This could allow remote attackers to cause a
denial of service (openssl s_client crash) and possibly have unspecified other
impact vua a DTLS packet, as demonstrated by a packet from a server that uses a
crafted server certificate. (CVE-2009-1379)

The dtls1_retrieve_buffered_fragment function in OpenSSL before 1.0.0 beta2
could allow remote attackers to cause a denial of service (NULL pointer
dereference and daemon crash) via an out-of-sequence DTLS handshake message,
related to a "fragment bug". (CVE-2009-1387)

---------------

OpenSSL DSA/ECDSA "EVP_VerifyFinal()" Spoofing Vulnerability

OpenSSL before 0.9.8j does not properly check the return value from the
EVP_VerifyFinal function. This could allow remote attackers to bypass
validation of the certificate chain via a malformed SSL/TLS signature for DSA
and ECDSA keys.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message