ID

VAR-201406-0137

CVE

CVE-2014-0195

TITLE

OpenSSL of d1_both.c of dtls1_reassemble_fragment Vulnerability in arbitrary code execution in function

DESCRIPTION

The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DTLS packets. The issue lies in the assumption that all fragments specify the same message size. An attacker could leverage this vulnerability to execute code in the context of the process using OpenSSL. The following are vulnerable: OpenSSL 0.9.8 prior to 0.9.8za OpenSSL 1.0.0 prior to 1.0.0m OpenSSL 1.0.1 prior to 1.0.1h. OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the CCS Injection vulnerability (CVE-2014-0224). The updated packages have been upgraded to the 1.0.0m version where these security flaws has been fixed. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470 http://www.openssl.org/news/secadv_20140605.txt _______________________________________________________________________ Updated Packages: Mandriva Business Server 1/X86_64: 857d06ddc6423ad124b23eb760459033 mbs1/x86_64/lib64openssl1.0.0-1.0.0m-1.mbs1.x86_64.rpm d7436f2f95df5c1d64d44a745f125bd8 mbs1/x86_64/lib64openssl-devel-1.0.0m-1.mbs1.x86_64.rpm 67f6cd6da42f01fb2f6054a2f96872af mbs1/x86_64/lib64openssl-engines1.0.0-1.0.0m-1.mbs1.x86_64.rpm 5d7c5712c1ce70a2dd2596e803bc7004 mbs1/x86_64/lib64openssl-static-devel-1.0.0m-1.mbs1.x86_64.rpm 9866e03e1c112b0c4cb5587b142cfa63 mbs1/x86_64/openssl-1.0.0m-1.mbs1.x86_64.rpm 9ac714afa9a9b30419f2f1f5c9ec4e48 mbs1/SRPMS/openssl-1.0.0m-1.mbs1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. CVE-2014-0221 Imre Rad discovered the processing of DTLS hello packets is susceptible to denial of service. Additional information can be found at http://www.openssl.org/news/secadv_20140605.txt For the stable distribution (wheezy), these problems have been fixed in version 1.0.1e-2+deb7u10. You can use the tool checkrestart from the package debian-goodies to detect affected programs or reboot your system. There's also a forthcoming security update for the Linux kernel later the day (CVE-2014-3153), so you need to reboot anyway. Perfect timing, isn't it? For the unstable distribution (sid), these problems will be fixed soon. Corrected: 2014-06-05 12:32:38 UTC (stable/10, 10.0-STABLE) 2014-06-05 12:33:23 UTC (releng/10.0, 10.0-RELEASE-p5) 2014-06-05 12:53:06 UTC (stable/9, 9.3-BETA1) 2014-06-05 12:53:06 UTC (stable/9, 9.3-BETA1-p2) 2014-06-05 12:33:23 UTC (releng/9.2, 9.2-RELEASE-p8) 2014-06-05 12:33:23 UTC (releng/9.1, 9.1-RELEASE-p15) 2014-06-05 12:32:38 UTC (stable/8, 8.4-STABLE) 2014-06-05 12:33:23 UTC (releng/8.4, 8.4-RELEASE-p12) CVE Name: CVE-2014-0195, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:http://security.FreeBSD.org/>. Background FreeBSD includes software from the OpenSSL Project. II. [CVE-2014-3470] III. [CVE-2014-3470] IV. Workaround No workaround is available. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 10.0] # fetch http://security.FreeBSD.org/patches/SA-14:14/openssl-10.patch # fetch http://security.FreeBSD.org/patches/SA-14:14/openssl-10.patch.asc # gpg --verify openssl-10.patch.asc [FreeBSD 9.x and 8.x] # fetch http://security.FreeBSD.org/patches/SA-14:14/openssl-9.patch # fetch http://security.FreeBSD.org/patches/SA-14:14/openssl-9.patch.asc # gpg --verify openssl-9.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in <URL:http://www.FreeBSD.org/handbook/makeworld.html>. Restart all deamons using the library, or reboot the system. 3) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/8/ r267103 releng/8.4/ r267104 stable/9/ r267106 releng/9.1/ r267104 releng/9.2/ r267104 stable/10/ r267103 releng/10.0/ r267104 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: <URL:http://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> VII. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: openssl security update Advisory ID: RHSA-2014:0625-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0625.html Issue date: 2014-06-05 CVE Names: CVE-2010-5298 CVE-2014-0195 CVE-2014-0198 CVE-2014-0221 CVE-2014-0224 CVE-2014-3470 ===================================================================== 1. Summary: Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. (CVE-2014-0224) Note: In order to exploit this flaw, both the server and the client must be using a vulnerable version of OpenSSL; the server must be using OpenSSL version 1.0.1 and above, and the client must be using any version of OpenSSL. For more information about this flaw, refer to: https://access.redhat.com/site/articles/904433 A buffer overflow flaw was found in the way OpenSSL handled invalid DTLS packet fragments. (CVE-2014-0195) Multiple flaws were found in the way OpenSSL handled read and write buffers when the SSL_MODE_RELEASE_BUFFERS mode was enabled. A TLS/SSL client or server using OpenSSL could crash or unexpectedly drop connections when processing certain SSL traffic. (CVE-2010-5298, CVE-2014-0198) A denial of service flaw was found in the way OpenSSL handled certain DTLS ServerHello requests. A specially crafted DTLS handshake packet could cause a DTLS client using OpenSSL to crash. (CVE-2014-0221) A NULL pointer dereference flaw was found in the way OpenSSL performed anonymous Elliptic Curve Diffie Hellman (ECDH) key exchange. A specially crafted handshake packet could cause a TLS/SSL client that has the anonymous ECDH cipher suite enabled to crash. (CVE-2014-3470) Red Hat would like to thank the OpenSSL project for reporting these issues. Upstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter of CVE-2014-0224, Jüri Aedla as the original reporter of CVE-2014-0195, Imre Rad of Search-Lab as the original reporter of CVE-2014-0221, and Felix Gröbert and Ivan Fratrić of Google as the original reporters of CVE-2014-3470. All OpenSSL users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1087195 - CVE-2010-5298 openssl: freelist misuse causing a possible use-after-free 1093837 - CVE-2014-0198 openssl: SSL_MODE_RELEASE_BUFFERS NULL pointer dereference in do_ssl3_write() 1103586 - CVE-2014-0224 openssl: SSL/TLS MITM vulnerability 1103593 - CVE-2014-0221 openssl: DoS when sending invalid DTLS handshake 1103598 - CVE-2014-0195 openssl: Buffer overflow via DTLS invalid fragment 1103600 - CVE-2014-3470 openssl: client-side denial of service when using anonymous ECDH 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: openssl-1.0.1e-16.el6_5.14.src.rpm i386: openssl-1.0.1e-16.el6_5.14.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm x86_64: openssl-1.0.1e-16.el6_5.14.i686.rpm openssl-1.0.1e-16.el6_5.14.x86_64.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: openssl-1.0.1e-16.el6_5.14.src.rpm i386: openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm openssl-devel-1.0.1e-16.el6_5.14.i686.rpm openssl-perl-1.0.1e-16.el6_5.14.i686.rpm openssl-static-1.0.1e-16.el6_5.14.i686.rpm x86_64: openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm openssl-devel-1.0.1e-16.el6_5.14.i686.rpm openssl-devel-1.0.1e-16.el6_5.14.x86_64.rpm openssl-perl-1.0.1e-16.el6_5.14.x86_64.rpm openssl-static-1.0.1e-16.el6_5.14.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: openssl-1.0.1e-16.el6_5.14.src.rpm x86_64: openssl-1.0.1e-16.el6_5.14.i686.rpm openssl-1.0.1e-16.el6_5.14.x86_64.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: openssl-1.0.1e-16.el6_5.14.src.rpm x86_64: openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm openssl-devel-1.0.1e-16.el6_5.14.i686.rpm openssl-devel-1.0.1e-16.el6_5.14.x86_64.rpm openssl-perl-1.0.1e-16.el6_5.14.x86_64.rpm openssl-static-1.0.1e-16.el6_5.14.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: openssl-1.0.1e-16.el6_5.14.src.rpm i386: openssl-1.0.1e-16.el6_5.14.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm openssl-devel-1.0.1e-16.el6_5.14.i686.rpm ppc64: openssl-1.0.1e-16.el6_5.14.ppc.rpm openssl-1.0.1e-16.el6_5.14.ppc64.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.ppc.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.ppc64.rpm openssl-devel-1.0.1e-16.el6_5.14.ppc.rpm openssl-devel-1.0.1e-16.el6_5.14.ppc64.rpm s390x: openssl-1.0.1e-16.el6_5.14.s390.rpm openssl-1.0.1e-16.el6_5.14.s390x.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.s390.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.s390x.rpm openssl-devel-1.0.1e-16.el6_5.14.s390.rpm openssl-devel-1.0.1e-16.el6_5.14.s390x.rpm x86_64: openssl-1.0.1e-16.el6_5.14.i686.rpm openssl-1.0.1e-16.el6_5.14.x86_64.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm openssl-devel-1.0.1e-16.el6_5.14.i686.rpm openssl-devel-1.0.1e-16.el6_5.14.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: openssl-1.0.1e-16.el6_5.14.src.rpm i386: openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm openssl-perl-1.0.1e-16.el6_5.14.i686.rpm openssl-static-1.0.1e-16.el6_5.14.i686.rpm ppc64: openssl-debuginfo-1.0.1e-16.el6_5.14.ppc64.rpm openssl-perl-1.0.1e-16.el6_5.14.ppc64.rpm openssl-static-1.0.1e-16.el6_5.14.ppc64.rpm s390x: openssl-debuginfo-1.0.1e-16.el6_5.14.s390x.rpm openssl-perl-1.0.1e-16.el6_5.14.s390x.rpm openssl-static-1.0.1e-16.el6_5.14.s390x.rpm x86_64: openssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm openssl-perl-1.0.1e-16.el6_5.14.x86_64.rpm openssl-static-1.0.1e-16.el6_5.14.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: openssl-1.0.1e-16.el6_5.14.src.rpm i386: openssl-1.0.1e-16.el6_5.14.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm openssl-devel-1.0.1e-16.el6_5.14.i686.rpm x86_64: openssl-1.0.1e-16.el6_5.14.i686.rpm openssl-1.0.1e-16.el6_5.14.x86_64.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm openssl-devel-1.0.1e-16.el6_5.14.i686.rpm openssl-devel-1.0.1e-16.el6_5.14.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: openssl-1.0.1e-16.el6_5.14.src.rpm i386: openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm openssl-perl-1.0.1e-16.el6_5.14.i686.rpm openssl-static-1.0.1e-16.el6_5.14.i686.rpm x86_64: openssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm openssl-perl-1.0.1e-16.el6_5.14.x86_64.rpm openssl-static-1.0.1e-16.el6_5.14.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-5298.html https://www.redhat.com/security/data/cve/CVE-2014-0195.html https://www.redhat.com/security/data/cve/CVE-2014-0198.html https://www.redhat.com/security/data/cve/CVE-2014-0221.html https://www.redhat.com/security/data/cve/CVE-2014-0224.html https://www.redhat.com/security/data/cve/CVE-2014-3470.html https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/site/articles/904433 https://access.redhat.com/site/solutions/905793 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFTkGAKXlSAg2UNWIIRAnrwAJ9sLrj3wCAZhJU00jxgt03unDAHywCfVjUB pJJhdOUzRUL8R2haDM4xrsk= =hZF8 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce. These vulnerabilities include: * The SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "POODLE", which could be exploited remotely resulting in disclosure of information. - HP StoreVirtual VSA Software 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4130 600GB SAS Storage 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4130 600GB China SAS Storage 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4330 1TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4330 450GB SAS Storage 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4330 900GB SAS Storage 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4330 1TB MDL China SAS Storage 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4330 450GB China SAS Storage 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4330 900GB China SAS Storage 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4330 FC 900GB SAS Storage 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4330 FC 900GB China SAS Storage 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4530 2TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4530 3TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4530 450GB SAS Storage 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4530 600GB SAS Storage 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4630 900GB SAS Storage 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4730 600GB SAS Storage 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4730 900GB SAS Storage 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4730 FC 900GB SAS Storage 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4330 450GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4330 900GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4330 1TB MDL SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4530 3TB MDL SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4530 450GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4335 China Hybrid Storage 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4335 Hybrid Storage 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4530 4TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4130 600GB China SAS Storage 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4130 600GB SAS Storage 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4330 1TB MDL China SAS Storage 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4330 1TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4330 1TB MDL SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4330 450GB China SAS Storage 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4330 450GB SAS Storage 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4330 450GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4330 900GB China SAS Storage 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4330 900GB SAS Storage 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4330 900GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4330 FC 900GB China SAS Storage 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4330 FC 900GB SAS Storage 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4335 China Hybrid SAN Solution 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4335 China Hybrid Storage 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4335 Hybrid SAN Solution 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4335 Hybrid Storage 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4530 2TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4530 3TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4530 3TB MDL SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4530 450GB SAS Storage 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4530 450GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4530 4TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4530 600GB SAS Storage 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4530 600GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4630 900GB SAS Storage 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4730 600GB SAS Storage 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4730 600GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4730 900GB SAS Storage 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4730 900GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5 - HP StoreVirtual 4730 FC 900GB SAS Storage 12.6, 12.5, 12.0, 11.5 BACKGROUND CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector CVE-2010-5298 4.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L 4.0 (AV:N/AC:H/Au:N/C:N/I:P/A:P) CVE-2014-0076 4.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 1.9 (AV:L/AC:M/Au:N/C:P/I:N/A:N) CVE-2014-0195 7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2014-0198 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P) CVE-2014-0221 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P) CVE-2014-0224 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2014-3470 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P) CVE-2014-3566 3.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N) CVE-2016-0705 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C) Information on CVSS is documented in HPE Customer Notice HPSN-2008-002 here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499 RESOLUTION HPE recommends applying the following software updates to resolve the vulnerabilities in the impacted versions of HPE StoreVirtual products running HPE LeftHand OS. LeftHand OS v11.5 - Patches 45019-00 and 45020 LeftHand OS v12.0 - Patches 50016-00 and 50017-00 LeftHand OS v12.5 - Patch 55016-00 LeftHand OS v12.6 - Patch 56002-00 **Notes:** These patches enable TLSv1.2 protocol and upgrades the OpenSSL RPM revision to OpenSSL v1.0.1e 48. These patches migrate Certificate Authority Hashing Algorithm from a weak hashing algorithm SHA1 to the stronger hashing algorithm SHA256. Summary VMware product updates address OpenSSL security vulnerabilities. Problem Description a. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2014-0224, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470, CVE-2014-0221 and CVE-2014-0195 to these issues. The most important of these issues is CVE-2014-0224. CVE-2014-0198, CVE-2010-5298 and CVE-2014-3470 are considered to be of moderate severity. Exploitation is highly unlikely or is mitigated due to the application configuration. CVE-2014-0221 and CVE-2014-0195, which are listed in the OpenSSL Security Advisory (see Reference section below), do not affect any VMware products. For readability the affected products have been split into 3 tables below, based on the different client-server configurations and deployment scenarios. Applying these patches to affected servers will mitigate the affected clients (See Table 1 below). can be mitigated by using a secure network such as VPN (see Table 2 below). Clients and servers that are deployed on an isolated network are less exposed to CVE-2014-0224 (see Table 3 below). The affected products are typically deployed to communicate over the management network. RECOMMENDATIONS VMware recommends customers evaluate and deploy patches for affected Servers in Table 1 below as these patches become available. Patching these servers will remove the ability to exploit the vulnerability described in CVE-2014-0224 on both clients and servers. VMware recommends customers consider applying patches to products listed in Table 2 & 3 as required. Column 4 of the following tables lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============== ======= ======= ============= ESXi 5.5 ESXi ESXi550- 201406401-SG Big Data Extensions 1.1 patch pending Charge Back Manager 2.6 patch pending Horizon Workspace Server GATEWAY 1.8.1 patch pending Horizon Workspace Server GATEWAY 1.5 patch pending Horizon Workspace Server DATA 1.8.1 patch pending Horizon Mirage Edge Gateway 4.4.2 patch pending Horizon View 5.3.1 patch pending Horizon View Feature Pack 5.3 SP2 patch pending NSX for Multi-Hypervisor 4.1.2 patch pending NSX for Multi-Hypervisor 4.0.3 patch pending NSX for vSphere 6.0.4 patch pending NVP 3.2.2 patch pending vCAC 6.0.1 patch pending vCloud Networking and Security 5.5.2 patch pending vCloud Networking and Security 5.1.2 patch pending vFabric Web Server 5.3.4 patch pending vCHS - DPS-Data Protection 2.0 patch pending Service Table 2 ======== Affected clients running a vulnerable version of OpenSSL 0.9.8 or 1.0.1 and communicating over an untrusted network. VMware Product Running Replace with/ Product Version on Apply Patch ============== ======= ======= ============= vCSA 5.5 patch pending vCSA 5.1 patch pending vCSA 5.0 patch pending ESXi 5.1 ESXi patch pending ESXi 5.0 ESXi patch pending Workstation 10.0.2 any patch pending Workstation 9.0.3 any patch pending Fusion 6.x OSX patch pending Fusion 5.x OSX patch pending Player 10.0.2 any patch pending Player 9.0.3 any patch pending Chargeback Manager 2.5.x patch pending Horizon Workspace Client for 1.8.1 OSX patch pending Mac Horizon Workspace Client for 1.5 OSX patch pending Mac Horizon Workspace Client for 1.8.1 Windows patch pending Windows Horizon Workspace Client for 1.5 Windows patch pending OVF Tool 3.5.1 patch pending OVF Tool 3.0.1 patch pending vCenter Operations Manager 5.8.1 patch pending vCenter Support Assistant 5.5.0 patch pending vCenter Support Assistant 5.5.1 patch pending vCD 5.1.2 patch pending vCD 5.1.3 patch pending vCD 5.5.1.1 patch pending vCenter Site Recovery Manager 5.0.3.1 patch pending Table 3 ======= The following table lists all affected clients running a vulnerable version of OpenSSL 0.9.8 or 1.0.1 and communicating over an untrusted network. VMware Product Running Replace with/ Product Version on Apply Patch ============== ======= ======= ============= vCenter Server 5.5 any patch pending vCenter Server 5.1 any patch pending vCenter Server 5.0 any patch pending Update Manager 5.5 Windows patch pending Update Manager 5.1 Windows patch pending Update Manager 5.0 Windows patch pending Config Manager (VCM) 5.6 patch pending Horizon View Client 5.3.1 patch pending Horizon View Client 4.x patch pending Horizon Workspace 1.8.1 patch pending Horizon Workspace 1.5 patch pending ITBM Standard 1.0.1 patch pending ITBM Standard 1.0 patch pending Studio 2.6.0.0 patch pending Usage Meter 3.3 patch pending vCenter Chargeback Manager 2.6 patch pending vCenter Converter Standalone 5.5 patch pending vCenter Converter Standalone 5.1 patch pending vCD (VCHS) 5.6.2 patch pending vCenter Site Recovery Manager 5.5.1 patch pending vCenter Site Recovery Manager 5.1.1 patch pending vFabric Application Director 5.2.0 patch pending vFabric Application Director 5.0.0 patch pending View Client 5.3.1 patch pending View Client 4.x patch pending VIX API 5.5 patch pending VIX API 1.12 patch pending vMA (Management Assistant) 5.1.0.1 patch pending VMware Data Recovery 2.0.3 patch pending VMware vSphere CLI 5.5 patch pending vSphere Replication 5.5.1 patch pending vSphere Replication 5.6 patch pending vSphere SDK for Perl 5.5 patch pending vSphere Storage Appliance 5.5.1 patch pending vSphere Storage Appliance 5.1.3 patch pending vSphere Support Assistant 5.5.1 patch pending vSphere Support Assistant 5.5.0 patch pending vSphere Virtual Disk 5.5 patch pending Development Kit vSphere Virtual Disk 5.1 patch pending Development Kit vSphere Virtual Disk 5.0 patch pending Development Kit 4. Solution ESXi 5.5 ---------------------------- Download: https://www.vmware.com/patchmgr/download.portal Release Notes and Remediation Instructions: http://kb.vmware.com/kb/2077359 5. Change Log 2014-06-10 VMSA-2014-0006 Initial security advisory in conjunction with the release of ESXi 5.5 updates on 2014-06-10 - ----------------------------------------------------------------------- 7. Contact E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: security-announce at lists.vmware.com bugtraq at securityfocus.com fulldisclosure at seclists.org E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055 VMware Security Advisories http://www.vmware.com/security/advisories VMware Security Response Policy https://www.vmware.com/support/policies/security_response.html VMware Lifecycle Support Phases https://www.vmware.com/support/policies/lifecycle.html Twitter https://twitter.com/VMwareSRC Copyright 2014 VMware Inc. All rights reserved. Release Date: 2014-07-08 Last Updated: 2014-07-08 Potential Security Impact: Remote code execution, denial of service (DoS), disclosure of information Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP Operations Analytics. OpenSSL is a 3rd party product that is embedded with some HP Software products. The impacted products appear in the list below are vulnerable due to embedding of OpenSSL standard release software. References: CVE-2014-0195 Remote Unauthorized Access CVE-2014-0221 Remote Denial of Service (DoS) CVE-2014-0224 Remote Unauthorized Access or Disclosure of Information CVE-2014-3470 Remote Code Execution or Unauthorized Access SSRT101630 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Operations Analytics v2.0, v2.1 BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2014-0195 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-0221 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2014-0224 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-3470 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has provided the following guidline for HP Operations Analytics to resolve these vulnerabilities. Guidline: http://support.openview.hp.com/selfsolve/document/KM01020441 HISTORY Version:1 (rev.1) - 8 July 2014 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. The attack can only be performed between a vulnerable client *and* server. Thanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for discovering and researching this issue. This issue was reported to OpenSSL on 1st May 2014 via JPCERT/CC. The fix was developed by Stephen Henson of the OpenSSL core team partly based on an original patch from KIKUCHI Masashi. DTLS recursion flaw (CVE-2014-0221) ==================================== By sending an invalid DTLS handshake to an OpenSSL DTLS client the code can be made to recurse eventually crashing in a DoS attack. OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m. OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h. Thanks to Imre Rad (Search-Lab Ltd.) for discovering this issue. This issue was reported to OpenSSL on 9th May 2014. The fix was developed by Stephen Henson of the OpenSSL core team. OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m. OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h. Thanks to Jüri Aedla for reporting this issue. This issue was reported to OpenSSL on 23rd April 2014 via HP ZDI. The fix was developed by Stephen Henson of the OpenSSL core team. This flaw only affects OpenSSL 1.0.0 and 1.0.1 where SSL_MODE_RELEASE_BUFFERS is enabled, which is not the default and not common. OpenSSL 1.0.0 users should upgrade to 1.0.0m. OpenSSL 1.0.1 users should upgrade to 1.0.1h. This issue was reported in public. The fix was developed by Matt Caswell of the OpenSSL development team. SSL_MODE_RELEASE_BUFFERS session injection or denial of service (CVE-2010-5298) =============================================================================== A race condition in the ssl3_read_bytes function can allow remote attackers to inject data across sessions or cause a denial of service. This flaw only affects multithreaded applications using OpenSSL 1.0.0 and 1.0.1, where SSL_MODE_RELEASE_BUFFERS is enabled, which is not the default and not common. OpenSSL 1.0.0 users should upgrade to 1.0.0m. OpenSSL 1.0.1 users should upgrade to 1.0.1h. This issue was reported in public. OpenSSL 0.9.8 users should upgrade to 0.9.8za OpenSSL 1.0.0 users should upgrade to 1.0.0m. OpenSSL 1.0.1 users should upgrade to 1.0.1h. Thanks to Felix Gröbert and Ivan Fratrić at Google for discovering this issue. This issue was reported to OpenSSL on 28th May 2014. The fix was developed by Stephen Henson of the OpenSSL core team. Other issues ============ OpenSSL 1.0.0m and OpenSSL 0.9.8za also contain a fix for CVE-2014-0076: Fix for the attack described in the paper "Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack" Reported by Yuval Yarom and Naomi Benger. This issue was previously fixed in OpenSSL 1.0.1g. References ========== URL for this Security Advisory: http://www.openssl.org/news/secadv_20140605.txt Note: the online version of the advisory may be updated with additional details over time. HP Systems Insight Manager v7.3 Hotfix kit HP Systems Insight Manager v7.2 Hotfix kit http://h18013.www1.hp.com/products/servers/management/hpsim/download.html NOTE: No reboot of the system is required after applying the HP SIM Hotfix kit. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-079: EMC Documentum Content Server Multiple Vulnerabilities EMC Identifier: ESA-2014-079 CVE Identifier: See below for individual CVEs Severity Rating: CVSS v2 Base Score: See below for individual CVSS score for each CVE Affected products: \x95 All EMC Documentum Content Server versions of 7.1 prior to P07 \x95 All EMC Documentum Content Server versions of 7.0 \x95 All EMC Documentum Content Server versions of 6.7 SP2 prior to P16 \x95 All EMC Documentum Content Server versions of 6.7 SP1 \x95 All EMC Documentum Content Server versions prior to 6.7 SP1 Summary: EMC Documentum Content Server contains fixes for multiple vulnerabilities which also include vulnerabilities disclosed by the OpenSSL project on June 5, 2014 in OpenSSL. Details: EMC Documentum Content Server may be susceptible to the following vulnerabilities: \x95 Arbitrary Code Execution (CVE-2014-4618): Authenticated non-privileged users can potentially execute Documentum methods with higher level privileges (up to and including superuser privileges) due to improper authorization checks being performed on user-created system objects. CVSS v2 Base Score: 8.2 (AV:N/AC:M/Au:S/C:C/I:C/A:P) \x95 DQL Injection (CVE-2014-2520): Certain DQL hints in EMC Documentum Content Server may be potentially exploited by an authenticated non-privileged malicious user to conduct DQL injection attacks and read the database contents. CVSS v2 Base Score: 6.3 (AV:N/AC:M/Au:S/C:C/I:N/A:N) \x95 Information Disclosure (CVE-2014-2521): Authenticated non-privileged users are allowed to retrieve meta-data of unauthorized system objects due to improper authorization checks being performed on certain RPC commands in Content Server. CVSS v2 Base Score: 6.3 (AV:N/AC:M/Au:S/C:C/I:N/A:N) \x95 Multiple OpenSSL vulnerabilities (See individual CVEs below and refer to NVD for each of their scores): SSL/TLS Man-in-the-middle (MITM) vulnerability (CVE-2014-0224) DTLS recursion flaw (CVE-2014-0221) DTLS invalid fragment vulnerability (CVE-2014-0195) SSL_MODE_RELEASE_BUFFERS NULL pointer deference (CVE-2014-0198) SSL_MODE_RELEASE_BUFFERS session injection or denial of service (CVE-2010-5298) Anonymous ECDH denial of service (CVE-2014-3470) FLUSH + RELOAD cache side-channel attack (CVE-2014-0076) For more information about these vulnerabilities, please visit the original OpenSSL advisory https://www.openssl.org/news/secadv_20140605.txt Resolution: The following versions contain the resolution for these issues: \x95 EMC Documentum Content Server version 7.1 P07 and later \x95 EMC Documentum Content Server version 7.0: Hotfixes are available for Windows & Linux. Contact EMC Support to obtain them. For Solaris and AIX, contact EMC Support to open Hotfix requests. \x95 EMC Documentum Content Server version 6.7 SP2 P16 and later \x95 EMC Documentum Content Server version 6.7 SP1: Hotfixes are available for Windows & Linux. Contact EMC Support to obtain them. For Solaris and AIX, contact EMC Support to open Hotfix requests. EMC recommends all customers to upgrade to one of the above versions at the earliest opportunity. Link to remedies: Registered EMC Online Support customers can download patches and software from support.emc.com at: https://support.emc.com/downloads/2732_Documentum-Server For Hotfix, contact EMC Support. Read and use the information in this EMC Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this product alert, contact EMC Software Technical Support at 1-877-534-2867. For an explanation of Severity Ratings, refer to EMC Knowledgebase solution emc218831. EMC recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability. EMC Corporation distributes EMC Security Advisories, in order to bring to the attention of users of the affected EMC products, important security information. EMC recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. EMC disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall EMC or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if EMC or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply

AFFECTED PRODUCTS