VARIoT IoT vulnerabilities database
| VAR-201406-0213 | CVE-2014-4003 | SAP System Landscape Directory Unauthorized Access Vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
The System Landscape Directory (SLD) in SAP NetWeaver allows remote attackers to modify information via vectors related to adding a system. SAP is the world's leading provider of enterprise management software solutions. SAP System Landscape Directory is prone to an unauthorized-access vulnerability.
Successful exploits will allow attackers to gain unauthorized access and modify sensitive information, which may aid in further attacks.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Onapsis Security Advisory 2014-020: SAP SLD Information Tampering
1. Impact on Business
=====================
By exploiting this vulnerability, a remote unauthenticated attacker
might be able to
modify technical information about the SAP systems potentially leading
to a full compromise of all business information.
Risk Level: High
2. Advisory Information
=======================
- -- Public Release Date: 2014-06-06
- -- Subscriber Notification Date: 2014-06-06
- -- Last Revised: 2014-06-06
- -- Security Advisory ID: ONAPSIS-2014-020
- -- Onapsis SVS ID: ONAPSIS-SVS00081
- -- Researchers: Jordan Santarsieri, Pablo Muller, Juan Perez-Etchegoyen
- -- Initial Base CVSS v2: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
3. Vulnerability Information
============================
- -- Vendor: SAP
- -- Affected Components:
* SAP System Landscape Directory (available in all SAP JAVA App Servers)
(Check SAP Note 1939334 for detailed information on affected releases)
- -- Vulnerability Class: Improper Handling of Insufficient Permissions
or Privileges (CWE-280)
- -- Remotely Exploitable: Yes
- -- Locally Exploitable: No
- -- Authentication Required: No
- -- Original Advisory:
http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-020
4.
5.
Technical details about this issue are not disclosed at this moment with
the purpose of
providing enough time to affected customers to patch their systems and
protect against
the exploitation of the described vulnerability.
6. Solution
===========
SAP has released SAP Note 1939334 which provide patched versions of the
affected components.
The patches can be downloaded from
https://service.sap.com/sap/support/notes/1939334.
Onapsis strongly recommends SAP customers to download the related
security fixes and apply them to the affected
components in order to reduce business risks.
7.
2014-02-11: SAP releases security patches.
2014-05-30: Onapsis notifies availability of security advisory to
security mailing lists.
About Onapsis, Inc.
===================
Onapsis provides innovative security software solutions to protect ERP
systems from cyber-attacks. Through unmatched ERP security, compliance
and continuous monitoring products, Onapsis secures the
business-critical infrastructure of its global customers against
espionage, sabotage and financial fraud threats.
Onapsis X1, the company's flagship product, is the industry's first
comprehensive solution for the automated security assessment of SAP
platforms. Being the first and only SAP-certified solution of its kind,
Onapsis X1 allows customers to perform automated Vulnerability
Assessments, Security & Compliance Audits and Penetration Tests over
their entire SAP platform.
Onapsis is backed by the Onapsis Research Labs, a world-renowned team of
SAP & ERP security experts who are continuously invited to lecture at
the leading IT security conferences, such as RSA and BlackHat, and
featured by mainstream media such as CNN, Reuters, IDG and New York Times.
For further information about our solutions, please contact us at
info@onapsis.com and visit our website at www.onapsis.com.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Onapsis Research Team
iEYEARECAAYFAlOR3fUACgkQz3i6WNVBcDWrjwCdFC60a5sqq2hol1xAYYt0NczH
fZwAn0St6TPuqLg210wpu2LM+bTDNY2S
=2YwW
-----END PGP SIGNATURE-----
------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------
| VAR-201406-0220 | CVE-2014-4010 | SAP Transaction Data Pool Vulnerabilities that gain access |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
SAP Transaction Data Pool has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. SAP is the world's leading provider of enterprise management software solutions. SAP's multiple components have hard-coded usernames that allow attackers to exploit vulnerabilities to obtain sensitive information. These components include: SAP Project System SAP Structures SAP Project-Oriented Procurement SAP Brazil Specific Add-On SAP Oil Industry Solution Traders and Schedulers Workbench SAP Upgrade Tools SAP Web Services Tool SAP CCMS Monitoring SAP Transaction Data Pool SAP Capacity Leveling SAP Open Hub Service. Multiple SAP Components are prone to an information-disclosure vulnerability.
An attacker can exploit this issue to gain unauthorized access to the affected application
| VAR-201406-0222 | CVE-2014-4012 | SAP Open Hub Service Vulnerabilities that gain access |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
SAP Open Hub Service has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. SAP is the world's leading provider of enterprise management software solutions. SAP's multiple components have hard-coded usernames that allow attackers to exploit vulnerabilities to obtain sensitive information. These components include: SAP Project System SAP Structures SAP Project-Oriented Procurement SAP Brazil Specific Add-On SAP Oil Industry Solution Traders and Schedulers Workbench SAP Upgrade Tools SAP Web Services Tool SAP CCMS Monitoring SAP Transaction Data Pool SAP Capacity Leveling SAP Open Hub Service. Multiple SAP Components are prone to an information-disclosure vulnerability.
An attacker can exploit this issue to gain unauthorized access to the affected application
| VAR-201406-0216 | CVE-2014-4006 | SAP Trader's and Scheduler's Workbench for Oil & Gas Vulnerabilities that gain access |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The SAP Trader's and Scheduler's Workbench (TSW) for SAP Oil & Gas has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. SAP is the world's leading provider of enterprise management software solutions. SAP's multiple components have hard-coded usernames that allow attackers to exploit vulnerabilities to obtain sensitive information. These components include: SAP Project System SAP Structures SAP Project-Oriented Procurement SAP Brazil Specific Add-On SAP Oil Industry Solution Traders and Schedulers Workbench SAP Upgrade Tools SAP Web Services Tool SAP CCMS Monitoring SAP Transaction Data Pool SAP Capacity Leveling SAP Open Hub Service. Multiple SAP Components are prone to an information-disclosure vulnerability.
An attacker can exploit this issue to gain unauthorized access to the affected application
| VAR-201406-0215 | CVE-2014-4005 | SAP Brazil add-on Vulnerabilities that gain access |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
SAP Brazil add-on has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. SAP is the world's leading provider of enterprise management software solutions. SAP's multiple components have hard-coded usernames that allow attackers to exploit vulnerabilities to obtain sensitive information. These components include: SAP Project System SAP Structures SAP Project-Oriented Procurement SAP Brazil Specific Add-On SAP Oil Industry Solution Traders and Schedulers Workbench SAP Upgrade Tools SAP Web Services Tool SAP CCMS Monitoring SAP Transaction Data Pool SAP Capacity Leveling SAP Open Hub Service. Multiple SAP Components are prone to an information-disclosure vulnerability.
An attacker can exploit this issue to gain unauthorized access to the affected application
| VAR-201406-0221 | CVE-2014-4011 | SAP Capacity Leveling Vulnerabilities that gain access |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
SAP Capacity Leveling has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. SAP is the world's leading provider of enterprise management software solutions. SAP's multiple components have hard-coded usernames that allow attackers to exploit vulnerabilities to obtain sensitive information. These components include: SAP Project System SAP Structures SAP Project-Oriented Procurement SAP Brazil Specific Add-On SAP Oil Industry Solution Traders and Schedulers Workbench SAP Upgrade Tools SAP Web Services Tool SAP CCMS Monitoring SAP Transaction Data Pool SAP Capacity Leveling SAP Open Hub Service. Multiple SAP Components are prone to an information-disclosure vulnerability.
An attacker can exploit this issue to gain unauthorized access to the affected application
| VAR-201406-0218 | CVE-2014-4008 | SAP Web Services Tool Vulnerabilities that gain access |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
SAP Web Services Tool (CA-WUI-WST) has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. SAP is the world's leading provider of enterprise management software solutions. SAP's multiple components have hard-coded usernames that allow attackers to exploit vulnerabilities to obtain sensitive information. These components include: SAP Project System SAP Structures SAP Project-Oriented Procurement SAP Brazil Specific Add-On SAP Oil Industry Solution Traders and Schedulers Workbench SAP Upgrade Tools SAP Web Services Tool SAP CCMS Monitoring SAP Transaction Data Pool SAP Capacity Leveling SAP Open Hub Service. Multiple SAP Components are prone to an information-disclosure vulnerability.
An attacker can exploit this issue to gain unauthorized access to the affected application
| VAR-201406-0214 | CVE-2014-4004 | SAP Project System Vulnerabilities in which access rights are acquired |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The (1) Structures and (2) Project-Oriented Procurement components in SAP Project System has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. SAP is the world's leading provider of enterprise management software solutions. SAP's multiple components have hard-coded usernames that allow attackers to exploit vulnerabilities to obtain sensitive information. These components include: SAP Project System SAP Structures SAP Project-Oriented Procurement SAP Brazil Specific Add-On SAP Oil Industry Solution Traders and Schedulers Workbench SAP Upgrade Tools SAP Web Services Tool SAP CCMS Monitoring SAP Transaction Data Pool SAP Capacity Leveling SAP Open Hub Service. Multiple SAP Components are prone to an information-disclosure vulnerability.
An attacker can exploit this issue to gain unauthorized access to the affected application
| VAR-201406-0217 | CVE-2014-4007 | SAP Upgrade tools for ABAP Vulnerabilities that gain access |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The SAP Upgrade tools for ABAP has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. SAP is the world's leading provider of enterprise management software solutions. SAP's multiple components have hard-coded usernames that allow attackers to exploit vulnerabilities to obtain sensitive information. These components include: SAP Project System SAP Structures SAP Project-Oriented Procurement SAP Brazil Specific Add-On SAP Oil Industry Solution Traders and Schedulers Workbench SAP Upgrade Tools SAP Web Services Tool SAP CCMS Monitoring SAP Transaction Data Pool SAP Capacity Leveling SAP Open Hub Service. Multiple SAP Components are prone to an information-disclosure vulnerability.
An attacker can exploit this issue to gain unauthorized access to the affected application
| VAR-201406-0219 | CVE-2014-4009 | SAP CCMS Monitoring Vulnerabilities that gain access |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
SAP CCMS Monitoring (BC-CCM-MON) has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. SAP is the world's leading provider of enterprise management software solutions. SAP's multiple components have hard-coded usernames that allow attackers to exploit vulnerabilities to obtain sensitive information. These components include: SAP Project System SAP Structures SAP Project-Oriented Procurement SAP Brazil Specific Add-On SAP Oil Industry Solution Traders and Schedulers Workbench SAP Upgrade Tools SAP Web Services Tool SAP CCMS Monitoring SAP Transaction Data Pool SAP Capacity Leveling SAP Open Hub Service. Multiple SAP Components are prone to an information-disclosure vulnerability.
An attacker can exploit this issue to gain unauthorized access to the affected application
| VAR-201406-0301 | CVE-2014-3278 | Cisco Unified Communications Domain Manager of VOSS of Web Account enumeration vulnerability in the framework |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) does not properly implement access control, which allows remote attackers to enumerate accounts by visiting an unspecified BVSMWeb web page, aka Bug IDs CSCun39619 and CSCun45572. Vendors have confirmed this vulnerability Bug ID CSCun39619 and CSCun45572 It is released as.Unspecified by a third party BVSMWeb Web Accessing the page may enumerate your account.
An attacker may leverage this issue to harvest valid user accounts, which may aid in brute-force attacks.
This issue being tracked by Cisco Bug IDs CSCun39619, CSCun45572. This component features scalable, distributed, and highly available enterprise Voice over IP call processing
| VAR-201406-0166 | CVE-2014-4190 | Huawei Campus Heap-Based Buffer Overflow Vulnerability in Series Switch Software |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Multiple heap-based buffer overflows in Huawei Campus Series Switches S3700HI, S5700, S6700, S3300HI, S5300, S6300, S9300, S7700, and LSW S9700 with software V200R001 before V200R001SPH013; S5700, S6700, S5300, and S6300 with software V200R002 before V200R002SPH005; S7700, S9300, S9300E, S5300, S5700, S6300, S6700, S2350, S2750, and LSW S9700 with software V200R003 before V200R003SPH005; and S7700, S9300, S9300E, and LSW S9700 with software V200R005 before V200R005C00SPC300 allow remote attackers to cause a denial of service (device restart) via a crafted length field in a packet. Huawei Campus Series Switches is China's Huawei series of Campus switches. A heap buffer overflow vulnerability exists in Huawei Campus Series Switches. The program failed to restrict access to heap memory. An attacker could exploit the vulnerability to cause a denial of service. The Huawei Campus family router has a boundary error when processing certain length fields in the packet. Because the packet is overflowed by sending a specially crafted packet, the affected device is restarted
| VAR-201411-0111 | CVE-2014-8950 | Check Point Security Gateway Service disruption in (DoS) Vulnerabilities |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
Unspecified vulnerability in Check Point Security Gateway R77 and R77.10, when the (1) URL Filtering or (2) Identity Awareness blade is used, allows remote attackers to cause a denial of service (crash) via vectors involving an HTTPS request. Check Point Security Gateways is a security gateway device from CheckPoint. There are multiple denial of service vulnerabilities in Check Point Security Gateways: 1. There are multiple related services, such as PS blade, IPsec Remote Access, Mobile Access / SSL VPN blade, SSL Network Extender, Identify Awareness blade, HTTPS Inspection, UserCheck, and Data. Errors can cause system instability. 2, the relevant URL Filtering blade and Application Control blade have errors, which can cause the system to hang. 3. There is an error in redirecting to the UserChec page, which can cause the system to crash. It provides security functions such as unified security policies, URL filtering, and anti-virus.
Successfully exploiting this issue allows remote attackers to cause denial-of-service conditions
| VAR-201411-0130 | CVE-2014-8951 | Check Point Security Gateway Service disruption in (DoS) Vulnerabilities |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
Unspecified vulnerability in Check Point Security Gateway R75, R76, R77, and R77.10, when UserCheck is enabled and the (1) Application Control, (2) URL Filtering, (3) DLP, (4) Threat Emulation, (5) Anti-Bot, or (6) Anti-Virus blade is used, allows remote attackers to cause a denial of service (fwk0 process crash, core dump, and restart) via a redirect to the UserCheck page. Check Point Security Gateways is a security gateway device from CheckPoint. There are multiple denial of service vulnerabilities in Check Point Security Gateways: 1. There are multiple related services, such as PS blade, IPsec Remote Access, Mobile Access / SSL VPN blade, SSL Network Extender, Identify Awareness blade, HTTPS Inspection, UserCheck, and Data. Errors can cause system instability. 2, the relevant URL Filtering blade and Application Control blade have errors, which can cause the system to hang. 3. There is an error in redirecting to the UserChec page, which can cause the system to crash. 4, related URL Filtering or Identity Awareness has a security vulnerability, an attacker can exploit the vulnerability to crash the system. It provides security functions such as unified security policies, URL filtering, and anti-virus.
Successfully exploiting this issue allows remote attackers to cause denial-of-service conditions
| VAR-201411-0131 | CVE-2014-8952 | Check Point Security Gateway Service disruption in (DoS) Vulnerabilities |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
Multiple unspecified vulnerabilities in Check Point Security Gateway R75.40VS, R75.45, R75.46, R75.47, R76, R77, and R77.10, when the (1) IPS blade, (2) IPsec Remote Access, (3) Mobile Access / SSL VPN blade, (4) SSL Network Extender, (5) Identify Awareness blade, (6) HTTPS Inspection, (7) UserCheck, or (8) Data Leak Prevention blade module is enabled, allow remote attackers to cause a denial of service ("stability issue") via an unspecified "traffic condition.". Check Point Security Gateway If the following modules are enabled, service disruption (" Stability issue ") There are vulnerabilities that are put into a state. Errors can cause system instability. 2, the relevant URL Filtering blade and Application Control blade have errors, which can cause the system to hang. 3. There is an error in redirecting to the UserChec page, which can cause the system to crash. 4, related URL Filtering or Identity Awareness has a security vulnerability, an attacker can exploit the vulnerability to crash the system. It provides security functions such as unified security policies, URL filtering, and anti-virus.
Successfully exploiting this issue allows remote attackers to cause denial-of-service conditions
| VAR-201406-0445 | CVE-2014-0224 |
OpenSSL is vulnerable to a man-in-the-middle attack
Related entries in the VARIoT exploits database: VAR-E-201204-0003, VAR-E-201204-0002, VAR-E-201204-0001 |
CVSS V2: 5.8 CVSS V3: 7.4 Severity: HIGH |
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability. OpenSSL is vulnerable to a man-in-the-middle attack.
Successfully exploiting this issue may allow attackers to obtain sensitive information by conducting a man-in-the-middle attack. This may lead to other attacks.
HP Integrity SD2 CB900s i2 and i4 Server firmware bundle versions prior to
3.7.98.
Note: For versions not listed, please contact support:
Note: ServiceCenter 6.2 is impacted only if using the Directory Services
integration feature with the SC LDAP over SSL (LDAPS) protocol. If this
feature is in use, HP recommends that ServiceCenter 6.2 customers upgrade to
Service Manager 7.11, 9.21, or 9.34, and then apply the patches listed below.
Patch Version
Package Name / SSO URL
SM711P22
AIX Server 7.11.720 p22
https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse
arch/document/LID/HPSM_00614
HP Itanium Server 7.11.720 p22
https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse
arch/document/LID/HPSM_00615
HP parisc Server 7.11.720 p22
https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse
arch/document/LID/HPSM_00616
Linux x86 Server 7.11.720 p22
https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse
arch/document/LID/HPSM_00617
Solaris Server 7.11.720 p22
https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse
arch/document/LID/HPSM_00618
Windows Server 7.11.720 p22
https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse
arch/document/LID/HPSM_00619
SM921P9
AIX server 9.21.706 P9
https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse
arch/document/LID/HPSM_00621
HPUX/IA server 9.21.706 P9
https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse
arch/document/LID/HPSM_00622
HPUX/PA server 9.21.706 P9
https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse
arch/document/LID/HPSM_00623
Linux server 9.21.706 P9
https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse
arch/document/LID/HPSM_00624
Solaris server 9.21.706 P9
https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse
arch/document/LID/HPSM_00625
Windows server 9.21.706 P9
https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse
arch/document/LID/HPSM_00626
SM934P2
AIX Server 9.34.2003 p2
https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse
arch/document/LID/HPSM_00605
HP Itanium Server 9.34.2003 p2
https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse
arch/document/LID/HPSM_00606
Linux Server 9.34.2003 p2
https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse
arch/document/LID/HPSM_00607
Solaris Server 9.34.2003 p2
https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse
arch/document/LID/HPSM_00608
Windows Server 9.34.2003 p2
https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse
arch/document/LID/HPSM_00609
HISTORY
Version:1 (rev.1) - 22 January 2015 Initial release
Version:2 (rev.2) - 23 January 2015 added note for versions not listed in
table.
HP Command View for Tape Libraries (CVTL) v3.8.00
The update can be found at the following location:
1. Go to http://www.hp.com/support/cvtl
2. Select HP Command View for Tape Libraries Software
3. Select Software updates & Licensing
4. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201407-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: OpenSSL: Multiple vulnerabilities
Date: July 27, 2014
Bugs: #512506
ID: 201407-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in OpenSSL, possibly allowing
remote attackers to execute arbitrary code.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-libs/openssl < 1.0.1h-r1 *>= 0.9.8z_p5
*>= 0.9.8z_p4
*>= 0.9.8z_p1
*>= 0.9.8z_p3
*>= 0.9.8z_p2
*>= 1.0.0m
>= 1.0.1h-r1
Description
===========
Multiple vulnerabilities have been discovered in OpenSSL. Please review
the OpenSSL Security Advisory [05 Jun 2014] and the CVE identifiers
referenced below for details.
Impact
======
A remote attacker could send specially crafted DTLS fragments to an
OpenSSL DTLS client or server to possibly execute arbitrary code with
the privileges of the process using OpenSSL.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All OpenSSL users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.1h-r1"
References
==========
[ 1 ] CVE-2010-5298
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-5298
[ 2 ] CVE-2014-0195
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0195
[ 3 ] CVE-2014-0198
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0198
[ 4 ] CVE-2014-0221
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0221
[ 5 ] CVE-2014-0224
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0224
[ 6 ] CVE-2014-3470
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3470
[ 7 ] OpenSSL Security Advisory [05 Jun 2014]
http://www.openssl.org/news/secadv_20140605.txt
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201407-05.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2014 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
.
References: CVE-2014-0224, SSRT101637
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. The bulletin does not apply to any other 3rd party application
(e.g. operating system, web server, or application server) that may be
required to be installed by the customer according instructions in the
product install guide. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04363613
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04363613
Version: 1
HPSBMU03065 rev.1 - HP Operations Analytics, OpenSSL Vulnerability, SSL/TLS,
Remote Code Execution, Denial of Service (DoS), Disclosure of Information
NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.
Release Date: 2014-07-08
Last Updated: 2014-07-08
Potential Security Impact: Remote code execution, denial of service (DoS),
disclosure of information
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
A potential security vulnerability has been identified with HP Operations
Analytics. The vulnerability could be exploited to allow remote code
execution, denial of service (DoS) and disclosure of information. OpenSSL
is a 3rd party product that is embedded with some HP Software products. This
bulletin notifies HP Software customers about products affected by the
OpenSSL vulnerabilities
Note: OpenSSL vulnerabilities, are vulnerabilities found in the OpenSSL
product cryptographic software library product. The impacted products
appear in the list below are vulnerable due to embedding of OpenSSL standard
release software.
References:
CVE-2014-0195 Remote Unauthorized Access
CVE-2014-0221 Remote Denial of Service (DoS)
CVE-2014-0224 Remote Unauthorized Access or Disclosure of Information
CVE-2014-3470 Remote Code Execution or Unauthorized Access
SSRT101630
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP Operations Analytics v2.0, v2.1
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2014-0195 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8
CVE-2014-0221 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3
CVE-2014-0224 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8
CVE-2014-3470 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following guidline for HP Operations Analytics to resolve
these vulnerabilities.
Guidline: http://support.openview.hp.com/selfsolve/document/KM01020441
HISTORY
Version:1 (rev.1) - 8 July 2014 Initial release
Third Party Security Patches: Third party security patches that are to be
installed on systems running HP software products should be applied in
accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security
Bulletin, contact normal HP Services support channel. For other issues about
the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported
product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin
alerts via Email:
http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is
available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in
the title by the two characters following HPSB.
3C = 3COM
3P = 3rd Party Software
GN = HP General Software
HF = HP Hardware and Firmware
MP = MPE/iX
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PI = Printing and Imaging
PV = ProCurve
ST = Storage Software
TU = Tru64 UNIX
UX = HP-UX
Copyright 2014 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors
or omissions contained herein. The information provided is provided "as is"
without warranty of any kind. To the extent permitted by law, neither HP or
its affiliates, subcontractors or suppliers will be liable for
incidental,special or consequential damages including downtime cost; lost
profits; damages relating to the procurement of substitute products or
services; or damages for loss of data, or software restoration. The
information in this document is subject to change without notice.
Hewlett-Packard Company and the names of Hewlett-Packard products referenced
herein are trademarks of Hewlett-Packard Company in the United States and
other countries. Other product and company names mentioned herein may be
trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Important: Red Hat JBoss Enterprise Application Platform 5.2.0 security update
Advisory ID: RHSA-2014:0630-01
Product: Red Hat JBoss Enterprise Application Platform
Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0630.html
Issue date: 2014-06-05
CVE Names: CVE-2014-0224
=====================================================================
1. Summary:
An update for Red Hat JBoss Enterprise Application Platform 5.2.0 that
fixes one security issue is now available from the Red Hat Customer Portal.
The Red Hat Security Response Team has rated this update as having
Important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.
2. Description:
Red Hat JBoss Enterprise Application Platform is a platform for Java
applications, which integrates the JBoss Application Server with JBoss
Hibernate and JBoss Seam.
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols, as well as a
full-strength, general purpose cryptography library.
It was found that OpenSSL clients and servers could be forced, via a
specially crafted handshake packet, to use weak keying material for
communication. A man-in-the-middle attacker could use this flaw to decrypt
and modify traffic between a client and a server. Red Hat JBoss Enterprise Application Platform includes OpenSSL
0.9.8e, so this flaw is only exploitable when OpenSSL in JBoss EAP is used
as a client, communicating with a vulnerable server running OpenSSL version
1.0.1 and above. For more information about this flaw, refer to:
https://access.redhat.com/site/articles/904433
Red Hat would like to thank the OpenSSL project for reporting this issue.
Upstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter
of this issue.
All users of Red Hat JBoss Enterprise Application Platform 5.2.0 as
provided from the Red Hat Customer Portal are advised to apply this update.
The JBoss server process must be restarted for this update to take effect.
3. Solution:
The References section of this erratum contains a download link (you must
log in to download the update). Before applying this update, back up your
existing Red Hat JBoss Enterprise Application Platform installation and
deployed applications (including all applications and configuration files).
4. References:
https://www.redhat.com/security/data/cve/CVE-2014-0224.html
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/site/articles/904433
https://access.redhat.com/site/solutions/906533
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform&downloadType=securityPatches&version=5.2.0
6. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2014 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFTkIb/XlSAg2UNWIIRAkOCAJ9XqUMKtoK0p+zJjK2zMsXIBHPwDwCfdkox
AN/OXHh6dPJ4n0ttLhaJtiA=
=A3Sq
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
| VAR-201406-0137 | CVE-2014-0195 |
OpenSSL DTLS Fragment Out-Of-Bounds Write Remote Code Execution Vulnerability
Related entries in the VARIoT exploits database: VAR-E-201204-0003, VAR-E-201204-0002, VAR-E-201204-0001 |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DTLS packets. The issue lies in the assumption that all fragments specify the same message size. An attacker could leverage this vulnerability to execute code in the context of the process using OpenSSL.
The following are vulnerable:
OpenSSL 0.9.8 prior to 0.9.8za
OpenSSL 1.0.0 prior to 1.0.0m
OpenSSL 1.0.1 prior to 1.0.1h.
Corrected: 2014-06-05 12:32:38 UTC (stable/10, 10.0-STABLE)
2014-06-05 12:33:23 UTC (releng/10.0, 10.0-RELEASE-p5)
2014-06-05 12:53:06 UTC (stable/9, 9.3-BETA1)
2014-06-05 12:53:06 UTC (stable/9, 9.3-BETA1-p2)
2014-06-05 12:33:23 UTC (releng/9.2, 9.2-RELEASE-p8)
2014-06-05 12:33:23 UTC (releng/9.1, 9.1-RELEASE-p15)
2014-06-05 12:32:38 UTC (stable/8, 8.4-STABLE)
2014-06-05 12:33:23 UTC (releng/8.4, 8.4-RELEASE-p12)
CVE Name: CVE-2014-0195, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:http://security.FreeBSD.org/>. Background
FreeBSD includes software from the OpenSSL Project.
II. [CVE-2014-3470]
III. [CVE-2014-3470]
IV. Workaround
No workaround is available.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to a supported FreeBSD stable or
release / security branch (releng) dated after the correction date.
2) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
[FreeBSD 10.0]
# fetch http://security.FreeBSD.org/patches/SA-14:14/openssl-10.patch
# fetch http://security.FreeBSD.org/patches/SA-14:14/openssl-10.patch.asc
# gpg --verify openssl-10.patch.asc
[FreeBSD 9.x and 8.x]
# fetch http://security.FreeBSD.org/patches/SA-14:14/openssl-9.patch
# fetch http://security.FreeBSD.org/patches/SA-14:14/openssl-9.patch.asc
# gpg --verify openssl-9.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as
described in <URL:http://www.FreeBSD.org/handbook/makeworld.html>.
Restart all deamons using the library, or reboot the system.
3) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/8/ r267103
releng/8.4/ r267104
stable/9/ r267106
releng/9.1/ r267104
releng/9.2/ r267104
stable/10/ r267103
releng/10.0/ r267104
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:http://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. 7) - x86_64
3.
The attack can only be performed between a vulnerable client *and*
server.
Thanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for discovering and
researching this issue. This issue was reported to OpenSSL on 1st May
2014 via JPCERT/CC.
The fix was developed by Stephen Henson of the OpenSSL core team partly based
on an original patch from KIKUCHI Masashi.
DTLS recursion flaw (CVE-2014-0221)
====================================
By sending an invalid DTLS handshake to an OpenSSL DTLS client the code
can be made to recurse eventually crashing in a DoS attack.
OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za
OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m.
OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h.
Thanks to Imre Rad (Search-Lab Ltd.) for discovering this issue. This
issue was reported to OpenSSL on 9th May 2014.
The fix was developed by Stephen Henson of the OpenSSL core team.
OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za
OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m.
OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h.
Thanks to Jüri Aedla for reporting this issue. This issue was
reported to OpenSSL on 23rd April 2014 via HP ZDI.
The fix was developed by Stephen Henson of the OpenSSL core team. This flaw
only affects OpenSSL 1.0.0 and 1.0.1 where SSL_MODE_RELEASE_BUFFERS is
enabled, which is not the default and not common.
OpenSSL 1.0.0 users should upgrade to 1.0.0m.
OpenSSL 1.0.1 users should upgrade to 1.0.1h.
This issue was reported in public. The fix was developed by
Matt Caswell of the OpenSSL development team.
SSL_MODE_RELEASE_BUFFERS session injection or denial of service (CVE-2010-5298)
===============================================================================
A race condition in the ssl3_read_bytes function can allow remote
attackers to inject data across sessions or cause a denial of service.
This flaw only affects multithreaded applications using OpenSSL 1.0.0
and 1.0.1, where SSL_MODE_RELEASE_BUFFERS is enabled, which is not the
default and not common.
OpenSSL 1.0.0 users should upgrade to 1.0.0m.
OpenSSL 1.0.1 users should upgrade to 1.0.1h.
This issue was reported in public.
OpenSSL 0.9.8 users should upgrade to 0.9.8za
OpenSSL 1.0.0 users should upgrade to 1.0.0m.
OpenSSL 1.0.1 users should upgrade to 1.0.1h.
Thanks to Felix Gröbert and Ivan Fratrić at Google for discovering this
issue. This issue was reported to OpenSSL on 28th May 2014.
The fix was developed by Stephen Henson of the OpenSSL core team.
Other issues
============
OpenSSL 1.0.0m and OpenSSL 0.9.8za also contain a fix for
CVE-2014-0076: Fix for the attack described in the paper "Recovering
OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
Reported by Yuval Yarom and Naomi Benger. This issue was previously
fixed in OpenSSL 1.0.1g.
References
==========
URL for this Security Advisory:
http://www.openssl.org/news/secadv_20140605.txt
Note: the online version of the advisory may be updated with additional
details over time. The
updates are available from the following location using ftp:
ftp://srt03046:Secure12@ftp.usa.hp.com
User name: srt03046
Password: Secure12 ( NOTE: Case sensitive)
HP-UX Release
HP-UX OpenSSL version
B.11.11 (11i v1)
A.00.09.08za.001_HP-UX_B.11.11_32+64.depot
B.11.23 (11i v2)
A.00.09.08za.002_HP-UX_B.11.23_IA-PA.depot
B.11.31 (11i v3)
A.00.09.08za.003_HP-UX_B.11.31_IA-PA.depot
MANUAL ACTIONS: Yes - Update
Install OpenSSL A.00.09.08za or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application
that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins
issued by HP and lists recommended actions that may apply to a specific HP-UX
system. It can also download patches and create a depot automatically. For
more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Important: openssl security update
Advisory ID: RHSA-2014:0625-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0625.html
Issue date: 2014-06-05
CVE Names: CVE-2010-5298 CVE-2014-0195 CVE-2014-0198
CVE-2014-0221 CVE-2014-0224 CVE-2014-3470
=====================================================================
1. Summary:
Updated openssl packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having
Important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64
3. Description:
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols, as well as a
full-strength, general purpose cryptography library.
It was found that OpenSSL clients and servers could be forced, via a
specially crafted handshake packet, to use weak keying material for
communication. A man-in-the-middle attacker could use this flaw to decrypt
and modify traffic between a client and a server. (CVE-2014-0224)
Note: In order to exploit this flaw, both the server and the client must be
using a vulnerable version of OpenSSL; the server must be using OpenSSL
version 1.0.1 and above, and the client must be using any version of
OpenSSL. For more information about this flaw, refer to:
https://access.redhat.com/site/articles/904433
A buffer overflow flaw was found in the way OpenSSL handled invalid DTLS
packet fragments. (CVE-2014-0195)
Multiple flaws were found in the way OpenSSL handled read and write buffers
when the SSL_MODE_RELEASE_BUFFERS mode was enabled. A TLS/SSL client or
server using OpenSSL could crash or unexpectedly drop connections when
processing certain SSL traffic. (CVE-2010-5298, CVE-2014-0198)
A denial of service flaw was found in the way OpenSSL handled certain DTLS
ServerHello requests. A specially crafted DTLS handshake packet could cause
a DTLS client using OpenSSL to crash. (CVE-2014-0221)
A NULL pointer dereference flaw was found in the way OpenSSL performed
anonymous Elliptic Curve Diffie Hellman (ECDH) key exchange. A specially
crafted handshake packet could cause a TLS/SSL client that has the
anonymous ECDH cipher suite enabled to crash. (CVE-2014-3470)
Red Hat would like to thank the OpenSSL project for reporting these issues.
Upstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter
of CVE-2014-0224, Jüri Aedla as the original reporter of CVE-2014-0195,
Imre Rad of Search-Lab as the original reporter of CVE-2014-0221, and Felix
Gröbert and Ivan Fratrić of Google as the original reporters of
CVE-2014-3470.
All OpenSSL users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. For the update to take
effect, all services linked to the OpenSSL library (such as httpd and other
SSL-enabled services) must be restarted or the system rebooted.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1087195 - CVE-2010-5298 openssl: freelist misuse causing a possible use-after-free
1093837 - CVE-2014-0198 openssl: SSL_MODE_RELEASE_BUFFERS NULL pointer dereference in do_ssl3_write()
1103586 - CVE-2014-0224 openssl: SSL/TLS MITM vulnerability
1103593 - CVE-2014-0221 openssl: DoS when sending invalid DTLS handshake
1103598 - CVE-2014-0195 openssl: Buffer overflow via DTLS invalid fragment
1103600 - CVE-2014-3470 openssl: client-side denial of service when using anonymous ECDH
6. Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source:
openssl-1.0.1e-16.el6_5.14.src.rpm
i386:
openssl-1.0.1e-16.el6_5.14.i686.rpm
openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm
x86_64:
openssl-1.0.1e-16.el6_5.14.i686.rpm
openssl-1.0.1e-16.el6_5.14.x86_64.rpm
openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm
openssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
Source:
openssl-1.0.1e-16.el6_5.14.src.rpm
i386:
openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm
openssl-devel-1.0.1e-16.el6_5.14.i686.rpm
openssl-perl-1.0.1e-16.el6_5.14.i686.rpm
openssl-static-1.0.1e-16.el6_5.14.i686.rpm
x86_64:
openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm
openssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm
openssl-devel-1.0.1e-16.el6_5.14.i686.rpm
openssl-devel-1.0.1e-16.el6_5.14.x86_64.rpm
openssl-perl-1.0.1e-16.el6_5.14.x86_64.rpm
openssl-static-1.0.1e-16.el6_5.14.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source:
openssl-1.0.1e-16.el6_5.14.src.rpm
x86_64:
openssl-1.0.1e-16.el6_5.14.i686.rpm
openssl-1.0.1e-16.el6_5.14.x86_64.rpm
openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm
openssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
Source:
openssl-1.0.1e-16.el6_5.14.src.rpm
x86_64:
openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm
openssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm
openssl-devel-1.0.1e-16.el6_5.14.i686.rpm
openssl-devel-1.0.1e-16.el6_5.14.x86_64.rpm
openssl-perl-1.0.1e-16.el6_5.14.x86_64.rpm
openssl-static-1.0.1e-16.el6_5.14.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source:
openssl-1.0.1e-16.el6_5.14.src.rpm
i386:
openssl-1.0.1e-16.el6_5.14.i686.rpm
openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm
openssl-devel-1.0.1e-16.el6_5.14.i686.rpm
ppc64:
openssl-1.0.1e-16.el6_5.14.ppc.rpm
openssl-1.0.1e-16.el6_5.14.ppc64.rpm
openssl-debuginfo-1.0.1e-16.el6_5.14.ppc.rpm
openssl-debuginfo-1.0.1e-16.el6_5.14.ppc64.rpm
openssl-devel-1.0.1e-16.el6_5.14.ppc.rpm
openssl-devel-1.0.1e-16.el6_5.14.ppc64.rpm
s390x:
openssl-1.0.1e-16.el6_5.14.s390.rpm
openssl-1.0.1e-16.el6_5.14.s390x.rpm
openssl-debuginfo-1.0.1e-16.el6_5.14.s390.rpm
openssl-debuginfo-1.0.1e-16.el6_5.14.s390x.rpm
openssl-devel-1.0.1e-16.el6_5.14.s390.rpm
openssl-devel-1.0.1e-16.el6_5.14.s390x.rpm
x86_64:
openssl-1.0.1e-16.el6_5.14.i686.rpm
openssl-1.0.1e-16.el6_5.14.x86_64.rpm
openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm
openssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm
openssl-devel-1.0.1e-16.el6_5.14.i686.rpm
openssl-devel-1.0.1e-16.el6_5.14.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
Source:
openssl-1.0.1e-16.el6_5.14.src.rpm
i386:
openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm
openssl-perl-1.0.1e-16.el6_5.14.i686.rpm
openssl-static-1.0.1e-16.el6_5.14.i686.rpm
ppc64:
openssl-debuginfo-1.0.1e-16.el6_5.14.ppc64.rpm
openssl-perl-1.0.1e-16.el6_5.14.ppc64.rpm
openssl-static-1.0.1e-16.el6_5.14.ppc64.rpm
s390x:
openssl-debuginfo-1.0.1e-16.el6_5.14.s390x.rpm
openssl-perl-1.0.1e-16.el6_5.14.s390x.rpm
openssl-static-1.0.1e-16.el6_5.14.s390x.rpm
x86_64:
openssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm
openssl-perl-1.0.1e-16.el6_5.14.x86_64.rpm
openssl-static-1.0.1e-16.el6_5.14.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source:
openssl-1.0.1e-16.el6_5.14.src.rpm
i386:
openssl-1.0.1e-16.el6_5.14.i686.rpm
openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm
openssl-devel-1.0.1e-16.el6_5.14.i686.rpm
x86_64:
openssl-1.0.1e-16.el6_5.14.i686.rpm
openssl-1.0.1e-16.el6_5.14.x86_64.rpm
openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm
openssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm
openssl-devel-1.0.1e-16.el6_5.14.i686.rpm
openssl-devel-1.0.1e-16.el6_5.14.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
Source:
openssl-1.0.1e-16.el6_5.14.src.rpm
i386:
openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm
openssl-perl-1.0.1e-16.el6_5.14.i686.rpm
openssl-static-1.0.1e-16.el6_5.14.i686.rpm
x86_64:
openssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm
openssl-perl-1.0.1e-16.el6_5.14.x86_64.rpm
openssl-static-1.0.1e-16.el6_5.14.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2010-5298.html
https://www.redhat.com/security/data/cve/CVE-2014-0195.html
https://www.redhat.com/security/data/cve/CVE-2014-0198.html
https://www.redhat.com/security/data/cve/CVE-2014-0221.html
https://www.redhat.com/security/data/cve/CVE-2014-0224.html
https://www.redhat.com/security/data/cve/CVE-2014-3470.html
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/site/articles/904433
https://access.redhat.com/site/solutions/905793
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2014 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFTkGAKXlSAg2UNWIIRAnrwAJ9sLrj3wCAZhJU00jxgt03unDAHywCfVjUB
pJJhdOUzRUL8R2haDM4xrsk=
=hZF8
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce.
Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/openssl-1.0.1h-i486-1_slack14.1.txz: Upgraded.
+--------------------------+
Where to find the new packages:
+-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated packages for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8za-i486-1_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8za-i486-1_slack13.0.txz
Updated packages for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8za-x86_64-1_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8za-x86_64-1_slack13.0.txz
Updated packages for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8za-i486-1_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8za-i486-1_slack13.1.txz
Updated packages for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8za-x86_64-1_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8za-x86_64-1_slack13.1.txz
Updated packages for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8za-i486-1_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8za-i486-1_slack13.37.txz
Updated packages for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8za-x86_64-1_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8za-x86_64-1_slack13.37.txz
Updated packages for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1h-i486-1_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1h-i486-1_slack14.0.txz
Updated packages for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1h-x86_64-1_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1h-x86_64-1_slack14.0.txz
Updated packages for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1h-i486-1_slack14.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1h-i486-1_slack14.1.txz
Updated packages for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1h-x86_64-1_slack14.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1h-x86_64-1_slack14.1.txz
Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1h-i486-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1h-i486-1.txz
Updated packages for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1h-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1h-x86_64-1.txz
MD5 signatures:
+-------------+
Slackware 13.0 packages:
634b8ecc8abc6d3f249b73d0fefa5959 openssl-0.9.8za-i486-1_slack13.0.txz
a2529f1243d42a3608f61b96236b5f60 openssl-solibs-0.9.8za-i486-1_slack13.0.txz
Slackware x86_64 13.0 packages:
2ddac651c5f2531f3a7f70d9f5823bd6 openssl-0.9.8za-x86_64-1_slack13.0.txz
d7ffeb15713a587f642fbb3d5c310c75 openssl-solibs-0.9.8za-x86_64-1_slack13.0.txz
Slackware 13.1 packages:
0b84a6a1edf76cba83d4c52c54196baa openssl-0.9.8za-i486-1_slack13.1.txz
dfd5d241b0e1703ae9d70d6ccda06179 openssl-solibs-0.9.8za-i486-1_slack13.1.txz
Slackware x86_64 13.1 packages:
bd749622577a5f76a59d90b95aa922fd openssl-0.9.8za-x86_64-1_slack13.1.txz
35cf911dd9f0cc13f7f0056d9e1f4520 openssl-solibs-0.9.8za-x86_64-1_slack13.1.txz
Slackware 13.37 packages:
8f674defac9002c81265d284b1072f75 openssl-0.9.8za-i486-1_slack13.37.txz
48ce79e7714cb0c823d2b6ea4a88ba51 openssl-solibs-0.9.8za-i486-1_slack13.37.txz
Slackware x86_64 13.37 packages:
efa09162c22782c15806bca99472c5be openssl-0.9.8za-x86_64-1_slack13.37.txz
8e3b8d1e3d3a740bd274fbe38dc10f96 openssl-solibs-0.9.8za-x86_64-1_slack13.37.txz
Slackware 14.0 packages:
8e2698d19f54c7e0cac8f998df23b782 openssl-1.0.1h-i486-1_slack14.0.txz
cf6233bc169cf6dd192bb7210f779fc1 openssl-solibs-1.0.1h-i486-1_slack14.0.txz
Slackware x86_64 14.0 packages:
2b4f0610d5e46fa7bb27a0b39f0d6d33 openssl-1.0.1h-x86_64-1_slack14.0.txz
18fdd83dcf86204275508a689a017dea openssl-solibs-1.0.1h-x86_64-1_slack14.0.txz
Slackware 14.1 packages:
49aea7da42eef41da894f29762971863 openssl-1.0.1h-i486-1_slack14.1.txz
6f19f4fdc3f018b4e821c519d7bb1e5c openssl-solibs-1.0.1h-i486-1_slack14.1.txz
Slackware x86_64 14.1 packages:
ccf5ff2b107c665a4f3bf98176937749 openssl-1.0.1h-x86_64-1_slack14.1.txz
ea1aaba38c98b096186ca94ca541a793 openssl-solibs-1.0.1h-x86_64-1_slack14.1.txz
Slackware -current packages:
db1ed7ded71ab503f567940fff39eb16 a/openssl-solibs-1.0.1h-i486-1.txz
0db4f91f9b568b2b2629950e5ab88b22 n/openssl-1.0.1h-i486-1.txz
Slackware x86_64 -current packages:
d01aef33335bee27f36574241f54091f a/openssl-solibs-1.0.1h-x86_64-1.txz
95a743d21c58f39573845d6ec5270656 n/openssl-1.0.1h-x86_64-1.txz
Installation instructions:
+------------------------+
Upgrade the packages as root:
# upgradepkg openssl-1.0.1h-i486-1_slack14.1.txz openssl-solibs-1.0.1h-i486-1_slack14.1.txz
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address.
CVE-2014-0221
Imre Rad discovered the processing of DTLS hello packets is
susceptible to denial of service.
Additional information can be found at
http://www.openssl.org/news/secadv_20140605.txt
For the stable distribution (wheezy), these problems have been fixed in
version 1.0.1e-2+deb7u10. You can use the tool checkrestart from the package
debian-goodies to detect affected programs or reboot your system. There's
also a forthcoming security update for the Linux kernel later the day
(CVE-2014-3153), so you need to reboot anyway. Perfect timing, isn't it?
For the unstable distribution (sid), these problems will be fixed soon. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2014-09-17-3 OS X Mavericks 10.9.5 and Security Update
2014-004
OS X Mavericks 10.9.5 and Security Update 2014-004 are now available
and address the following:
apache_mod_php
Available for: OS X Mavericks 10.9 to 10.9.4
Impact: Multiple vulnerabilities in PHP 5.4.24
Description: Multiple vulnerabilities existed in PHP 5.4.24, the
most serious of which may have led to arbitrary code execution. This
update addresses the issues by updating PHP to version 5.4.30
CVE-ID
CVE-2013-7345
CVE-2014-0185
CVE-2014-0207
CVE-2014-0237
CVE-2014-0238
CVE-2014-1943
CVE-2014-2270
CVE-2014-3478
CVE-2014-3479
CVE-2014-3480
CVE-2014-3487
CVE-2014-3515
CVE-2014-3981
CVE-2014-4049
Bluetooth
Available for: OS X Mavericks 10.9 to 10.9.4
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A validation issue existed in the handling of a
Bluetooth API call. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2014-4390 : Ian Beer of Google Project Zero
CoreGraphics
Available for: OS X Mavericks 10.9 to 10.9.4
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or an information disclosure
Description: An out of bounds memory read existed in the handling of
PDF files. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4378 : Felipe Andres Manzano of Binamuse VRT working with
the iSIGHT Partners GVP Program
CoreGraphics
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: An integer overflow existed in the handling of PDF
files. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4377 : Felipe Andres Manzano of Binamuse VRT working with
the iSIGHT Partners GVP Program
Foundation
Available for: OS X Mavericks 10.9 to 10.9.4
Impact: An application using NSXMLParser may be misused to disclose
information
Description: An XML External Entity issue existed in NSXMLParser's
handling of XML. This issue was addressed by not loading external
entities across origins.
CVE-ID
CVE-2014-4374 : George Gal of VSR (http://www.vsecurity.com/)
Intel Graphics Driver
Available for: OS X Mountain Lion v10.8.5,
OS X Mavericks 10.9 to 10.9.4
Impact: Compiling untrusted GLSL shaders may lead to an unexpected
application termination or arbitrary code execution
Description: A user-space buffer overflow existed in the shader
compiler. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4393 : Apple
Intel Graphics Driver
Available for: OS X Mountain Lion v10.8.5,
OS X Mavericks 10.9 to 10.9.4
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: Multiple validation issues existed in some integrated
graphics driver routines. These issues were addressed through
improved bounds checking.
CVE-ID
CVE-2014-4394 : Ian Beer of Google Project Zero
CVE-2014-4395 : Ian Beer of Google Project Zero
CVE-2014-4396 : Ian Beer of Google Project Zero
CVE-2014-4397 : Ian Beer of Google Project Zero
CVE-2014-4398 : Ian Beer of Google Project Zero
CVE-2014-4399 : Ian Beer of Google Project Zero
CVE-2014-4400 : Ian Beer of Google Project Zero
CVE-2014-4401 : Ian Beer of Google Project Zero
CVE-2014-4416 : Ian Beer of Google Project Zero
IOAcceleratorFamily
Available for: OS X Mountain Lion v10.8.5,
OS X Mavericks 10.9 to 10.9.4
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A null pointer dereference existed in the handling of
IOKit API arguments. This issue was addressed through improved
validation of IOKit API arguments.
CVE-ID
CVE-2014-4376 : Ian Beer of Google Project Zero
IOAcceleratorFamily
Available for: OS X Mavericks 10.9 to 10.9.4
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: An out-of-bounds read issue existed in the handling of
an IOAcceleratorFamily function. This issue was addressed through
improved bounds checking.
CVE-ID
CVE-2014-4402 : Ian Beer of Google Project Zero
IOHIDFamily
Available for: OS X Mountain Lion v10.8.5,
OS X Mavericks 10.9 to 10.9.4
Impact: A local user can read kernel pointers, which can be used to
bypass kernel address space layout randomization
Description: An out-of-bounds read issue existed in the handling of
an IOHIDFamily function. This issue was addressed through improved
bounds checking.
CVE-ID
CVE-2014-4379 : Ian Beer of Google Project Zero
IOKit
Available for: OS X Mountain Lion v10.8.5,
OS X Mavericks 10.9 to 10.9.4
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A validation issue existed in the handling of certain
metadata fields of IODataQueue objects. This issue was addressed
through improved validation of metadata.
CVE-ID
CVE-2014-4388 : @PanguTeam
IOKit
Available for: OS X Mountain Lion v10.8.5,
OS X Mavericks 10.9 to 10.9.4
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: An integer overflow existed in the handling of IOKit
functions. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4389 : Ian Beer of Google Project Zero
Kernel
Available for: OS X Mavericks 10.9 to 10.9.4
Impact: A local user can infer kernel addresses and bypass kernel
address space layout randomization
Description: In some cases, the CPU Global Descriptor Table was
allocated at a predictable address. This issue was addressed through
always allocating the Global Descriptor Table at random addresses.
CVE-ID
CVE-2014-4403 : Ian Beer of Google Project Zero
Libnotify
Available for: OS X Mountain Lion v10.8.5,
OS X Mavericks 10.9 to 10.9.4
Impact: A malicious application may be able to execute arbitrary
code with root privileges
Description: An out-of-bounds write issue existed in Libnotify. This
issue was addressed through improved bounds checking
CVE-ID
CVE-2014-4381 : Ian Beer of Google Project Zero
OpenSSL
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4
Impact: Multiple vulnerabilities in OpenSSL 0.9.8y, including one
that may lead to arbitrary code execution
Description: Multiple vulnerabilities existed in OpenSSL 0.9.8y.
CVE-ID
CVE-2014-0076
CVE-2014-0195
CVE-2014-0221
CVE-2014-0224
CVE-2014-3470
QT Media Foundation
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4
Impact: Playing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in the handling of
RLE encoded movie files. This issue was addressed through improved
bounds checking.
CVE-ID
CVE-2014-1391 : Fernando Munoz working with iDefense VCP, Tom
Gallagher & Paul Bates working with HP's Zero Day Initiative
QT Media Foundation
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4
Impact: Playing a maliciously crafted MIDI file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the handling of MIDI
files. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4350 : s3tm3m working with HP's Zero Day Initiative
QT Media Foundation
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4
Impact: Playing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in the handling of
the 'mvhd' atoms. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2014-4979 : Andrea Micalizzi aka rgod working with HP's Zero Day
Initiative
ruby
Available for: OS X Mavericks 10.9 to 10.9.4
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: A heap buffer overflow existed in LibYAML's handling of
percent-encoded characters in a URI. This issue was addressed through
improved bounds checking. This update addresses the issues by
updating LibYAML to version 0.1.6
CVE-ID
CVE-2014-2525
Note: OS X Mavericks 10.9.5 includes the security content of
Safari 7.0.6: http://support.apple.com/kb/HT6367
OS X Mavericks v10.9.5 and Security Update 2014-004 may be obtained
from the Mac App Store or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJUGkP0AAoJEBcWfLTuOo7tygQP/1vHYXtWy6492Tjj6ycymWa+
Ct0eCCBU/AUi5ODNDeV9ddWkuFeXKbgQSHoPU19IPcIBAKnYUupVJSJ/cEHfSthh
CiROjJw8Bt8comn04BgggHieLveN1xQCXQDcO29kBIpQr394XKS0lNXP//Z0oG5V
sCnEDPz/0R92mwT5XkKD9WC7G/WjybS5V7BjEbdzDOn4qdTVje05xI5pof+fkeQ1
hFHo7uTCDkSzLH2YxrQHifNVyItz8AgnNHwH7zc6XmNtiNFkiFP/KU6BYyr8WiTQ
Jb3pyLB/Xvmbd0kuETnDNvV0oJc88G38a++xZPnuM7zQrW/TQkkKQpiqKtYAiJuw
ZhUoky620/7HULegcYtsTyuDFyEN6whdSmHLFCJzk2oZXZ7MPA8ywCFB8Y79rohW
5MTe/zVUSxxYBgVXpkmhPwXYSTINeUJGJA1RQtXhC2Hh6O2jeqJP2H0hTmgsCBRA
3X/2CGoyAAgoKTJwgXk07tBbJWf+wQwAvUN9L1Yph+uOvvUzqFt8LNEGw9jVPsZl
QHcSEW/Ef/HK/OLwVZiPqse6lRJAdRZl5//vm4408jnXfJCy6KnvxcsO4Z1yTyoP
kCXdWlSLBiidcRRWBfoQBSC3gANcx9a56ItWieEvJrdNOiyhb+gqEk7XraOlb/gf
k4w2RKNm0Fv+kdNoFAnd
=gpVc
-----END PGP SIGNATURE-----
.
HP System Management Homepage versions 7.3.2 and earlier for Linux and
Windows.
HP IceWall SSO Dfw and MCRP
If possible, do not use SHOST setting which allows IceWall SSO Dfw or MCRP to
use SSL/TLS for back-end web server connection.
HP IceWall SSO Dfw Certd
If possible, set LDAPSSL to 0 to make HP SSO IceWall Certd to not use SSL/TLS
on any connection with LDAP server.
Note: The HP IceWall product is only available in Japan. ============================================================================
Ubuntu Security Notice USN-2232-4
August 18, 2014
openssl vulnerabilities
============================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 10.04 LTS
Summary:
USN-2232-1 introduced a regression in OpenSSL. One of the patch backports for
Ubuntu 10.04 LTS caused a regression for certain applications. This update
fixes the problem.
We apologize for the inconvenience. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and
Ubuntu 14.04 LTS. (CVE-2014-0195)
Imre Rad discovered that OpenSSL incorrectly handled DTLS recursions.
(CVE-2014-0224)
Felix Gr=C3=B6bert and Ivan Fratri=C4=87 discovered that OpenSSL incorrectly handled
anonymous ECDH ciphersuites. This issue only
affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS.
(CVE-2014-3470)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 10.04 LTS:
libssl0.9.8 0.9.8k-7ubuntu8.21
After a standard system update you need to reboot your computer to make all
the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04368523
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04368523
Version: 1
HPSBMU03069 rev.1 - HP Software Operation Orchestration, OpenSSL
Vulnerability, SSL/TLS, Remote Code Execution, Denial of Service (DoS),
Disclosure of Information
NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.
Release Date: 2014-07-09
Last Updated: 2014-07-09
Potential Security Impact: Remote denial of service (DoS), code execution,
unauthorized access, disclosure of information
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HP Software
Operation Orchestration.
OpenSSL is a 3rd party product that is embedded with some HP Software
products. This bulletin notifies HP Software customers about products
affected by the OpenSSL vulnerabilities
References:
CVE-2014-0195 Remote Unauthorized Access
CVE-2014-0221 Remote Unauthorized Access or Disclosure of Information
CVE-2014-3470 Remote Code Execution or Unauthorized Access
SSRT101635
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP Software Operation Orchestration, v9.X
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2014-0195 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8
CVE-2014-0221 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8
CVE-2014-3470 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following guideline for HP Operations Orchestration to
resolve these vulnerabilities.
Guidelines and Patches can be downloaded from HP Software Support Online:
http://support.openview.hp.com/selfsolve/document/LID/OO_00030
Bulletin Applicability: This security bulletin applies to each OpenSSL
component that is embedded within the HP products listed in the security
bulletin. The bulletin does not apply to any other 3rd party application
(e.g. operating system, web server, or application server) that may be
required to be installed by the customer according instructions in the
product install guide.
HISTORY
Version:1 (rev.1) - 9 July 2014 Initial release
Third Party Security Patches: Third party security patches that are to be
installed on systems running HP software products should be applied in
accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security
Bulletin, contact normal HP Services support channel. For other issues about
the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported
product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin
alerts via Email:
http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is
available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in
the title by the two characters following HPSB.
3C = 3COM
3P = 3rd Party Software
GN = HP General Software
HF = HP Hardware and Firmware
MP = MPE/iX
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PI = Printing and Imaging
PV = ProCurve
ST = Storage Software
TU = Tru64 UNIX
UX = HP-UX
Copyright 2014 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors
or omissions contained herein. The information provided is provided "as is"
without warranty of any kind. To the extent permitted by law, neither HP or
its affiliates, subcontractors or suppliers will be liable for
incidental,special or consequential damages including downtime cost; lost
profits; damages relating to the procurement of substitute products or
services; or damages for loss of data, or software restoration. The
information in this document is subject to change without notice.
Hewlett-Packard Company and the names of Hewlett-Packard products referenced
herein are trademarks of Hewlett-Packard Company in the United States and
other countries. Other product and company names mentioned herein may be
trademarks of their respective owners
| VAR-201406-0117 | CVE-2014-3470 | OpenSSL CVE-2014-3470 Denial of Service Vulnerability |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value. OpenSSL is prone to a denial-of-service vulnerability.
An attacker may exploit this issue to crash the application, resulting in denial-of-service conditions.
OpenSSL prior to 0.9.8za, 1.0.0m, and 1.0.1h are vulnerable. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2015:062
http://www.mandriva.com/en/support/security/
_______________________________________________________________________
Package : openssl
Date : March 27, 2015
Affected: Business Server 2.0
_______________________________________________________________________
Problem Description:
Multiple vulnerabilities has been discovered and corrected in openssl:
Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL
through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows
remote attackers to inject data across sessions or cause a denial of
service (use-after-free and parsing error) via an SSL connection in
a multithreaded environment (CVE-2010-5298).
The Montgomery ladder implementation in OpenSSL through 1.0.0l does
not ensure that certain swap operations have a constant-time behavior,
which makes it easier for local users to obtain ECDSA nonces via a
FLUSH+RELOAD cache side-channel attack (CVE-2014-0076).
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before
1.0.1g do not properly handle Heartbeat Extension packets, which allows
remote attackers to obtain sensitive information from process memory
via crafted packets that trigger a buffer over-read, as demonstrated
by reading private keys, related to d1_both.c and t1_lib.c, aka the
Heartbleed bug (CVE-2014-0160).
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before
1.0.1h does not properly restrict processing of ChangeCipherSpec
messages, which allows man-in-the-middle attackers to trigger use of a
zero-length master key in certain OpenSSL-to-OpenSSL communications,
and consequently hijack sessions or obtain sensitive information,
via a crafted TLS handshake, aka the CCS Injection vulnerability
(CVE-2014-0224).
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other
products, uses nondeterministic CBC padding, which makes it easier
for man-in-the-middle attackers to obtain cleartext data via a
padding-oracle attack, aka the POODLE issue (CVE-2014-3566). NOTE: this issue
became relevant after the CVE-2014-3568 fix (CVE-2014-3569).
The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before
1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square
of a BIGNUM value, which might make it easier for remote attackers to
defeat cryptographic protection mechanisms via unspecified vectors,
related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and
crypto/bn/bn_asm.c (CVE-2014-3570).
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before
0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote
SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger
a loss of forward secrecy by omitting the ServerKeyExchange message
(CVE-2014-3572).
OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k
does not enforce certain constraints on certificate data, which allows
remote attackers to defeat a fingerprint-based certificate-blacklist
protection mechanism by including crafted data within a
certificate's unsigned portion, related to crypto/asn1/a_verify.c,
crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c
(CVE-2014-8275).
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before
0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL
servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate
brute-force decryption by offering a weak ephemeral RSA key in a
noncompliant role, related to the FREAK issue. NOTE: the scope of
this CVE is only client code based on OpenSSL, not EXPORT_RSA issues
associated with servers or other TLS implementations (CVE-2015-0204).
The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before
1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a
Diffie-Hellman (DH) certificate without requiring a CertificateVerify
message, which allows remote attackers to obtain access without
knowledge of a private key via crafted TLS Handshake Protocol traffic
to a server that recognizes a Certification Authority with DH support
(CVE-2015-0205).
The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL
before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2
before 1.0.2a does not reinitialize CHOICE and ADB data structures,
which might allow attackers to cause a denial of service (invalid
write operation and memory corruption) by leveraging an application
that relies on ASN.1 structure reuse (CVE-2015-0287).
The updated packages have been upgraded to the 1.0.1m version where
these security flaws has been fixed.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293
http://openssl.org/news/secadv_20150108.txt
http://openssl.org/news/secadv_20150319.txt
_______________________________________________________________________
Updated Packages:
Mandriva Business Server 2/X86_64:
324a85f7e1165ab02881e44dbddaf599 mbs2/x86_64/lib64openssl1.0.0-1.0.1m-1.mbs2.x86_64.rpm
9c0bfb6ebd43cb6d81872abf71b4f85f mbs2/x86_64/lib64openssl-devel-1.0.1m-1.mbs2.x86_64.rpm
58df54e72ca7270210c7d8dd23df402b mbs2/x86_64/lib64openssl-engines1.0.0-1.0.1m-1.mbs2.x86_64.rpm
b5313ffb5baaa65aea05eb05486d309a mbs2/x86_64/lib64openssl-static-devel-1.0.1m-1.mbs2.x86_64.rpm
a9890ce4c33630cb9e00f3b2910dd784 mbs2/x86_64/openssl-1.0.1m-1.mbs2.x86_64.rpm
521297a5fe26e2de0c1222d8d03382d1 mbs2/SRPMS/openssl-1.0.1m-1.mbs2.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFVFTm1mqjQ0CJFipgRAoYFAKCaubn00colzVNnUBFjSElyDptGMQCfaGoS
kz0ex6eI6hA6qSwklA2NoXY=
=GYjX
-----END PGP SIGNATURE-----
. 7) - x86_64
3.
In addition this update disables ZLIB compress by default. If you need
to re-enable it for some reason, you can set the environment variable
OPENSSL_NO_DEFAULT_ZLIB.
This update also fixes a header declaration which could result in
build failures in applications using OpenSSL. The
updates are available from the following location using ftp:
ftp://srt03046:Secure12@ftp.usa.hp.com
User name: srt03046
Password: Secure12 ( NOTE: Case sensitive)
HP-UX Release
HP-UX OpenSSL version
B.11.11 (11i v1)
A.00.09.08za.001_HP-UX_B.11.11_32+64.depot
B.11.23 (11i v2)
A.00.09.08za.002_HP-UX_B.11.23_IA-PA.depot
B.11.31 (11i v3)
A.00.09.08za.003_HP-UX_B.11.31_IA-PA.depot
MANUAL ACTIONS: Yes - Update
Install OpenSSL A.00.09.08za or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application
that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins
issued by HP and lists recommended actions that may apply to a specific HP-UX
system. It can also download patches and create a depot automatically. For
more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant. OpenSSL
is a 3rd party product that is embedded with some HP Software products. This
bulletin notifies HP Software customers about products affected by the
OpenSSL vulnerabilities
Note: OpenSSL vulnerabilities, are vulnerabilities found in the OpenSSL
product cryptographic software library product. The impacted products
appear in the list below are vulnerable due to embedding of OpenSSL standard
release software. These vulnerabilities include:
* The SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy
Encryption" also known as "POODLE", which could be exploited remotely
resulting in disclosure of information.
- HP StoreVirtual VSA Software 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4130 600GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4130 600GB China SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 1TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 450GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 1TB MDL China SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 450GB China SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 900GB China SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 FC 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 FC 900GB China SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 2TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 3TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 450GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 600GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4630 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4730 600GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4730 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4730 FC 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 450GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 900GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 1TB MDL SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 3TB MDL SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 450GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4335 China Hybrid Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4335 Hybrid Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 4TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4130 600GB China SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4130 600GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 1TB MDL China SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 1TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 1TB MDL SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 450GB China SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 450GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 450GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 900GB China SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 900GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 FC 900GB China SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 FC 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4335 China Hybrid SAN Solution 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4335 China Hybrid Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4335 Hybrid SAN Solution 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4335 Hybrid Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 2TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 3TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 3TB MDL SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 450GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 450GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 4TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 600GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 600GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4630 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4730 600GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4730 600GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4730 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4730 900GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4730 FC 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
BACKGROUND
CVSS Base Metrics
=================
Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector
CVE-2010-5298
4.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
4.0 (AV:N/AC:H/Au:N/C:N/I:P/A:P)
CVE-2014-0076
4.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1.9 (AV:L/AC:M/Au:N/C:P/I:N/A:N)
CVE-2014-0195
7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVE-2014-0198
5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CVE-2014-0221
5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CVE-2014-0224
6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVE-2014-3470
5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CVE-2014-3566
3.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVE-2016-0705
9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499
RESOLUTION
HPE recommends applying the following software updates to resolve the
vulnerabilities in the impacted versions of HPE StoreVirtual products running
HPE LeftHand OS.
LeftHand OS v11.5 - Patches 45019-00 and 45020
LeftHand OS v12.0 - Patches 50016-00 and 50017-00
LeftHand OS v12.5 - Patch 55016-00
LeftHand OS v12.6 - Patch 56002-00
**Notes:**
These patches enable TLSv1.2 protocol and upgrades the OpenSSL RPM revision
to OpenSSL v1.0.1e 48.
These patches migrate Certificate Authority Hashing Algorithm from a weak
hashing algorithm SHA1 to the stronger hashing algorithm SHA256. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Important: openssl security update
Advisory ID: RHSA-2014:0625-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0625.html
Issue date: 2014-06-05
CVE Names: CVE-2010-5298 CVE-2014-0195 CVE-2014-0198
CVE-2014-0221 CVE-2014-0224 CVE-2014-3470
=====================================================================
1. Summary:
Updated openssl packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having
Important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64
3. Description:
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols, as well as a
full-strength, general purpose cryptography library.
It was found that OpenSSL clients and servers could be forced, via a
specially crafted handshake packet, to use weak keying material for
communication. A man-in-the-middle attacker could use this flaw to decrypt
and modify traffic between a client and a server. (CVE-2014-0224)
Note: In order to exploit this flaw, both the server and the client must be
using a vulnerable version of OpenSSL; the server must be using OpenSSL
version 1.0.1 and above, and the client must be using any version of
OpenSSL. For more information about this flaw, refer to:
https://access.redhat.com/site/articles/904433
A buffer overflow flaw was found in the way OpenSSL handled invalid DTLS
packet fragments. A remote attacker could possibly use this flaw to execute
arbitrary code on a DTLS client or server. (CVE-2014-0195)
Multiple flaws were found in the way OpenSSL handled read and write buffers
when the SSL_MODE_RELEASE_BUFFERS mode was enabled. A TLS/SSL client or
server using OpenSSL could crash or unexpectedly drop connections when
processing certain SSL traffic. (CVE-2010-5298, CVE-2014-0198)
A denial of service flaw was found in the way OpenSSL handled certain DTLS
ServerHello requests. A specially crafted DTLS handshake packet could cause
a DTLS client using OpenSSL to crash. (CVE-2014-0221)
A NULL pointer dereference flaw was found in the way OpenSSL performed
anonymous Elliptic Curve Diffie Hellman (ECDH) key exchange. A specially
crafted handshake packet could cause a TLS/SSL client that has the
anonymous ECDH cipher suite enabled to crash. (CVE-2014-3470)
Red Hat would like to thank the OpenSSL project for reporting these issues.
Upstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter
of CVE-2014-0224, Jüri Aedla as the original reporter of CVE-2014-0195,
Imre Rad of Search-Lab as the original reporter of CVE-2014-0221, and Felix
Gröbert and Ivan Fratrić of Google as the original reporters of
CVE-2014-3470.
All OpenSSL users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. For the update to take
effect, all services linked to the OpenSSL library (such as httpd and other
SSL-enabled services) must be restarted or the system rebooted.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1087195 - CVE-2010-5298 openssl: freelist misuse causing a possible use-after-free
1093837 - CVE-2014-0198 openssl: SSL_MODE_RELEASE_BUFFERS NULL pointer dereference in do_ssl3_write()
1103586 - CVE-2014-0224 openssl: SSL/TLS MITM vulnerability
1103593 - CVE-2014-0221 openssl: DoS when sending invalid DTLS handshake
1103598 - CVE-2014-0195 openssl: Buffer overflow via DTLS invalid fragment
1103600 - CVE-2014-3470 openssl: client-side denial of service when using anonymous ECDH
6. Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source:
openssl-1.0.1e-16.el6_5.14.src.rpm
i386:
openssl-1.0.1e-16.el6_5.14.i686.rpm
openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm
x86_64:
openssl-1.0.1e-16.el6_5.14.i686.rpm
openssl-1.0.1e-16.el6_5.14.x86_64.rpm
openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm
openssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
Source:
openssl-1.0.1e-16.el6_5.14.src.rpm
i386:
openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm
openssl-devel-1.0.1e-16.el6_5.14.i686.rpm
openssl-perl-1.0.1e-16.el6_5.14.i686.rpm
openssl-static-1.0.1e-16.el6_5.14.i686.rpm
x86_64:
openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm
openssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm
openssl-devel-1.0.1e-16.el6_5.14.i686.rpm
openssl-devel-1.0.1e-16.el6_5.14.x86_64.rpm
openssl-perl-1.0.1e-16.el6_5.14.x86_64.rpm
openssl-static-1.0.1e-16.el6_5.14.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source:
openssl-1.0.1e-16.el6_5.14.src.rpm
x86_64:
openssl-1.0.1e-16.el6_5.14.i686.rpm
openssl-1.0.1e-16.el6_5.14.x86_64.rpm
openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm
openssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
Source:
openssl-1.0.1e-16.el6_5.14.src.rpm
x86_64:
openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm
openssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm
openssl-devel-1.0.1e-16.el6_5.14.i686.rpm
openssl-devel-1.0.1e-16.el6_5.14.x86_64.rpm
openssl-perl-1.0.1e-16.el6_5.14.x86_64.rpm
openssl-static-1.0.1e-16.el6_5.14.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source:
openssl-1.0.1e-16.el6_5.14.src.rpm
i386:
openssl-1.0.1e-16.el6_5.14.i686.rpm
openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm
openssl-devel-1.0.1e-16.el6_5.14.i686.rpm
ppc64:
openssl-1.0.1e-16.el6_5.14.ppc.rpm
openssl-1.0.1e-16.el6_5.14.ppc64.rpm
openssl-debuginfo-1.0.1e-16.el6_5.14.ppc.rpm
openssl-debuginfo-1.0.1e-16.el6_5.14.ppc64.rpm
openssl-devel-1.0.1e-16.el6_5.14.ppc.rpm
openssl-devel-1.0.1e-16.el6_5.14.ppc64.rpm
s390x:
openssl-1.0.1e-16.el6_5.14.s390.rpm
openssl-1.0.1e-16.el6_5.14.s390x.rpm
openssl-debuginfo-1.0.1e-16.el6_5.14.s390.rpm
openssl-debuginfo-1.0.1e-16.el6_5.14.s390x.rpm
openssl-devel-1.0.1e-16.el6_5.14.s390.rpm
openssl-devel-1.0.1e-16.el6_5.14.s390x.rpm
x86_64:
openssl-1.0.1e-16.el6_5.14.i686.rpm
openssl-1.0.1e-16.el6_5.14.x86_64.rpm
openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm
openssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm
openssl-devel-1.0.1e-16.el6_5.14.i686.rpm
openssl-devel-1.0.1e-16.el6_5.14.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
Source:
openssl-1.0.1e-16.el6_5.14.src.rpm
i386:
openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm
openssl-perl-1.0.1e-16.el6_5.14.i686.rpm
openssl-static-1.0.1e-16.el6_5.14.i686.rpm
ppc64:
openssl-debuginfo-1.0.1e-16.el6_5.14.ppc64.rpm
openssl-perl-1.0.1e-16.el6_5.14.ppc64.rpm
openssl-static-1.0.1e-16.el6_5.14.ppc64.rpm
s390x:
openssl-debuginfo-1.0.1e-16.el6_5.14.s390x.rpm
openssl-perl-1.0.1e-16.el6_5.14.s390x.rpm
openssl-static-1.0.1e-16.el6_5.14.s390x.rpm
x86_64:
openssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm
openssl-perl-1.0.1e-16.el6_5.14.x86_64.rpm
openssl-static-1.0.1e-16.el6_5.14.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source:
openssl-1.0.1e-16.el6_5.14.src.rpm
i386:
openssl-1.0.1e-16.el6_5.14.i686.rpm
openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm
openssl-devel-1.0.1e-16.el6_5.14.i686.rpm
x86_64:
openssl-1.0.1e-16.el6_5.14.i686.rpm
openssl-1.0.1e-16.el6_5.14.x86_64.rpm
openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm
openssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm
openssl-devel-1.0.1e-16.el6_5.14.i686.rpm
openssl-devel-1.0.1e-16.el6_5.14.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
Source:
openssl-1.0.1e-16.el6_5.14.src.rpm
i386:
openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm
openssl-perl-1.0.1e-16.el6_5.14.i686.rpm
openssl-static-1.0.1e-16.el6_5.14.i686.rpm
x86_64:
openssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm
openssl-perl-1.0.1e-16.el6_5.14.x86_64.rpm
openssl-static-1.0.1e-16.el6_5.14.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2010-5298.html
https://www.redhat.com/security/data/cve/CVE-2014-0195.html
https://www.redhat.com/security/data/cve/CVE-2014-0198.html
https://www.redhat.com/security/data/cve/CVE-2014-0221.html
https://www.redhat.com/security/data/cve/CVE-2014-0224.html
https://www.redhat.com/security/data/cve/CVE-2014-3470.html
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/site/articles/904433
https://access.redhat.com/site/solutions/905793
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2014 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFTkGAKXlSAg2UNWIIRAnrwAJ9sLrj3wCAZhJU00jxgt03unDAHywCfVjUB
pJJhdOUzRUL8R2haDM4xrsk=
=hZF8
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce.
HP Systems Insight Manager v7.3 Hotfix kit
HP Systems Insight Manager v7.2 Hotfix kit (The HP Systems Insight Manager
v7.2 Hotfix kit is currently unavailable, but will be released at a later
date.
http://h18013.www1.hp.com/products/servers/management/hpsim/download.html
NOTE: No reboot of the system is required after applying the HP SIM Hotfix
kit.
HP System Management Homepage versions 7.3.2 and earlier for Linux and
Windows. HP System Management Homepage v7.2.4.1 is available for
Windows 2003 only.
HP System Management Homepage v7.2.4.1 for Windows x86:
http://www.hp.com/swpublishing/MTX-d775367b0a28449ca05660778b
ftp://ftp.hp.com/pub/softlib2/software1/sc-windows/p11160892/v98702
HP System Management Homepage v7.2.4.1 for Windows x64:
http://www.hp.com/swpublishing/MTX-3a7aa5e233904ebe847a5e1555
ftp://ftp.hp.com/pub/softlib2/software1/sc-windows/p221526337/v98704
HP System Management Homepage v7.3.3.1 for Windows x86:
http://www.hp.com/swpublishing/MTX-3395d737d98f42149125b9bb05
ftp://ftp.hp.com/pub/softlib2/software1/sc-windows/p11160892/v98696
HP System Management Homepage v7.3.3.1 for Windows x64:
http://www.hp.com/swpublishing/MTX-e8076c2a35804685ad65b2b1ba
ftp://ftp.hp.com/pub/softlib2/software1/sc-windows/p221526337/v98698
HP System Management Homepage v7.3.3.1 for Linux x86:
http://www.hp.com/swpublishing/MTX-511c3e0b2f6f4f6bbc796fc619
ftp://ftp.hp.com/pub/softlib2/software1/pubsw-linux/p1980463820/v98694
HP System Management Homepage v7.3.3.1 for Linux x64:
http://www.hp.com/swpublishing/MTX-bd9a1cf60e344c549c4888db93
ftp://ftp.hp.com/pub/softlib2/software1/pubsw-linux/p1507410135/v98693
NOTE: HP System Management Homepage v7.3.3.1 for Linux x86 still contains
OpenSSL v1.0.0d. As long as all other products which SMH V7.3.3.1 for Linux
x86 communicates with have been upgraded to the latest versions, it will not
be vulnerable to the exploits described in CVE-2014-0224.
Release Date: 2014-07-23
Last Updated: 2014-07-23
Potential Security Impact: Remote denial of service (DoS), code execution,
unauthorized access, disclosure of information
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HP Insight
Control server migration running on Linux and Windows which could be
exploited remotely resulting in denial of service (DoS), code execution,
unauthorized access, or disclosure of information.
References:
CVE-2010-5298 Remote Denial of Service
CVE-2014-0076 Unauthorized Disclosure of Information
CVE-2014-0195 Remote Unauthorized Access
CVE-2014-0198 Remote Denial of Service
CVE-2014-0221 Remote Denial of Service (DoS)
CVE-2014-0224 Remote Unauthorized Access or Disclosure of Information
CVE-2014-3470 Remote Code Execution or Unauthorized Access
SSRT101647
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP Insight Control server migration v7.2.2, v7.3, v7.3.1, and v7.3.2
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2010-5298 (AV:N/AC:H/Au:N/C:N/I:P/A:P) 4.0
CVE-2014-0076 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3
CVE-2014-0195 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8
CVE-2014-0198 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3
CVE-2014-0221 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3
CVE-2014-0224 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8
CVE-2014-3470 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following updates to v7.3.2 of HP Insight Control server
migration to resolve these vulnerabilities by upgrading to version 7.3.3.
Please note that version 7.3.3 of HP Insight Control server migration is
included on the HP Insight Management 7.3 Update 2 DVD.
HP has provided the installation binaries for download from the following web
site by using the Receive for free option:
http://h18013.www1.hp.com/products/servers/management/fpdownload.html
Customers using HP Insight Control server migration v7.2.2 must first upgrade
from v7.2.2 to v7.3 by using the HP Insight Management v7.3 DVD, and then
upgrade to v7.3.3 by using the HP Insight Management v7.3 Update 2 DVD.
Customers running HP Insight Control server migration v7.3, v7.3.1, or
v7.3.2, can use the HP Insight Control server migration v7.3 Update 2 DVD to
complete the upgrade.
For more information on the upgrade process, please refer to the HP Insight
Management Installation and Upgrade Guide and Release notes, which are
available at the following location:
http://h17007.www1.hp.com/us/en/enterprise/servers/solutions/info-library/ind
ex.aspx?cat=insightmanagement
NOTE: The upgrade paths described above update the entire HP Insight Control
software stack. To upgrade HP Insight Control server migration only, complete
the following steps:
Copy "hpsmp.exe" to the local machine from the HP Insight Management v7.3.0
Update 2 DVD ISO. Create batch file with the following commands:
@echo off
hpsmp.exe /verysilent /SVCPATCH=Install_Through_Patch
Copy the batch file to the folder where "hpsmp.exe" normally resides on the
target system.
Double click on the batch file.
The HP Insight Control server migration installation starts in a command
prompt.
The command prompt closes when the installation finishes.
After the installation completes it creates a log file (ICmigr.log) and an
output file (ICmigroutput.xml) on the target system.
Do not close or click on the command prompt while the process is completing.
Do not run the command prompt in the background.
HISTORY
Version:1 (rev.1) - 23 July 2014 Initial release
Third Party Security Patches: Third party security patches that are to be
installed on systems running HP software products should be applied in
accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security
Bulletin, contact normal HP Services support channel. For other issues about
the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported
product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin
alerts via Email:
http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is
available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in
the title by the two characters following HPSB.
3C = 3COM
3P = 3rd Party Software
GN = HP General Software
HF = HP Hardware and Firmware
MP = MPE/iX
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PI = Printing and Imaging
PV = ProCurve
ST = Storage Software
TU = Tru64 UNIX
UX = HP-UX
Copyright 2014 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors
or omissions contained herein. The information provided is provided "as is"
without warranty of any kind. To the extent permitted by law, neither HP or
its affiliates, subcontractors or suppliers will be liable for
incidental,special or consequential damages including downtime cost; lost
profits; damages relating to the procurement of substitute products or
services; or damages for loss of data, or software restoration. The
information in this document is subject to change without notice.
Hewlett-Packard Company and the names of Hewlett-Packard products referenced
herein are trademarks of Hewlett-Packard Company in the United States and
other countries. Other product and company names mentioned herein may be
trademarks of their respective owners.
HP IceWall SSO Dfw and MCRP
If possible, do not use SHOST setting which allows IceWall SSO Dfw or MCRP to
use SSL/TLS for back-end web server connection.
HP IceWall SSO Dfw Certd
If possible, set LDAPSSL to 0 to make HP SSO IceWall Certd to not use SSL/TLS
on any connection with LDAP server. ============================================================================
Ubuntu Security Notice USN-2232-4
August 18, 2014
openssl vulnerabilities
============================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 10.04 LTS
Summary:
USN-2232-1 introduced a regression in OpenSSL. One of the patch backports for
Ubuntu 10.04 LTS caused a regression for certain applications. This update
fixes the problem.
We apologize for the inconvenience. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and
Ubuntu 14.04 LTS. (CVE-2014-0195)
Imre Rad discovered that OpenSSL incorrectly handled DTLS recursions.
(CVE-2014-0224)
Felix Gr=C3=B6bert and Ivan Fratri=C4=87 discovered that OpenSSL incorrectly handled
anonymous ECDH ciphersuites. This issue only
affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS.
(CVE-2014-3470)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 10.04 LTS:
libssl0.9.8 0.9.8k-7ubuntu8.21
After a standard system update you need to reboot your computer to make all
the necessary changes.
Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/openssl-1.0.1h-i486-1_slack14.1.txz: Upgraded.
+--------------------------+
Where to find the new packages:
+-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated packages for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8za-i486-1_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8za-i486-1_slack13.0.txz
Updated packages for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8za-x86_64-1_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8za-x86_64-1_slack13.0.txz
Updated packages for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8za-i486-1_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8za-i486-1_slack13.1.txz
Updated packages for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8za-x86_64-1_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8za-x86_64-1_slack13.1.txz
Updated packages for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8za-i486-1_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8za-i486-1_slack13.37.txz
Updated packages for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8za-x86_64-1_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8za-x86_64-1_slack13.37.txz
Updated packages for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1h-i486-1_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1h-i486-1_slack14.0.txz
Updated packages for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1h-x86_64-1_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1h-x86_64-1_slack14.0.txz
Updated packages for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1h-i486-1_slack14.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1h-i486-1_slack14.1.txz
Updated packages for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1h-x86_64-1_slack14.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1h-x86_64-1_slack14.1.txz
Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1h-i486-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1h-i486-1.txz
Updated packages for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1h-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1h-x86_64-1.txz
MD5 signatures:
+-------------+
Slackware 13.0 packages:
634b8ecc8abc6d3f249b73d0fefa5959 openssl-0.9.8za-i486-1_slack13.0.txz
a2529f1243d42a3608f61b96236b5f60 openssl-solibs-0.9.8za-i486-1_slack13.0.txz
Slackware x86_64 13.0 packages:
2ddac651c5f2531f3a7f70d9f5823bd6 openssl-0.9.8za-x86_64-1_slack13.0.txz
d7ffeb15713a587f642fbb3d5c310c75 openssl-solibs-0.9.8za-x86_64-1_slack13.0.txz
Slackware 13.1 packages:
0b84a6a1edf76cba83d4c52c54196baa openssl-0.9.8za-i486-1_slack13.1.txz
dfd5d241b0e1703ae9d70d6ccda06179 openssl-solibs-0.9.8za-i486-1_slack13.1.txz
Slackware x86_64 13.1 packages:
bd749622577a5f76a59d90b95aa922fd openssl-0.9.8za-x86_64-1_slack13.1.txz
35cf911dd9f0cc13f7f0056d9e1f4520 openssl-solibs-0.9.8za-x86_64-1_slack13.1.txz
Slackware 13.37 packages:
8f674defac9002c81265d284b1072f75 openssl-0.9.8za-i486-1_slack13.37.txz
48ce79e7714cb0c823d2b6ea4a88ba51 openssl-solibs-0.9.8za-i486-1_slack13.37.txz
Slackware x86_64 13.37 packages:
efa09162c22782c15806bca99472c5be openssl-0.9.8za-x86_64-1_slack13.37.txz
8e3b8d1e3d3a740bd274fbe38dc10f96 openssl-solibs-0.9.8za-x86_64-1_slack13.37.txz
Slackware 14.0 packages:
8e2698d19f54c7e0cac8f998df23b782 openssl-1.0.1h-i486-1_slack14.0.txz
cf6233bc169cf6dd192bb7210f779fc1 openssl-solibs-1.0.1h-i486-1_slack14.0.txz
Slackware x86_64 14.0 packages:
2b4f0610d5e46fa7bb27a0b39f0d6d33 openssl-1.0.1h-x86_64-1_slack14.0.txz
18fdd83dcf86204275508a689a017dea openssl-solibs-1.0.1h-x86_64-1_slack14.0.txz
Slackware 14.1 packages:
49aea7da42eef41da894f29762971863 openssl-1.0.1h-i486-1_slack14.1.txz
6f19f4fdc3f018b4e821c519d7bb1e5c openssl-solibs-1.0.1h-i486-1_slack14.1.txz
Slackware x86_64 14.1 packages:
ccf5ff2b107c665a4f3bf98176937749 openssl-1.0.1h-x86_64-1_slack14.1.txz
ea1aaba38c98b096186ca94ca541a793 openssl-solibs-1.0.1h-x86_64-1_slack14.1.txz
Slackware -current packages:
db1ed7ded71ab503f567940fff39eb16 a/openssl-solibs-1.0.1h-i486-1.txz
0db4f91f9b568b2b2629950e5ab88b22 n/openssl-1.0.1h-i486-1.txz
Slackware x86_64 -current packages:
d01aef33335bee27f36574241f54091f a/openssl-solibs-1.0.1h-x86_64-1.txz
95a743d21c58f39573845d6ec5270656 n/openssl-1.0.1h-x86_64-1.txz
Installation instructions:
+------------------------+
Upgrade the packages as root:
# upgradepkg openssl-1.0.1h-i486-1_slack14.1.txz openssl-solibs-1.0.1h-i486-1_slack14.1.txz
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address
| VAR-201406-0142 | CVE-2014-0221 | OpenSSL Resource Management Error Vulnerability |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake. OpenSSL is prone to a denial-of-service vulnerability.
An attacker can exploit this issue to crash the affected application, denying service to legitimate users.
OpenSSL prior to 0.9.8za,1.0.0m and 1.0.1h are vulnerable. ============================================================================
Ubuntu Security Notice USN-2232-1
June 05, 2014
openssl vulnerabilities
============================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
- Ubuntu 13.10
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in OpenSSL. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and
Ubuntu 14.04 LTS. This issue only
affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS.
(CVE-2014-3470)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS:
libssl1.0.0 1.0.1f-1ubuntu2.2
Ubuntu 13.10:
libssl1.0.0 1.0.1e-3ubuntu1.4
Ubuntu 12.04 LTS:
libssl1.0.0 1.0.1-4ubuntu5.14
Ubuntu 10.04 LTS:
libssl0.9.8 0.9.8k-7ubuntu8.18
After a standard system update you need to reboot your computer to make all
the necessary changes. OpenSSL Security Advisory [05 Jun 2014]
========================================
SSL/TLS MITM vulnerability (CVE-2014-0224)
===========================================
An attacker using a carefully crafted handshake can force the use of weak
keying material in OpenSSL SSL/TLS clients and servers. This can be exploited
by a Man-in-the-middle (MITM) attack where the attacker can decrypt and
modify traffic from the attacked client and server.
The attack can only be performed between a vulnerable client *and*
server. Users
of OpenSSL servers earlier than 1.0.1 are advised to upgrade as a precaution.
OpenSSL 0.9.8 SSL/TLS users (client and/or server) should upgrade to 0.9.8za.
OpenSSL 1.0.0 SSL/TLS users (client and/or server) should upgrade to 1.0.0m.
OpenSSL 1.0.1 SSL/TLS users (client and/or server) should upgrade to 1.0.1h.
Thanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for discovering and
researching this issue. This issue was reported to OpenSSL on 1st May
2014 via JPCERT/CC.
The fix was developed by Stephen Henson of the OpenSSL core team partly based
on an original patch from KIKUCHI Masashi.
Only applications using OpenSSL as a DTLS client are affected.
Thanks to Imre Rad (Search-Lab Ltd.) for discovering this issue. This
issue was reported to OpenSSL on 9th May 2014.
The fix was developed by Stephen Henson of the OpenSSL core team.
DTLS invalid fragment vulnerability (CVE-2014-0195)
====================================================
A buffer overrun attack can be triggered by sending invalid DTLS fragments
to an OpenSSL DTLS client or server. This is potentially exploitable to
run arbitrary code on a vulnerable client or server.
Only applications using OpenSSL as a DTLS client or server affected.
Thanks to Jüri Aedla for reporting this issue. This issue was
reported to OpenSSL on 23rd April 2014 via HP ZDI.
The fix was developed by Stephen Henson of the OpenSSL core team. This flaw
only affects OpenSSL 1.0.0 and 1.0.1 where SSL_MODE_RELEASE_BUFFERS is
enabled, which is not the default and not common.
This issue was reported in public. The fix was developed by
Matt Caswell of the OpenSSL development team.
This flaw only affects multithreaded applications using OpenSSL 1.0.0
and 1.0.1, where SSL_MODE_RELEASE_BUFFERS is enabled, which is not the
default and not common.
This issue was reported in public.
Anonymous ECDH denial of service (CVE-2014-3470)
================================================
OpenSSL TLS clients enabling anonymous ECDH ciphersuites are subject to a
denial of service attack.
Thanks to Felix Gröbert and Ivan Fratrić at Google for discovering this
issue. This issue was reported to OpenSSL on 28th May 2014.
The fix was developed by Stephen Henson of the OpenSSL core team.
Other issues
============
OpenSSL 1.0.0m and OpenSSL 0.9.8za also contain a fix for
CVE-2014-0076: Fix for the attack described in the paper "Recovering
OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
Reported by Yuval Yarom and Naomi Benger. This issue was previously
fixed in OpenSSL 1.0.1g.
References
==========
URL for this Security Advisory:
http://www.openssl.org/news/secadv_20140605.txt
Note: the online version of the advisory may be updated with additional
details over time. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04336637
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04336637
Version: 1
HPSBUX03046 SSRT101590 rev.1 - HP-UX Running OpenSSL, Remote Denial of
Service (DoS), Code Execution, Security Restriction Bypass, Disclosure of
Information, or Unauthorized Access
NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.
Release Date: 2014-06-12
Last Updated: 2014-06-12
Potential Security Impact: Remote Denial of Service (DoS), code execution,
security restriction bypass, disclosure of information, or unauthorized
access
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HP-UX running
OpenSSL. These vulnerabilities could be exploited remotely to create a Denial
of Service (DoS), execute code, bypass security restrictions, disclose
information, or allow unauthorized access.
References:
CVE-2014-0076 Remote Denial of Service (DoS)
CVE-2014-0195 Remote Unauthorized Access
CVE-2014-0221 Remote Denial of Service (DoS)
CVE-2014-0224 Remote Unauthorized Access or Disclosure of Information
CVE-2014-3470 Remote Code Execution or Unauthorized Access
SSRT101590, SSRT101596
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.11, B.11.23, B.11.31 running OpenSSL versions before 0.9.8za
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2014-0076 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3
CVE-2014-0195 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8
CVE-2014-0221 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3
CVE-2014-0224 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8
CVE-2014-3470 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following updates to resolve these vulnerabilities. The
updates are available from the following location using ftp:
ftp://srt03046:Secure12@ftp.usa.hp.com
User name: srt03046
Password: Secure12 ( NOTE: Case sensitive)
HP-UX Release
HP-UX OpenSSL version
B.11.11 (11i v1)
A.00.09.08za.001_HP-UX_B.11.11_32+64.depot
B.11.23 (11i v2)
A.00.09.08za.002_HP-UX_B.11.23_IA-PA.depot
B.11.31 (11i v3)
A.00.09.08za.003_HP-UX_B.11.31_IA-PA.depot
MANUAL ACTIONS: Yes - Update
Install OpenSSL A.00.09.08za or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application
that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins
issued by HP and lists recommended actions that may apply to a specific HP-UX
system. It can also download patches and create a depot automatically. For
more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.11
==================
openssl.OPENSSL-CER
openssl.OPENSSL-CONF
openssl.OPENSSL-DOC
openssl.OPENSSL-INC
openssl.OPENSSL-LIB
openssl.OPENSSL-MAN
openssl.OPENSSL-MIS
openssl.OPENSSL-PRNG
openssl.OPENSSL-PVT
openssl.OPENSSL-RUN
openssl.OPENSSL-SRC
action: install revision A.00.09.08za.001 or subsequent
HP-UX B.11.23
==================
openssl.OPENSSL-CER
openssl.OPENSSL-CONF
openssl.OPENSSL-DOC
openssl.OPENSSL-INC
openssl.OPENSSL-LIB
openssl.OPENSSL-MAN
openssl.OPENSSL-MIS
openssl.OPENSSL-PRNG
openssl.OPENSSL-PVT
openssl.OPENSSL-RUN
openssl.OPENSSL-SRC
action: install revision A.00.09.08za.002 or subsequent
HP-UX B.11.31
==================
openssl.OPENSSL-CER
openssl.OPENSSL-CONF
openssl.OPENSSL-DOC
openssl.OPENSSL-INC
openssl.OPENSSL-LIB
openssl.OPENSSL-MAN
openssl.OPENSSL-MIS
openssl.OPENSSL-PRNG
openssl.OPENSSL-PVT
openssl.OPENSSL-RUN
openssl.OPENSSL-SRC
action: install revision A.00.09.08za.003 or subsequent
END AFFECTED VERSIONS
HISTORY
Version:1 (rev.1) - 12 June 2014 Initial release
Third Party Security Patches: Third party security patches that are to be
installed on systems running HP software products should be applied in
accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security
Bulletin, contact normal HP Services support channel. For other issues about
the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported
product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin
alerts via Email:
http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is
available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in
the title by the two characters following HPSB.
3C = 3COM
3P = 3rd Party Software
GN = HP General Software
HF = HP Hardware and Firmware
MP = MPE/iX
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PI = Printing and Imaging
PV = ProCurve
ST = Storage Software
TU = Tru64 UNIX
UX = HP-UX
Copyright 2014 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors
or omissions contained herein. The information provided is provided "as is"
without warranty of any kind. To the extent permitted by law, neither HP or
its affiliates, subcontractors or suppliers will be liable for
incidental,special or consequential damages including downtime cost; lost
profits; damages relating to the procurement of substitute products or
services; or damages for loss of data, or software restoration. The
information in this document is subject to change without notice.
Hewlett-Packard Company and the names of Hewlett-Packard products referenced
herein are trademarks of Hewlett-Packard Company in the United States and
other countries. Other product and company names mentioned herein may be
trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: openssl security update
Advisory ID: RHSA-2014:1053-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1053.html
Issue date: 2014-08-13
CVE Names: CVE-2014-0221 CVE-2014-3505 CVE-2014-3506
CVE-2014-3508 CVE-2014-3510
=====================================================================
1. Summary:
Updated openssl packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 5.
Red Hat Product Security has rated this update as having Moderate security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux Desktop Workstation (v. 5 client) - i386, x86_64
3. Description:
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),
Transport Layer Security (TLS), and Datagram Transport Layer Security
(DTLS) protocols, as well as a full-strength, general purpose cryptography
library.
It was discovered that the OBJ_obj2txt() function could fail to properly
NUL-terminate its output. This could possibly cause an application using
OpenSSL functions to format fields of X.509 certificates to disclose
portions of its memory. (CVE-2014-3508)
Multiple flaws were discovered in the way OpenSSL handled DTLS packets. (CVE-2014-3510)
Red Hat would like to thank the OpenSSL project for reporting
CVE-2014-0221. Upstream acknowledges Imre Rad of Search-Lab as the original
reporter of this issue. For the update to take
effect, all services linked to the OpenSSL library (such as httpd and other
SSL-enabled services) must be restarted or the system rebooted.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the
Red Hat Network to apply this update are available at
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1103593 - CVE-2014-0221 openssl: DoS when sending invalid DTLS handshake
1127490 - CVE-2014-3508 openssl: information leak in pretty printing functions
1127499 - CVE-2014-3505 openssl: DTLS packet processing double free
1127500 - CVE-2014-3506 openssl: DTLS memory exhaustion
1127503 - CVE-2014-3510 openssl: DTLS anonymous (EC)DH denial of service
6. Package List:
Red Hat Enterprise Linux Desktop (v. 5 client):
Source:
openssl-0.9.8e-27.el5_10.4.src.rpm
i386:
openssl-0.9.8e-27.el5_10.4.i386.rpm
openssl-0.9.8e-27.el5_10.4.i686.rpm
openssl-debuginfo-0.9.8e-27.el5_10.4.i386.rpm
openssl-debuginfo-0.9.8e-27.el5_10.4.i686.rpm
openssl-perl-0.9.8e-27.el5_10.4.i386.rpm
x86_64:
openssl-0.9.8e-27.el5_10.4.i686.rpm
openssl-0.9.8e-27.el5_10.4.x86_64.rpm
openssl-debuginfo-0.9.8e-27.el5_10.4.i686.rpm
openssl-debuginfo-0.9.8e-27.el5_10.4.x86_64.rpm
openssl-perl-0.9.8e-27.el5_10.4.x86_64.rpm
Red Hat Enterprise Linux Desktop Workstation (v. 5 client):
Source:
openssl-0.9.8e-27.el5_10.4.src.rpm
i386:
openssl-debuginfo-0.9.8e-27.el5_10.4.i386.rpm
openssl-devel-0.9.8e-27.el5_10.4.i386.rpm
x86_64:
openssl-debuginfo-0.9.8e-27.el5_10.4.i386.rpm
openssl-debuginfo-0.9.8e-27.el5_10.4.x86_64.rpm
openssl-devel-0.9.8e-27.el5_10.4.i386.rpm
openssl-devel-0.9.8e-27.el5_10.4.x86_64.rpm
Red Hat Enterprise Linux (v. 5 server):
Source:
openssl-0.9.8e-27.el5_10.4.src.rpm
i386:
openssl-0.9.8e-27.el5_10.4.i386.rpm
openssl-0.9.8e-27.el5_10.4.i686.rpm
openssl-debuginfo-0.9.8e-27.el5_10.4.i386.rpm
openssl-debuginfo-0.9.8e-27.el5_10.4.i686.rpm
openssl-devel-0.9.8e-27.el5_10.4.i386.rpm
openssl-perl-0.9.8e-27.el5_10.4.i386.rpm
ia64:
openssl-0.9.8e-27.el5_10.4.i686.rpm
openssl-0.9.8e-27.el5_10.4.ia64.rpm
openssl-debuginfo-0.9.8e-27.el5_10.4.i686.rpm
openssl-debuginfo-0.9.8e-27.el5_10.4.ia64.rpm
openssl-devel-0.9.8e-27.el5_10.4.ia64.rpm
openssl-perl-0.9.8e-27.el5_10.4.ia64.rpm
ppc:
openssl-0.9.8e-27.el5_10.4.ppc.rpm
openssl-0.9.8e-27.el5_10.4.ppc64.rpm
openssl-debuginfo-0.9.8e-27.el5_10.4.ppc.rpm
openssl-debuginfo-0.9.8e-27.el5_10.4.ppc64.rpm
openssl-devel-0.9.8e-27.el5_10.4.ppc.rpm
openssl-devel-0.9.8e-27.el5_10.4.ppc64.rpm
openssl-perl-0.9.8e-27.el5_10.4.ppc.rpm
s390x:
openssl-0.9.8e-27.el5_10.4.s390.rpm
openssl-0.9.8e-27.el5_10.4.s390x.rpm
openssl-debuginfo-0.9.8e-27.el5_10.4.s390.rpm
openssl-debuginfo-0.9.8e-27.el5_10.4.s390x.rpm
openssl-devel-0.9.8e-27.el5_10.4.s390.rpm
openssl-devel-0.9.8e-27.el5_10.4.s390x.rpm
openssl-perl-0.9.8e-27.el5_10.4.s390x.rpm
x86_64:
openssl-0.9.8e-27.el5_10.4.i686.rpm
openssl-0.9.8e-27.el5_10.4.x86_64.rpm
openssl-debuginfo-0.9.8e-27.el5_10.4.i386.rpm
openssl-debuginfo-0.9.8e-27.el5_10.4.i686.rpm
openssl-debuginfo-0.9.8e-27.el5_10.4.x86_64.rpm
openssl-devel-0.9.8e-27.el5_10.4.i386.rpm
openssl-devel-0.9.8e-27.el5_10.4.x86_64.rpm
openssl-perl-0.9.8e-27.el5_10.4.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2014-0221.html
https://www.redhat.com/security/data/cve/CVE-2014-3505.html
https://www.redhat.com/security/data/cve/CVE-2014-3506.html
https://www.redhat.com/security/data/cve/CVE-2014-3508.html
https://www.redhat.com/security/data/cve/CVE-2014-3510.html
https://access.redhat.com/security/updates/classification/#moderate
https://www.openssl.org/news/secadv_20140605.txt
https://www.openssl.org/news/secadv_20140806.txt
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2014 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFT69sGXlSAg2UNWIIRAuZjAJ9R5VuNKxbsx8+T/WGZrkH1VheAqgCdHHXN
vrHSSMIJuncazkJWPE/LOyQ=
=/f7Y
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
.
HP Systems Insight Manager v7.3 Hotfix kit
HP Systems Insight Manager v7.2 Hotfix kit (The HP Systems Insight Manager
v7.2 Hotfix kit is currently unavailable, but will be released at a later
date.
http://h18013.www1.hp.com/products/servers/management/hpsim/download.html
NOTE: No reboot of the system is required after applying the HP SIM Hotfix
kit.
Corrected: 2014-06-05 12:32:38 UTC (stable/10, 10.0-STABLE)
2014-06-05 12:33:23 UTC (releng/10.0, 10.0-RELEASE-p5)
2014-06-05 12:53:06 UTC (stable/9, 9.3-BETA1)
2014-06-05 12:53:06 UTC (stable/9, 9.3-BETA1-p2)
2014-06-05 12:33:23 UTC (releng/9.2, 9.2-RELEASE-p8)
2014-06-05 12:33:23 UTC (releng/9.1, 9.1-RELEASE-p15)
2014-06-05 12:32:38 UTC (stable/8, 8.4-STABLE)
2014-06-05 12:33:23 UTC (releng/8.4, 8.4-RELEASE-p12)
CVE Name: CVE-2014-0195, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:http://security.FreeBSD.org/>. Background
FreeBSD includes software from the OpenSSL Project.
II. [CVE-2014-3470]
III. [CVE-2014-3470]
IV. Workaround
No workaround is available.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to a supported FreeBSD stable or
release / security branch (releng) dated after the correction date.
2) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
[FreeBSD 10.0]
# fetch http://security.FreeBSD.org/patches/SA-14:14/openssl-10.patch
# fetch http://security.FreeBSD.org/patches/SA-14:14/openssl-10.patch.asc
# gpg --verify openssl-10.patch.asc
[FreeBSD 9.x and 8.x]
# fetch http://security.FreeBSD.org/patches/SA-14:14/openssl-9.patch
# fetch http://security.FreeBSD.org/patches/SA-14:14/openssl-9.patch.asc
# gpg --verify openssl-9.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as
described in <URL:http://www.FreeBSD.org/handbook/makeworld.html>.
Restart all deamons using the library, or reboot the system.
3) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/8/ r267103
releng/8.4/ r267104
stable/9/ r267106
releng/9.1/ r267104
releng/9.2/ r267104
stable/10/ r267103
releng/10.0/ r267104
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:http://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII.
CVE-2014-0221
Imre Rad discovered the processing of DTLS hello packets is
susceptible to denial of service.
Additional information can be found at
http://www.openssl.org/news/secadv_20140605.txt
For the stable distribution (wheezy), these problems have been fixed in
version 1.0.1e-2+deb7u10. You can use the tool checkrestart from the package
debian-goodies to detect affected programs or reboot your system. There's
also a forthcoming security update for the Linux kernel later the day
(CVE-2014-3153), so you need to reboot anyway. Perfect timing, isn't it?
For the unstable distribution (sid), these problems will be fixed soon.
HP System Management Homepage versions 7.3.2 and earlier for Linux and
Windows. HP System Management Homepage v7.2.4.1 is available for
Windows 2003 only.
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before
1.0.1h does not properly restrict processing of ChangeCipherSpec
messages, which allows man-in-the-middle attackers to trigger use of a
zero-length master key in certain OpenSSL-to-OpenSSL communications,
and consequently hijack sessions or obtain sensitive information,
via a crafted TLS handshake, aka the CCS Injection vulnerability
(CVE-2014-0224).
The updated packages have been upgraded to the 1.0.0m version where
these security flaws has been fixed.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470
http://www.openssl.org/news/secadv_20140605.txt
_______________________________________________________________________
Updated Packages:
Mandriva Business Server 1/X86_64:
857d06ddc6423ad124b23eb760459033 mbs1/x86_64/lib64openssl1.0.0-1.0.0m-1.mbs1.x86_64.rpm
d7436f2f95df5c1d64d44a745f125bd8 mbs1/x86_64/lib64openssl-devel-1.0.0m-1.mbs1.x86_64.rpm
67f6cd6da42f01fb2f6054a2f96872af mbs1/x86_64/lib64openssl-engines1.0.0-1.0.0m-1.mbs1.x86_64.rpm
5d7c5712c1ce70a2dd2596e803bc7004 mbs1/x86_64/lib64openssl-static-devel-1.0.0m-1.mbs1.x86_64.rpm
9866e03e1c112b0c4cb5587b142cfa63 mbs1/x86_64/openssl-1.0.0m-1.mbs1.x86_64.rpm
9ac714afa9a9b30419f2f1f5c9ec4e48 mbs1/SRPMS/openssl-1.0.0m-1.mbs1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. These vulnerabilities include:
* The SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy
Encryption" also known as "POODLE", which could be exploited remotely
resulting in disclosure of information.
- HP StoreVirtual VSA Software 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4130 600GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4130 600GB China SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 1TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 450GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 1TB MDL China SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 450GB China SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 900GB China SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 FC 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 FC 900GB China SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 2TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 3TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 450GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 600GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4630 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4730 600GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4730 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4730 FC 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 450GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 900GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 1TB MDL SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 3TB MDL SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 450GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4335 China Hybrid Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4335 Hybrid Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 4TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4130 600GB China SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4130 600GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 1TB MDL China SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 1TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 1TB MDL SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 450GB China SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 450GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 450GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 900GB China SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 900GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 FC 900GB China SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 FC 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4335 China Hybrid SAN Solution 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4335 China Hybrid Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4335 Hybrid SAN Solution 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4335 Hybrid Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 2TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 3TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 3TB MDL SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 450GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 450GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 4TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 600GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 600GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4630 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4730 600GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4730 600GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4730 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4730 900GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4730 FC 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
BACKGROUND
CVSS Base Metrics
=================
Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector
CVE-2010-5298
4.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
4.0 (AV:N/AC:H/Au:N/C:N/I:P/A:P)
CVE-2014-0076
4.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1.9 (AV:L/AC:M/Au:N/C:P/I:N/A:N)
CVE-2014-0195
7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVE-2014-0198
5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CVE-2014-0221
5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CVE-2014-0224
6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVE-2014-3470
5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CVE-2014-3566
3.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVE-2016-0705
9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499
RESOLUTION
HPE recommends applying the following software updates to resolve the
vulnerabilities in the impacted versions of HPE StoreVirtual products running
HPE LeftHand OS.
LeftHand OS v11.5 - Patches 45019-00 and 45020
LeftHand OS v12.0 - Patches 50016-00 and 50017-00
LeftHand OS v12.5 - Patch 55016-00
LeftHand OS v12.6 - Patch 56002-00
**Notes:**
These patches enable TLSv1.2 protocol and upgrades the OpenSSL RPM revision
to OpenSSL v1.0.1e 48.
These patches migrate Certificate Authority Hashing Algorithm from a weak
hashing algorithm SHA1 to the stronger hashing algorithm SHA256
| VAR-201406-0355 | CVE-2014-3911 | Samsung iPOLiS Device Manager Vulnerable to arbitrary code execution |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Samsung iPOLiS Device Manager before 1.8.7 allow remote attackers to execute arbitrary code via unspecified values to the (1) Start, (2) ChangeControlLocalName, (3) DeleteDeviceProfile, (4) FrameAdvanceReader, or other unknown method in the XNSSDKDEVICE.XnsSdkDeviceCtrlForIpInstaller.1 ActiveX control. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the XNSSDKWINDOW.XnsSdkWindowCtrlForIpInstaller.1 ActiveX control. Samsung iPOLiS Device Manager is a webcam device management program. Failed exploit attempts will likely result in denial-of-service conditions