The branch master has been updated via 7432cc2319a591467575763dcbd5a1c968bf595e (commit) from 0ad7d3cbd190744b43db3517d8470b3bc5a09b20 (commit)
- Log ----------------------------------------------------------------- commit 7432cc2319a591467575763dcbd5a1c968bf595e Author: Matt Caswell <m...@openssl.org> Date: Tue Apr 21 12:08:12 2020 +0100 Updates for 1.1.1g release Reviewed-by: Richard Levitte <levi...@openssl.org> ----------------------------------------------------------------------- Summary of changes: news/newsflash.txt | 1 + news/secadv/20200421.txt | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ news/vulnerabilities.xml | 25 ++++++++++++++++++++++++- 3 files changed, 73 insertions(+), 1 deletion(-) create mode 100644 news/secadv/20200421.txt diff --git a/news/newsflash.txt b/news/newsflash.txt index 6e96930..23da77d 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -4,6 +4,7 @@ # Format is two fields, colon-separated; the first line is the column # headings. URL paths must all be absolute. Date: Item +21-Apr-2020: OpenSSL 1.1.1g is now available, including a security fix 31-Mar-2020: OpenSSL 1.1.1f is now available, including bug fixes 17-Mar-2020: OpenSSL 1.1.1e is now available, including bug and security fixes 17-Feb-2020: New Blog post: <a href="https://www.openssl.org/blog/blog/2020/02/17/QUIC-and-OpenSSL/">QUIC and OpenSSL</a> diff --git a/news/secadv/20200421.txt b/news/secadv/20200421.txt new file mode 100644 index 0000000..fe46b3f --- /dev/null +++ b/news/secadv/20200421.txt @@ -0,0 +1,48 @@ +OpenSSL Security Advisory [21 April 2020] +========================================= + +Segmentation fault in SSL_check_chain (CVE-2020-1967) +===================================================== + +Severity: High + +Server or client applications that call the SSL_check_chain() function during or +after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a +result of incorrect handling of the "signature_algorithms_cert" TLS extension. +The crash occurs if an invalid or unrecognised signature algorithm is received +from the peer. This could be exploited by a malicious peer in a Denial of +Service attack. + +OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This +issue did not affect OpenSSL versions prior to 1.1.1d. + +Affected OpenSSL 1.1.1 users should upgrade to 1.1.1g + +This issue was found by Bernd Edlinger and reported to OpenSSL on 7th April +2020. It was found using the new static analysis pass being implemented in GCC, +-fanalyzer. Additional analysis was performed by Matt Caswell and Benjamin +Kaduk. + +Note +===== + +This issue did not affect OpenSSL 1.0.2 however these versions are out of +support and no longer receiving public updates. Extended support is available +for premium support customers: https://www.openssl.org/support/contracts.html + +This issue did not affect OpenSSL 1.1.0 however these versions are out of +support and no longer receiving updates. + +Users of these versions should upgrade to OpenSSL 1.1.1. + +References +========== + +URL for this Security Advisory: +https://www.openssl.org/news/secadv/20200421.txt + +Note: the online version of the advisory may be updated with additional details +over time. + +For details of OpenSSL severity classifications please see: +https://www.openssl.org/policies/secpolicy.html diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml index 08897ed..697c3c9 100644 --- a/news/vulnerabilities.xml +++ b/news/vulnerabilities.xml @@ -7,7 +7,30 @@ <!-- The updated attribute should be the same as the first public issue, unless an old entry was updated. --> -<security updated="20191206"> +<security updated="20200421"> + <issue public="20200421"> + <impact severity="High"/> + <cve name="2020-1967"/> + <affects base="1.1.1" version="1.1.1d"/> + <affects base="1.1.1" version="1.1.1e"/> + <affects base="1.1.1" version="1.1.1f"/> + <fixed base="1.1.1" version="1.1.1g" date="20200421"> + <git hash="eb563247aef3e83dda7679c43f9649270462e5b1"/> + </fixed> + <problemtype>NULL pointer dereference</problemtype> + <title>Segmentation fault in SSL_check_chain</title> + <description> + Server or client applications that call the SSL_check_chain() function during or + after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a + result of incorrect handling of the "signature_algorithms_cert" TLS extension. + The crash occurs if an invalid or unrecognised signature algorithm is received + from the peer. This could be exploited by a malicious peer in a Denial of + Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This + issue did not affect OpenSSL versions prior to 1.1.1d. + </description> + <advisory url="/news/secadv/20200421.txt"/> + <reported source="Bernd Edlinger"/> + </issue> <issue public="20191206"> <impact severity="Low"/> <cve name="2019-1551"/>