Package: openssl
Version: 1.0.1t-1+deb8u4
Severity: important
Dear OpenSSL maintainers,
the most recent Debian security update for openssl introduces a
segmentation fault while running openssl:
# openssl x509 -noout -dates -subject -issuer -text -in
/etc/ssl/certs/iserv.crt
notBefore=Oct 9 02:17:03 2015 GMT
notAfter=Oct 9 02:17:10 2017 GMT
subject= /C=DE/ST=Niedersachsen/L=Braunschweig/O=IServ
GmbH/CN=dev2.iserv.eu/emailAddress=hostmas...@iserv.eu
issuer= /C=IL/O=StartCom Ltd./OU=Secure Digital Certificate
Signing/CN=StartCom Class 2 Primary Intermediate Server CA
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
08:28:21:16:be:a3:fe
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=IL, O=StartCom Ltd., OU=Secure Digital Certificate
Signing, CN=StartCom Class 2 Primary Intermediate Server CA
Validity
Not Before: Oct 9 02:17:03 2015 GMT
Not After : Oct 9 02:17:10 2017 GMT
Subject: C=DE, ST=Niedersachsen, L=Braunschweig, O=IServ GmbH,
CN=dev2.iserv.eu/emailAddress=hostmas...@iserv.eu
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:af:0c:91:61:91:4d:96:c4:30:87:e7:cc:e6:b4:
dc:5a:b4:73:6f:ef:ec:65:50:54:6c:2f:1c:84:df:
1d:38:b5:d2:f0:ac:83:e4:09:46:23:d5:02:23:ae:
2e:fa:48:3f:f2:82:c7:d6:4b:63:7d:65:98:9b:b0:
4c:ba:0d:96:12:7e:30:55:53:32:b9:99:0b:b9:9c:
8a:b2:79:60:30:4c:50:71:61:da:8c:6b:00:ee:39:
95:36:a1:b2:e3:38:fb:44:9e:ac:6f:ca:3c:d3:87:
ce:f8:20:fd:e4:bb:1a:70:57:4a:6e:05:64:3a:66:
aa:c8:b8:cb:91:49:ae:74:b0:38:3d:5d:15:45:0a:
77:31:f1:d3:bc:dd:f7:bd:8d:84:fc:7f:49:4e:f5:
b3:8f:87:ee:e0:12:18:6d:9f:f6:f1:56:26:23:ab:
78:cf:c9:00:7d:0b:ce:0c:eb:45:d1:e7:95:09:40:
d6:30:34:2b:ad:12:91:88:2b:d3:96:db:e2:ee:be:
72:eb:98:64:d0:17:de:56:21:a0:08:d4:58:7d:f1:
04:aa:06:ae:b0:83:12:0a:60:e1:59:cf:6e:41:66:
67:90:cf:b8:40:de:ef:fd:d3:e2:98:b8:a7:2b:98:
bd:9b:c3:9a:ec:fe:e9:06:82:22:b5:f7:e4:89:4d:
0b:bc:60:15:64:e3:0d:c6:fe:75:d8:ff:26:a5:d9:
d6:73:68:9a:61:4e:18:1c:d4:15:e6:b8:17:f0:18:
97:81:a9:a6:b4:41:17:1e:48:73:74:7b:42:61:f0:
30:56:ea:e2:36:31:55:0f:f3:86:5f:02:60:63:91:
6f:8a:80:91:e6:ce:d6:37:bb:2b:a3:a6:1c:be:4e:
f5:4f:d5:48:e5:b2:c8:76:1a:3e:1f:76:74:0d:80:
20:a4:31:f4:25:87:61:76:97:95:34:3b:70:cb:64:
4c:83:f0:a5:c3:d4:8a:64:08:ce:1b:13:b3:e8:52:
fe:18:2c:e3:dd:7e:7a:7f:e1:e3:d3:2a:59:af:bc:
c1:55:ce:bd:c3:b4:fe:b5:c5:ba:e8:12:7d:02:a7:
6f:4a:10:ba:8e:05:2b:c5:4e:cd:cc:22:0e:2b:ad:
6d:a1:6f:b3:60:75:93:75:56:7f:e6:a5:e4:e9:7b:
c2:c8:c3:95:ad:60:c6:4f:74:58:64:0e:76:7a:3f:
d0:66:16:0d:5b:ec:47:0d:16:27:f2:b9:d7:80:1b:
e0:5e:67:3c:75:5f:8b:4c:85:38:65:70:04:b6:02:
b6:5a:79:cc:bb:99:40:b3:e7:93:7c:15:a0:fd:61:
a4:56:62:ea:c4:01:4f:bb:07:ee:77:fa:ba:eb:88:
f7:20:13
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage:
Digital Signature, Key Encipherment, Key Agreement
X509v3 Extended Key Usage:
TLS Web Client Authentication, TLS Web Server
Authentication
X509v3 Subject Key Identifier:
35:BD:44:3E:E6:27:C5:8D:EE:A5:7C:61:80:FF:8B:4A:87:2D:99:4E
X509v3 Authority Key Identifier:
keyid:11:DB:23:45:FD:54:CC:6A:71:6F:84:8A:03:D7:BE:F7:01:2F:26:86
X509v3 Subject Alternative Name:
DNS:dev2.iserv.eu, DNS:iserv.eu, DNS:iserv.dev2.iserv.eu
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.2
Policy: 1.3.6.1.4.1.23223.1.2.3
CPS: http://www.startssl.com/policy.pdf
User Notice:
Organization: StartCom Certification Authority
Speicherzugriffsfehler (Speicherabzug geschrieben)
For us, this affects certificates issued after around beginning of
October with StartSSL.
I can reproduce this issue on other machines running a different
architecture.
Let me know if you need any more information to reproduce the problem.
One affected certificate is
-BEGIN CERTIFICATE-
MIIHmTCCBoGgAwIBAgIHCCghFr6j/jANBgkqhkiG9w0BAQsFADCBjDELMAkGA1UE
BhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsTIlNlY3VyZSBE
