Bug#775776: polarssl: CVE-2015-1182: Remote attack using crafted certificates -- patch for unstable and jessie
Hi Roland, Attached would be the debdiff for the unstable upload (Note: I have *not* uploaded it to archive, nor yet to a delayed queue). Do you plan to do the upload yourself? (In case needed I can do the NMU too). Regards, Salvatore diff -Nru polarssl-1.3.9/debian/changelog polarssl-1.3.9/debian/changelog --- polarssl-1.3.9/debian/changelog 2014-11-07 10:31:12.0 +0100 +++ polarssl-1.3.9/debian/changelog 2015-01-21 22:19:13.0 +0100 @@ -1,3 +1,12 @@ +polarssl (1.3.9-2.1) unstable; urgency=high + + * Non-maintainer upload. + * Add CVE-2015-1182.patch patch. +CVE-2015-1182: Denial of service and possible remote code execution +using crafted certificates. (Closes: #775776) + + -- Salvatore Bonaccorso car...@debian.org Wed, 21 Jan 2015 22:09:05 +0100 + polarssl (1.3.9-2) unstable; urgency=medium * Disabled POLARSSL_SSL_PROTO_SSL3 at compile time to prevent potential diff -Nru polarssl-1.3.9/debian/patches/CVE-2015-1182.patch polarssl-1.3.9/debian/patches/CVE-2015-1182.patch --- polarssl-1.3.9/debian/patches/CVE-2015-1182.patch 1970-01-01 01:00:00.0 +0100 +++ polarssl-1.3.9/debian/patches/CVE-2015-1182.patch 2015-01-21 22:19:13.0 +0100 @@ -0,0 +1,33 @@ +Description: Remote attack using crafted certificates + During the parsing of a ASN.1 sequence, a pointer in the linked list of + asn1_sequence is not initialized by asn1_get_sequence_of(). In case an + error occurs during parsing of the list, a situation is created where + the uninitialized pointer is passed to polarssl_free(). + . + This sequence can be triggered when a PolarSSL entity is parsing a + certificate. So practically this means clients when receiving a + certificate from the server or servers in case they are actively asking + for a client certificate. + . + Depending on the attackers knowledge of the system under attack, this + results at the lowest into a denial of service, and at the most a + possible remote code execution. + . + CVE-2015-1182 +Origin: upstream, https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-04 +Bug-Debian: https://bugs.debian.org/775776 +Forwarded: not-needed +Author: Salvatore Bonaccorso car...@debian.org +Last-Update: 2015-01-21 + +--- a/library/asn1parse.c b/library/asn1parse.c +@@ -278,6 +278,8 @@ int asn1_get_sequence_of( unsigned char + if( cur-next == NULL ) + return( POLARSSL_ERR_ASN1_MALLOC_FAILED ); + ++memset( cur-next, 0, sizeof( asn1_sequence ) ); ++ + cur = cur-next; + } + } diff -Nru polarssl-1.3.9/debian/patches/series polarssl-1.3.9/debian/patches/series --- polarssl-1.3.9/debian/patches/series2014-08-31 14:20:13.0 +0200 +++ polarssl-1.3.9/debian/patches/series2015-01-21 22:19:13.0 +0100 @@ -1,2 +1,3 @@ 01-config.patch 02-makefile-destdir-fix.patch +CVE-2015-1182.patch signature.asc Description: Digital signature
Bug#775776: polarssl: CVE-2015-1182: Remote attack using crafted certificates
Hi Roland, I have used the attached debdiff for preparing the wheezy-security update (not yet released though). Regards, Salvatore diff -Nru polarssl-1.2.9/debian/changelog polarssl-1.2.9/debian/changelog --- polarssl-1.2.9/debian/changelog 2014-12-30 00:56:22.0 +0100 +++ polarssl-1.2.9/debian/changelog 2015-01-21 21:14:02.0 +0100 @@ -1,3 +1,12 @@ +polarssl (1.2.9-1~deb7u5) wheezy-security; urgency=high + + * Non-maintainer upload by the Security Team. + * Add CVE-2015-1182.patch patch. +CVE-2015-1182: Denial of service and possible remote code execution +using crafted certificates. (Closes: #775776) + + -- Salvatore Bonaccorso car...@debian.org Wed, 21 Jan 2015 20:58:06 +0100 + polarssl (1.2.9-1~deb7u4) wheezy-security; urgency=low * CVE-2014-8628 diff -Nru polarssl-1.2.9/debian/patches/CVE-2015-1182.patch polarssl-1.2.9/debian/patches/CVE-2015-1182.patch --- polarssl-1.2.9/debian/patches/CVE-2015-1182.patch 1970-01-01 01:00:00.0 +0100 +++ polarssl-1.2.9/debian/patches/CVE-2015-1182.patch 2015-01-21 21:14:02.0 +0100 @@ -0,0 +1,33 @@ +Description: Remote attack using crafted certificates + During the parsing of a ASN.1 sequence, a pointer in the linked list of + asn1_sequence is not initialized by asn1_get_sequence_of(). In case an + error occurs during parsing of the list, a situation is created where + the uninitialized pointer is passed to polarssl_free(). + . + This sequence can be triggered when a PolarSSL entity is parsing a + certificate. So practically this means clients when receiving a + certificate from the server or servers in case they are actively asking + for a client certificate. + . + Depending on the attackers knowledge of the system under attack, this + results at the lowest into a denial of service, and at the most a + possible remote code execution. + . + CVE-2015-1182 +Origin: upstream, https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-04 +Bug-Debian: https://bugs.debian.org/775776 +Forwarded: not-needed +Author: Salvatore Bonaccorso car...@debian.org +Last-Update: 2015-01-21 + +--- a/library/asn1parse.c b/library/asn1parse.c +@@ -244,6 +244,8 @@ int asn1_get_sequence_of( unsigned char + if( cur-next == NULL ) + return( POLARSSL_ERR_ASN1_MALLOC_FAILED ); + ++memset( cur-next, 0, sizeof( asn1_sequence ) ); ++ + cur = cur-next; + } + } diff -Nru polarssl-1.2.9/debian/patches/series polarssl-1.2.9/debian/patches/series --- polarssl-1.2.9/debian/patches/series2014-12-30 00:55:45.0 +0100 +++ polarssl-1.2.9/debian/patches/series2015-01-21 21:14:02.0 +0100 @@ -4,3 +4,4 @@ 04-update-certs-in-testsuite.patch CVE-2014-4911.patch CVE-2014-8628.patch +CVE-2015-1182.patch signature.asc Description: Digital signature
Bug#775776: polarssl: CVE-2015-1182: Remote attack using crafted certificates
Source: polarssl Version: 1.3.9-2 Severity: grave Tags: security upstream patch fixed-upstream Hi, the following vulnerability was published for polarssl. CVE-2015-1182[0]: Remote attack using crafted certificates If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2015-1182 [1] https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-04 Please adjust the affected versions in the BTS as needed. Regards, Salvatore -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org