| <?xml version="1.0" encoding="UTF-8"?> |
| <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> |
| <glsa id="201404-07"> |
| <title>OpenSSL: Information Disclosure</title> |
| <synopsis>Multiple Information Disclosure vulnerabilities in OpenSSL allow |
| remote attackers to obtain sensitive information via various vectors. |
| </synopsis> |
| <product type="ebuild">openssl</product> |
| <announced>April 08, 2014</announced> |
| <revised>June 06, 2015: 4</revised> |
| <bug>505278</bug> |
| <bug>507074</bug> |
| <access>remote</access> |
| <affected> |
| <package name="dev-libs/openssl" auto="yes" arch="*"> |
| <unaffected range="ge">1.0.1g</unaffected> |
| <unaffected range="rge">0.9.8y</unaffected> |
| <unaffected range="rge">0.9.8z_p1</unaffected> |
| <unaffected range="rge">0.9.8z_p2</unaffected> |
| <unaffected range="rge">0.9.8z_p3</unaffected> |
| <unaffected range="rge">0.9.8z_p4</unaffected> |
| <unaffected range="rge">0.9.8z_p5</unaffected> |
| <unaffected range="rge">0.9.8z_p6</unaffected> |
| <unaffected range="rge">0.9.8z_p7</unaffected> |
| <unaffected range="rge">0.9.8z_p8</unaffected> |
| <unaffected range="rge">0.9.8z_p9</unaffected> |
| <unaffected range="rge">0.9.8z_p10</unaffected> |
| <unaffected range="rge">0.9.8z_p11</unaffected> |
| <unaffected range="rge">0.9.8z_p12</unaffected> |
| <unaffected range="rge">0.9.8z_p13</unaffected> |
| <unaffected range="rge">0.9.8z_p14</unaffected> |
| <unaffected range="rge">0.9.8z_p15</unaffected> |
| <vulnerable range="lt">1.0.1g</vulnerable> |
| </package> |
| </affected> |
| <background> |
| <p>OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer |
| (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general |
| purpose cryptography library. |
| </p> |
| </background> |
| <description> |
| <p>Multiple vulnerabilities have been found in OpenSSL:</p> |
| |
| <ul> |
| <li>OpenSSL incorrectly handles memory in the TLS heartbeat extension, |
| leading to information disclosure of 64kb per request, possibly |
| including private keys (“Heartbleed bug”, OpenSSL 1.0.1 only, |
| CVE-2014-0160). |
| </li> |
| <li>The Montgomery ladder implementation of OpenSSL improperly handles |
| swap operations (CVE-2014-0076). |
| </li> |
| </ul> |
| </description> |
| <impact type="normal"> |
| <p>A remote attacker could exploit these issues to disclose information, |
| including private keys or other sensitive information, or perform |
| side-channel attacks to obtain ECDSA nonces. |
| </p> |
| </impact> |
| <workaround> |
| <p>Disabling the tls-heartbeat USE flag (enabled by default) provides a |
| workaround for the CVE-2014-0160 issue. |
| </p> |
| </workaround> |
| <resolution> |
| <p>All OpenSSL users should upgrade to the latest version:</p> |
| |
| <code> |
| # emerge --sync |
| # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.1g" |
| </code> |
| |
| <p>Note: All services using OpenSSL to provide TLS connections have to be |
| restarted for the update to take effect. Utilities like |
| app-admin/lib_users can aid in identifying programs using OpenSSL. |
| </p> |
| |
| <p>As private keys may have been compromised using the Heartbleed attack, |
| it is recommended to regenerate them. |
| </p> |
| </resolution> |
| <references> |
| <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0076">CVE-2014-0076</uri> |
| <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0160">CVE-2014-0160</uri> |
| <uri link="http://heartbleed.com/">Heartbleed bug website</uri> |
| </references> |
| <metadata tag="requester" timestamp="Tue, 08 Apr 2014 09:37:45 +0000">a3li</metadata> |
| <metadata tag="submitter" timestamp="Sat, 06 Jun 2015 23:11:05 +0000">a3li</metadata> |
| </glsa> |