- fix CVE-2008-0891 - server name extension crash (#448492)
- fix CVE-2008-1672 - server key exchange message omit crash (#448495)
This commit is contained in:
parent
6e489d9c90
commit
2c01b19843
17
openssl-0.9.8g-cve-2008-0891.patch
Normal file
17
openssl-0.9.8g-cve-2008-0891.patch
Normal file
@ -0,0 +1,17 @@
|
|||||||
|
*) Fix double free in TLS server name extensions which could lead to a remote
|
||||||
|
crash found by Codenomicon TLS test suite (CVE-2008-0891) [Joe Orton]
|
||||||
|
Index: ssl/t1_lib.c
|
||||||
|
===================================================================
|
||||||
|
RCS file: /e/openssl/cvs/openssl/ssl/t1_lib.c,v
|
||||||
|
retrieving revision 1.13.2.8
|
||||||
|
diff -u -r1.13.2.8 ssl/t1_lib.c
|
||||||
|
--- ssl/t1_lib.c 18 Oct 2007 11:39:11 -0000
|
||||||
|
+++ ssl/t1_lib.c 18 Mar 2008 12:06:58 -0000
|
||||||
|
@@ -381,6 +381,7 @@
|
||||||
|
s->session->tlsext_hostname[len]='\0';
|
||||||
|
if (strlen(s->session->tlsext_hostname) != len) {
|
||||||
|
OPENSSL_free(s->session->tlsext_hostname);
|
||||||
|
+ s->session->tlsext_hostname = NULL;
|
||||||
|
*al = TLS1_AD_UNRECOGNIZED_NAME;
|
||||||
|
return 0;
|
||||||
|
}
|
24
openssl-0.9.8g-cve-2008-1671.patch
Normal file
24
openssl-0.9.8g-cve-2008-1671.patch
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
*) Fix flaw if 'Server Key exchange message' is omitted from a TLS
|
||||||
|
Handshake which could lead to a cilent crash as found using the
|
||||||
|
Codenomicon TLS test suite (CVE-2008-1672) [Steve Henson, Mark Cox]
|
||||||
|
Index: ssl/s3_clnt.c
|
||||||
|
===================================================================
|
||||||
|
RCS file: /e/openssl/cvs/openssl/ssl/s3_clnt.c,v
|
||||||
|
retrieving revision 1.88.2.12
|
||||||
|
diff -u -r1.88.2.12 ssl/s3_clnt.c
|
||||||
|
--- ssl/s3_clnt.c 3 Nov 2007 13:07:39 -0000
|
||||||
|
+++ ssl/s3_clnt.c 22 May 2008 09:19:30 -0000
|
||||||
|
@@ -2061,6 +2061,13 @@
|
||||||
|
{
|
||||||
|
DH *dh_srvr,*dh_clnt;
|
||||||
|
|
||||||
|
+ if (s->session->sess_cert == NULL)
|
||||||
|
+ {
|
||||||
|
+ ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);
|
||||||
|
+ SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE);
|
||||||
|
+ goto err;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
if (s->session->sess_cert->peer_dh_tmp != NULL)
|
||||||
|
dh_srvr=s->session->sess_cert->peer_dh_tmp;
|
||||||
|
else
|
10
openssl.spec
10
openssl.spec
@ -22,7 +22,7 @@
|
|||||||
Summary: The OpenSSL toolkit
|
Summary: The OpenSSL toolkit
|
||||||
Name: openssl
|
Name: openssl
|
||||||
Version: 0.9.8g
|
Version: 0.9.8g
|
||||||
Release: 8%{?dist}
|
Release: 9%{?dist}
|
||||||
# We remove certain patented algorithms from the openssl source tarball
|
# We remove certain patented algorithms from the openssl source tarball
|
||||||
# with the hobble-openssl script which is included below.
|
# with the hobble-openssl script which is included below.
|
||||||
Source: openssl-%{version}-usa.tar.bz2
|
Source: openssl-%{version}-usa.tar.bz2
|
||||||
@ -59,6 +59,8 @@ Patch39: openssl-0.9.8g-ipv6-apps.patch
|
|||||||
# Backported fixes including security fixes
|
# Backported fixes including security fixes
|
||||||
Patch50: openssl-0.9.8g-speed-bug.patch
|
Patch50: openssl-0.9.8g-speed-bug.patch
|
||||||
Patch51: openssl-0.9.8g-bn-mul-bug.patch
|
Patch51: openssl-0.9.8g-bn-mul-bug.patch
|
||||||
|
Patch52: openssl-0.9.8g-cve-2008-0891.patch
|
||||||
|
Patch53: openssl-0.9.8g-cve-2008-1671.patch
|
||||||
|
|
||||||
License: OpenSSL
|
License: OpenSSL
|
||||||
Group: System Environment/Libraries
|
Group: System Environment/Libraries
|
||||||
@ -124,6 +126,8 @@ from other formats to the formats used by the OpenSSL toolkit.
|
|||||||
%patch39 -p1 -b .ipv6-apps
|
%patch39 -p1 -b .ipv6-apps
|
||||||
%patch50 -p1 -b .speed-bug
|
%patch50 -p1 -b .speed-bug
|
||||||
%patch51 -p1 -b .bn-mul-bug
|
%patch51 -p1 -b .bn-mul-bug
|
||||||
|
%patch52 -p0 -b .srvname-crash
|
||||||
|
%patch53 -p0 -b .srv-kex-crash
|
||||||
|
|
||||||
# Modify the various perl scripts to reference perl in the right location.
|
# Modify the various perl scripts to reference perl in the right location.
|
||||||
perl util/perlpath.pl `dirname %{__perl}`
|
perl util/perlpath.pl `dirname %{__perl}`
|
||||||
@ -378,6 +382,10 @@ rm -rf $RPM_BUILD_ROOT/%{_bindir}/openssl_fips_fingerprint
|
|||||||
%postun -p /sbin/ldconfig
|
%postun -p /sbin/ldconfig
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed May 28 2008 Tomas Mraz <tmraz@redhat.com> 0.9.8g-9
|
||||||
|
- fix CVE-2008-0891 - server name extension crash (#448492)
|
||||||
|
- fix CVE-2008-1672 - server key exchange message omit crash (#448495)
|
||||||
|
|
||||||
* Tue May 27 2008 Tomas Mraz <tmraz@redhat.com> 0.9.8g-8
|
* Tue May 27 2008 Tomas Mraz <tmraz@redhat.com> 0.9.8g-8
|
||||||
- super-H arch support
|
- super-H arch support
|
||||||
- drop workaround for bug 199604 as it should be fixed in gcc-4.3
|
- drop workaround for bug 199604 as it should be fixed in gcc-4.3
|
||||||
|
Loading…
Reference in New Issue
Block a user