openssl: Multiple vulnerabilities (CVE-2018-0737, CVE-2018-0739)
CVE-2018-0737: Cache timing vulnerability in RSA Key Generation
The OpenSSL RSA Key generation algorithm has been shown to be vulnerable
to a
cache timing side channel attack. An attacker with sufficient access to
mount
cache timing attacks during the RSA key generation process could recover
the
private key.
Due to the low severity of this issue we are not issuing a new release
of
OpenSSL 1.1.0 or 1.0.2 at this time. The fix will be included in OpenSSL
1.1.0i
and OpenSSL 1.0.2p when they become available. The fix is also available
in
commit 6939eab03 (for 1.1.0) and commit 349a41da1 (for 1.0.2) in the
OpenSSL git
repository.
References:
https://www.openssl.org/news/secadv/20180416.txt
https://nvd.nist.gov/vuln/detail/CVE-2018-0737
CVE-2018-0739: Constructed ASN.1 types with a recursive definition could exceed the stack
Constructed ASN.1 types with a recursive definition (such as can be
found in
PKCS7) could eventually exceed the stack given malicious input with
excessive recursion. This could result in a Denial Of Service attack.
There are
no such structures used within SSL/TLS that come from untrusted sources
so this
is considered safe.
OpenSSL 1.1.0 users should upgrade to 1.1.0h
OpenSSL 1.0.2 users should upgrade to 1.0.2o
References:
https://www.openssl.org/news/secadv/20180327.txt
(from redmine: issue id 8812, created on 2018-04-19, closed on 2018-07-19)
- Relations:
- copied_to #8813 (closed)
- copied_to #8814 (closed)
- copied_to #8815 (closed)
- copied_to #8816 (closed)
- copied_to #8817 (closed)
- child #8813 (closed)
- child #8814 (closed)
- child #8815 (closed)
- child #8816 (closed)
- child #8817 (closed)
- Changesets:
- Revision cd2b7113 by Timo Teräs on 2018-07-18T07:17:11Z:
main/openssl1.0: cherry-pick fix for CVE-2018-0737
ref #8812