OpenSSL Patches Moderate Severity Vulnerabilities

The OpenSSL Project released on Thursday versions 1.0.2e, 1.0.1q, 1.0.0t and 0.9.8zh of the cryptographic software library to fix several security flaws and functionality bugs.

A total of three vulnerabilities classified as “moderate” severity have been patched in the latest versions.

One of the flaws is related to the BN_mod_exp function, which researcher Hanno Böck discovered that it could produce incorrect results on x86_64 systems. The issue has been assigned the CVE-2015-3193 identifier.

According to the OpenSSL Project, the vulnerability, which only affects OpenSSL 1.0.2, can be exploited against RSA, DSA (Digital Signature Algorithm), and Diffie–Hellman (DH) algorithms, but such attacks would be very difficult to pull off. Elliptic curve (EC) algorithms are not affected.

“The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites,” reads the security advisory.

Another issue, which affects both the 1.0.2 and 1.0.1 versions of OpenSSL, is related to certificate signature verification (CVE-2015-3194) and can be exploited for denial-of-service (DoS) attacks.

The vulnerability, reported in August by Loïc Jonas Etienne of Qnective AG, can be leveraged to crash certificate verification operations. Applications that perform certificate verification are affected, including OpenSSL servers and clients that enable client authentication.

The third flaw was reported in November by Google’s Adam Langley. The expert discovered that OpenSSL leaks memory when presented with a malformed X509_ATTRIBUTE structure (CVE-2015-3195). All OpenSSL versions are affected.

“This structure is used by the PKCS#7 and CMS routines so any application which reads PKCS#7 or CMS data from untrusted sources is affected. SSL/TLS is not affected,” noted OpenSSL developers.

The OpenSSL Project’s advisory also details a low severity vulnerability that could result in a race condition (CVE-2015-3196). The flaw was previously fixed in OpenSSL 1.0.2d and 1.0.1p, but it had not been disclosed. A fix has now been included in OpenSSL 1.0.0t.

The fixes for these vulnerabilities have been developed by Andy Polyakov and Dr. Stephen Henson, both of the OpenSSL development team.

The OpenSSL Project has once again reminded users that these will likely be the last updates for OpenSSL 1.0.0 and 0.9.8 as these versions will no longer be supported starting with January 1, 2016.

Node.js developers had planned to release security updates on Tuesday. However, since Node.js uses OpenSSL, the release of the updates has been postponed until Thursday so that the OpenSSL updates can be included as well.

“We understand that the timing of this during the work-week is unfortunate but we must take into account the possibility of introducing a vulnerability gap between disclosure of OpenSSL vulnerabilities and patched releases by Node.js and therefore must respond as quickly as practical,” said Node.js developers.