Openssl 1.0.1j & 0.9.8zc updates available for Apache 2.4.10 & 2.2.29

Started by Gregg, October 17, 2014, 01:48:00 AM

Previous topic - Next topic


OpenSSL 1.0.1j and 0.9.8zc updates are available for download now. These are primarily security updates and it is suggested that you update your server as soon as possible.

Update packages can be found on our download page.

OpenSSL 0.9.8zc Changes

  *) Same as below for OpenSSL 1.0.1j

  *) NOTE: OpenSSL 0.9.8 branch will be End Of Life at the end of the year (2014).
      This may be the last release of the 0.9.8 branch.

OpenSSL 1.0.1j Changes

  *) SRTP Memory Leak. (CVE-2014-3513)

     A flaw in the DTLS SRTP extension parsing code allows an attacker, who
     sends a carefully crafted handshake message, to cause OpenSSL to fail
     to free up to 64k of memory causing a memory leak. This could be
     exploited in a Denial Of Service attack. This issue affects OpenSSL
     1.0.1 server implementations for both SSL/TLS and DTLS regardless of
     whether SRTP is used or configured. Implementations of OpenSSL that
     have been compiled with OPENSSL_NO_SRTP defined are not affected.

     The fix was developed by the OpenSSL team.

  *) Session Ticket Memory Leak. (CVE-2014-3567)

     When an OpenSSL SSL/TLS/DTLS server receives a session ticket the
     integrity of that ticket is first verified. In the event of a session
     ticket integrity check failing, OpenSSL will fail to free memory
     causing a memory leak. By sending a large number of invalid session
     tickets an attacker could exploit this issue in a Denial Of Service
     attack. [Steve Henson]

  *) Build option no-ssl3 is incomplete. (CVE-2014-3568)

     When OpenSSL is configured with "no-ssl3" as a build option, servers
     could accept and complete a SSL 3.0 handshake, and clients could be
     configured to send them. [Akamai and the OpenSSL team]

  *) Add support for TLS_FALLBACK_SCSV. (CVE-2014-3566)
     Client applications doing fallback retries should call
     [Adam Langley, Bodo Moeller]
  *) Add additional DigestInfo checks.

     Reencode DigestInto in DER and check against the original when
     verifying RSA signature: this will reject any improperly encoded
     DigestInfo structures.

     Note: this is a precautionary measure and no attacks are currently known.
     [Steve Henson]