Project

General

Profile

Bug #17787

OpenSSL Fix Use After Free for large message sizes (CVE-2016-6309)

Added by Dave F about 4 years ago. Updated about 4 years ago.

Status:
Resolved
Priority:
Expected
Assignee:
Sean Fagan
Category:
OS
Target version:
Seen in:
Severity:
New
Reason for Closing:
Reason for Blocked:
Needs QA:
Yes
Needs Doc:
Yes
Needs Merging:
Yes
Needs Automation:
No
Support Suite Ticket:
n/a
Hardware Configuration:
ChangeLog Required:
No

Description

It appears FreeNAS 9.10.1 may be affected by this CVE. Suggest that OpenSSL is updated ASAP.
Build: FreeNAS-9.10.1 (d989edd)

[root@tardis] ~# openssl version
OpenSSL 1.0.1t-freebsd  3 May 2016

https://www.openssl.org/news/secadv/20160503.txt

Associated revisions

Revision dae4b7be (diff)
Added by Xin Li about 4 years ago

Fix multiple OpenSSL vulnerabilitites. Approved by: so Security: FreeBSD-SA-16:26.openssl (cherry picked from commit eaf14f8188deb08bcb1fa48ab854b3a3ab8bf939) Ticket: #17787

Revision dae4b7be (diff)
Added by Xin Li about 4 years ago

Fix multiple OpenSSL vulnerabilitites. Approved by: so Security: FreeBSD-SA-16:26.openssl (cherry picked from commit eaf14f8188deb08bcb1fa48ab854b3a3ab8bf939) Ticket: #17787

Revision 169b4e8b (diff)
Added by Xin Li about 4 years ago

Apply upstream revision 3612ff6fcec0e3d1f2a598135fe12177c0419582: Fix overflow check in BN_bn2dec() Fix an off by one error in the overflow check added by 07bed46 ("Check for errors in BN_bn2dec()"). This fixes a regression introduced in SA-16:26.openssl. Submitted by: jkim PR: 212921 Approved by: so (cherry picked from commit 732e3790c641745d1af66fb12949ce9727cc2923) Ticket: #17787

Revision 169b4e8b (diff)
Added by Xin Li about 4 years ago

Apply upstream revision 3612ff6fcec0e3d1f2a598135fe12177c0419582: Fix overflow check in BN_bn2dec() Fix an off by one error in the overflow check added by 07bed46 ("Check for errors in BN_bn2dec()"). This fixes a regression introduced in SA-16:26.openssl. Submitted by: jkim PR: 212921 Approved by: so (cherry picked from commit 732e3790c641745d1af66fb12949ce9727cc2923) Ticket: #17787

Revision 94d7c07e (diff)
Added by Xin Li about 4 years ago

Fix multiple OpenSSL vulnerabilitites. Approved by: so Security: FreeBSD-SA-16:26.openssl (cherry picked from commit eaf14f8188deb08bcb1fa48ab854b3a3ab8bf939) Ticket: #17787 (cherry picked from commit dae4b7be3e6887d93a88383daf300badecaf6b00)

Revision 94d7c07e (diff)
Added by Xin Li about 4 years ago

Fix multiple OpenSSL vulnerabilitites. Approved by: so Security: FreeBSD-SA-16:26.openssl (cherry picked from commit eaf14f8188deb08bcb1fa48ab854b3a3ab8bf939) Ticket: #17787 (cherry picked from commit dae4b7be3e6887d93a88383daf300badecaf6b00)

Revision 0ea90761 (diff)
Added by Xin Li about 4 years ago

Apply upstream revision 3612ff6fcec0e3d1f2a598135fe12177c0419582: Fix overflow check in BN_bn2dec() Fix an off by one error in the overflow check added by 07bed46 ("Check for errors in BN_bn2dec()"). This fixes a regression introduced in SA-16:26.openssl. Submitted by: jkim PR: 212921 Approved by: so (cherry picked from commit 732e3790c641745d1af66fb12949ce9727cc2923) Ticket: #17787 (cherry picked from commit 169b4e8b12df747c5ae6431eec246173f687c9a6)

Revision 0ea90761 (diff)
Added by Xin Li about 4 years ago

Apply upstream revision 3612ff6fcec0e3d1f2a598135fe12177c0419582: Fix overflow check in BN_bn2dec() Fix an off by one error in the overflow check added by 07bed46 ("Check for errors in BN_bn2dec()"). This fixes a regression introduced in SA-16:26.openssl. Submitted by: jkim PR: 212921 Approved by: so (cherry picked from commit 732e3790c641745d1af66fb12949ce9727cc2923) Ticket: #17787 (cherry picked from commit 169b4e8b12df747c5ae6431eec246173f687c9a6)

History

#1 Updated by Heather Ownby about 4 years ago

  • Assignee set to Kris Moore

#2 Updated by Dave F about 4 years ago

  • Subject changed from OpenSSL Memory corruption in the ASN.1 encoder (CVE-2016-2108) to OpenSSL Fix Use After Free for large message sizes (CVE-2016-6309)

Whoops! Wrong CVE, here's the correct one: https://www.openssl.org/news/secadv/20160926.txt

#3 Updated by Josh Paetzel about 4 years ago

  • Status changed from Unscreened to Fix In Progress
  • Assignee changed from Kris Moore to Josh Paetzel
  • Priority changed from No priority to Important
  • Target version set to 9.10.1-U2

#4 Updated by Josh Paetzel about 4 years ago

  • Status changed from Fix In Progress to Needs Developer Review

os FIX-17787

#5 Updated by Josh Paetzel about 4 years ago

  • Priority changed from Important to Expected

#6 Updated by Vaibhav Chauhan about 4 years ago

  • Assignee changed from Josh Paetzel to Sean Fagan

can you please review the changes ?

#7 Updated by Vaibhav Chauhan about 4 years ago

  • Status changed from Needs Developer Review to Reviewed

Reviewed by sasha.

#8 Updated by Vaibhav Chauhan about 4 years ago

  • Status changed from Reviewed to Ready For Release

#9 Updated by Vaibhav Chauhan about 4 years ago

  • Status changed from Ready For Release to Resolved

Also available in: Atom PDF