Advisories » MGASA-2017-0042

Updated openssl packages fix security vulnerability

Publication date: 05 Feb 2017
Modification date: 05 Feb 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-7055 , CVE-2017-3731 , CVE-2017-3732

Description

There is a carry propagation bug in the Broadwell-specific Montgomery
multiplication procedure that handles input lengths divisible by, but
longer than 256 bits. mong EC algorithms only Brainpool P-512 curves are
affected and one presumably can attack ECDH key negotiation
(CVE-2016-7055).

If an SSL/TLS server or client is running on a 32-bit host, and a specific
cipher is being used, then a truncated packet can cause that server or
client to perform an out-of-bounds read, usually resulting in a crash. The
crash can be triggered when using RC4-MD5, if it has not been disabled
(CVE-2017-3731).

There is a carry propagating bug in the x86_64 Montgomery squaring
procedure. An attacker would need online access to an unpatched system
using the target private key in a scenario with persistent DH parameters
and a private key that is shared between multiple clients (CVE-2017-3732).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=20188
• https://www.openssl.org/news/secadv/20170126.txt
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7055
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3731
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3732

SRPMS

5/core

• openssl-1.0.2k-1.mga5