[openssl security] OpenSSL SSL_get_shared_ciphers() off-by-one buffer overflow

Bug #146269 reported by Stephan Rügamer
266
Affects Status Importance Assigned to Milestone
openssl (Ubuntu)
Fix Released
Undecided
Ubuntu Security Team
Dapper
Fix Released
Undecided
Unassigned
Feisty
Fix Released
Undecided
Unassigned
Gutsy
Fix Released
Undecided
Unassigned
openssl097 (Ubuntu)
Invalid
High
Unassigned
Dapper
Won't Fix
Undecided
Unassigned
Feisty
Won't Fix
Undecided
Unassigned
Gutsy
Invalid
Undecided
Unassigned

Bug Description

Binary package hint: openssl

openssl 0.9.8e and 0.9.7k still have a off-by-one buffer overflow...
this is fixed in latest openssl CVS...

Read about it: http://www.securityfocus.com/archive/1/480855/30/0/threaded
And CVS Fix: http://cvs.openssl.org/chngview?cn=16587

Please find attached a debdiff against latest version of openssl in gutsy

Changed in openssl:
assignee: nobody → ubuntu-security
Revision history for this message
Stephan Rügamer (sruegamer) wrote :
Revision history for this message
Stephan Rügamer (sruegamer) wrote :
Revision history for this message
Stephan Rügamer (sruegamer) wrote :
Revision history for this message
Stephan Rügamer (sruegamer) wrote :
Revision history for this message
Kees Cook (kees) wrote :

openssl (0.9.8e-5ubuntu2) gutsy; urgency=low

  [ Jamie Strandboge ]
  * SECURITY UPDATE: off-by-one error in SSL_get_shared_ciphers() results in
    buffer overflow
  * ssl/ssl_lib.c: applied upstream patch from openssl CVS thanks to
    Stephan Hermann
  * References:
    CVE-2007-5135
    http://www.securityfocus.com/archive/1/archive/1/480855/100/0/threaded
    Fixes LP: #146269
  * Modify Maintainer value to match the DebianMaintainerField
    specification.

  [ Kees Cook ]
  * SECURITY UPDATE: side-channel attacks via BN_from_montgomery function.
  * crypto/bn/bn_mont.c: upstream patch from openssl CVS thanks to Debian.
  * References
    CVE-2007-3108

 -- Kees Cook <email address hidden> Fri, 28 Sep 2007 13:02:19 -0700

Changed in openssl:
status: New → Fix Released
Revision history for this message
Kees Cook (kees) wrote :

openssl (0.9.8c-4ubuntu0.1) feisty-security; urgency=low

  [ Jamie Strandboge ]
  * SECURITY UPDATE: off-by-one error in SSL_get_shared_ciphers() results in
    buffer overflow
  * ssl/ssl_lib.c: applied upstream patch from openssl CVS thanks to
    Stephan Hermann
  * References:
    CVE-2007-5135
    http://www.securityfocus.com/archive/1/archive/1/480855/100/0/threaded
    Fixes LP: #146269
  * Modify Maintainer value to match the DebianMaintainerField
    specification.

  [ Kees Cook ]
  * SECURITY UPDATE: side-channel attacks via BN_from_montgomery function.
  * crypto/bn/bn_mont.c: upstream patch from openssl CVS thanks to Debian.
  * References
    CVE-2007-3108

 -- Kees Cook <email address hidden> Fri, 28 Sep 2007 13:02:19 -0700

Revision history for this message
Scott Kitterman (kitterman) wrote :

This issue was not corrected before openssl097 was uploaded to the partner repository.

Changed in openssl097:
importance: Undecided → High
status: New → Confirmed
Revision history for this message
Jamie Strandboge (jdstrand) wrote :
Changed in openssl:
status: New → Fix Released
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Marking Invalid as openssl097 is not in Gutsy (partner or otherwise).

Changed in openssl097:
status: New → Invalid
status: Confirmed → Invalid
status: New → Confirmed
status: New → Confirmed
Revision history for this message
Hew (hew) wrote :

Ubuntu Feisty Fawn is no longer supported, so a SRU will not be issued for this release. Marking Feisty as Won't Fix.

Changed in openssl097:
status: Confirmed → Won't Fix
Changed in openssl:
status: New → Fix Released
Revision history for this message
Steve Beattie (sbeattie) wrote :

This was fixed for dapper's openssl package in openssl 0.9.8a-7ubuntu0.4 (see http://www.ubuntu.com/usn/usn-522-1), closing that task.

Changed in openssl (Ubuntu Dapper):
status: New → Fix Released
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Thank you for reporting this bug to Ubuntu. dapper has reached EOL
(End of Life) and is no longer supported. As a result, this bug
against dapper is being marked "Won't Fix". Please see
https://wiki.ubuntu.com/Releases for currently supported Ubuntu
releases.

Please feel free to report any other bugs you may find.

Changed in openssl097 (Ubuntu Dapper):
status: Confirmed → Won't Fix
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Duplicates of this bug

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.