Bug 890767 (CVE-2014-3505) - VUL-0: CVE-2014-3505: openssl: Double Free when processing DTLS packets
Summary: VUL-0: CVE-2014-3505: openssl: Double Free when processing DTLS packets
Status: RESOLVED FIXED
Alias: CVE-2014-3505
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Deadline: 2014-09-11
Assignee: Security Team bot
QA Contact: Security Team bot
URL:
Whiteboard: maint:released:sle11-sp3:58559 maint:...
Keywords:
Depends on:
Blocks:
 
Reported: 2014-08-07 07:22 UTC by Alexander Bergmann
Modified: 2014-12-09 09:39 UTC (History)
3 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
CVE-2014-3505 fix for the 0.9.8 branch. (1.50 KB, patch)
2014-08-07 13:13 UTC, Alexander Bergmann 		Details | Diff
CVE-2014-3505 fix for the 1.0.1 branch. (1.50 KB, patch)
2014-08-07 13:13 UTC, Alexander Bergmann 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2014-08-07 07:22:12 UTC 
This CVE was part of the OpenSSL Security Advisory [6 Aug 2014] (bnc#Bug 890759).

Double Free when processing DTLS packets (CVE-2014-3505)
========================================================

An attacker can force an error condition which causes openssl to crash whilst
processing DTLS packets due to memory being freed twice. This can be exploited
through a Denial of Service attack.

OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8zb
OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0n.
OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1i.

Thanks to Adam Langley and Wan-Teh Chang (Google) for discovering and
researching this issue. This issue was reported to OpenSSL on 6th June
2014.

The fix was developed by Adam Langley.
Comment 1 Alexander Bergmann 2014-08-07 13:13:04 UTC 
Created attachment 601514 [details]
CVE-2014-3505 fix for the 0.9.8 branch.
Comment 2 Alexander Bergmann 2014-08-07 13:13:35 UTC 
Created attachment 601515 [details]
CVE-2014-3505 fix for the 1.0.1 branch.
Comment 3 Swamp Workflow Management 2014-08-07 22:00:44 UTC 
bugbot adjusting priority
Comment 4 SMASH SMASH 2014-08-08 09:01:50 UTC 
Affected packages:

SLE-10-SP3-TERADATA: openssl
SLE-11-SP1: openssl
SLE-11-SP3: openssl, openssl1
Comment 5 Swamp Workflow Management 2014-08-08 14:36:12 UTC 
An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2014-08-22.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/58532
Comment 9 Vítězslav Čížek 2014-08-14 10:40:54 UTC 
All packages have been submitted.
Reassigning back to security-team.
Comment 11 Swamp Workflow Management 2014-08-18 22:04:48 UTC 
SUSE-SU-2014:1033-1: An update that fixes 9 vulnerabilities is now available.

Category: security (moderate)
Bug References: 889812,890764,890767,890768,890769,890770
CVE References: CVE-2014-3505,CVE-2014-3506,CVE-2014-3507,CVE-2014-3508,CVE-2014-3509,CVE-2014-3510,CVE-2014-3511,CVE-2014-3512,CVE-2014-5139
Sources used:
SUSE Linux Enterprise Security Module 11 SP3 (src):    openssl1-1.0.1g-0.20.1
Comment 12 Swamp Workflow Management 2014-08-20 23:04:41 UTC 
SUSE-SU-2014:1049-1: An update that fixes 5 vulnerabilities is now available.

Category: security (moderate)
Bug References: 890764,890767,890768,890769,890770
CVE References: CVE-2014-3505,CVE-2014-3506,CVE-2014-3507,CVE-2014-3508,CVE-2014-3510
Sources used:
SUSE Linux Enterprise Software Development Kit 11 SP3 (src):    openssl-0.9.8j-0.62.1
SUSE Linux Enterprise Server 11 SP3 for VMware (src):    openssl-0.9.8j-0.62.1
SUSE Linux Enterprise Server 11 SP3 (src):    openssl-0.9.8j-0.62.1
SUSE Linux Enterprise Desktop 11 SP3 (src):    openssl-0.9.8j-0.62.1
Comment 13 Swamp Workflow Management 2014-08-21 14:05:22 UTC 
openSUSE-SU-2014:1052-1: An update that fixes 9 vulnerabilities is now available.

Category: security (moderate)
Bug References: 890764,890765,890766,890767,890768,890769,890770,890771,890772
CVE References: CVE-2014-3505,CVE-2014-3506,CVE-2014-3507,CVE-2014-3508,CVE-2014-3509,CVE-2014-3510,CVE-2014-3511,CVE-2014-3512,CVE-2014-5139
Sources used:
openSUSE 13.1 (src):    openssl-1.0.1i-11.52.1
openSUSE 12.3 (src):    openssl-1.0.1i-1.64.1
Comment 14 Swamp Workflow Management 2014-08-28 12:19:14 UTC 
An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2014-09-11.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/58762
Comment 16 Marcus Meissner 2014-09-09 16:01:45 UTC 
released ltss updates
Comment 17 Swamp Workflow Management 2014-09-09 23:06:17 UTC 
SUSE-SU-2014:1104-1: An update that fixes 5 vulnerabilities is now available.

Category: security (moderate)
Bug References: 890764,890767,890768,890769,890770
CVE References: CVE-2014-3505,CVE-2014-3506,CVE-2014-3507,CVE-2014-3508,CVE-2014-3510
Sources used:
SUSE Linux Enterprise Server 11 SP2 LTSS (src):    openssl-0.9.8j-0.62.3
SUSE Linux Enterprise Server 11 SP1 LTSS (src):    openssl-0.9.8j-0.62.3
SUSE Linux Enterprise Server 10 SP4 LTSS (src):    openssl-0.9.8a-18.84.5
SUSE Linux Enterprise Server 10 SP3 LTSS (src):    openssl-0.9.8a-18.45.79.3
Comment 18 Swamp Workflow Management 2014-09-23 23:05:41 UTC 
SUSE-SU-2014:1208-1: An update that solves 9 vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 859228,859924,860332,862181,870192,890764,890767,890768,890769,890770
CVE References: CVE-2014-0076,CVE-2014-0221,CVE-2014-0224,CVE-2014-3470,CVE-2014-3505,CVE-2014-3506,CVE-2014-3507,CVE-2014-3508,CVE-2014-3510
Sources used:
SUSE Studio Onsite 1.3 (src):    openssl-0.9.8j-0.62.3
SUSE Manager 1.7 for SLE 11 SP2 (src):    openssl-0.9.8j-0.62.3