890766 – (CVE-2014-3509) VUL-0: CVE-2014-3509: openssl: Race condition in ssl_parse_serverhello_tlsext

Bug 890766 (CVE-2014-3509) - VUL-0: CVE-2014-3509: openssl: Race condition in ssl_parse_serverhello_tlsext

Summary: VUL-0: CVE-2014-3509: openssl: Race condition in ssl_parse_serverhello_tlsext

Status:	RESOLVED FIXED

Alias:	CVE-2014-3509

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Deadline:	2014-09-11
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:
Whiteboard:	.
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2014-08-07 07:22 UTC by Alexander Bergmann
Modified:	2014-09-24 07:37 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
CVE-2014-3509 fix for the 1.0.1 branch. (1.68 KB, patch) 2014-08-07 13:20 UTC, Alexander Bergmann	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alexander Bergmann 2014-08-07 07:22:07 UTC

This CVE was part of the OpenSSL Security Advisory [6 Aug 2014] (bnc#Bug 890759).

Race condition in ssl_parse_serverhello_tlsext (CVE-2014-3509)
==============================================================

If a multithreaded client connects to a malicious server using a resumed
session
and the server sends an ec point format extension it could write up to 255
bytes
to freed memory.

OpenSSL 1.0.0 SSL/TLS client users should upgrade to 1.0.0n.
OpenSSL 1.0.1 SSL/TLS client users should upgrade to 1.0.1i.

Thanks to Gabor Tyukasz (LogMeIn Inc) for discovering and researching this
issue. This issue was reported to OpenSSL on 8th July 2014.

The fix was developed by Gabor Tyukasz.

Comment 1 Alexander Bergmann 2014-08-07 13:20:13 UTC

Created attachment 601523 [details]
CVE-2014-3509 fix for the 1.0.1 branch.

Comment 2 Swamp Workflow Management 2014-08-07 22:00:38 UTC

bugbot adjusting priority

Comment 3 SMASH SMASH 2014-08-08 09:02:03 UTC

Affected packages:

SLE-10-SP3-TERADATA: openssl
SLE-11-SP1: openssl
SLE-11-SP3: openssl, openssl1

Comment 4 Swamp Workflow Management 2014-08-08 14:37:41 UTC

An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2014-08-22.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/58532

Comment 6 Vítězslav Čížek 2014-08-14 10:41:51 UTC

All packages have been submitted.
Reassigning back to security-team.

Comment 7 Swamp Workflow Management 2014-08-21 14:05:07 UTC

openSUSE-SU-2014:1052-1: An update that fixes 9 vulnerabilities is now available.

Category: security (moderate)
Bug References: 890764,890765,890766,890767,890768,890769,890770,890771,890772
CVE References: CVE-2014-3505,CVE-2014-3506,CVE-2014-3507,CVE-2014-3508,CVE-2014-3509,CVE-2014-3510,CVE-2014-3511,CVE-2014-3512,CVE-2014-5139
Sources used:
openSUSE 13.1 (src):    openssl-1.0.1i-11.52.1
openSUSE 12.3 (src):    openssl-1.0.1i-1.64.1

Comment 8 Swamp Workflow Management 2014-08-28 12:20:32 UTC

An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2014-09-11.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/58762

Comment 9 Marcus Meissner 2014-09-11 07:35:54 UTC

released