890765 – (CVE-2014-5139) VUL-0: CVE-2014-5139: openssl: Crash with SRP ciphersuite in Server Hello message

Bug 890765 (CVE-2014-5139) - VUL-0: CVE-2014-5139: openssl: Crash with SRP ciphersuite in Server Hello message

Summary: VUL-0: CVE-2014-5139: openssl: Crash with SRP ciphersuite in Server Hello mes...

Status:	RESOLVED FIXED
Duplicates (1):	CVE-2014-2970 (view as bug list)

Alias:	CVE-2014-5139

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Deadline:	2014-09-11
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:
Whiteboard:	.
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2014-08-07 07:22 UTC by Alexander Bergmann
Modified:	2014-09-24 07:37 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
CVE-2014-5139 fix for the 1.0.1 branch. (1.70 KB, patch) 2014-08-07 13:37 UTC, Alexander Bergmann	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alexander Bergmann 2014-08-07 07:22:03 UTC

This CVE was part of the OpenSSL Security Advisory [6 Aug 2014] (bnc#Bug 890759).

Crash with SRP ciphersuite in Server Hello message (CVE-2014-5139)
==================================================================

The issue affects OpenSSL clients and allows a malicious server to crash
the client with a null pointer dereference (read) by specifying an SRP
ciphersuite even though it was not properly negotiated with the client. This
can
be exploited through a Denial of Service attack.

OpenSSL 1.0.1 SSL/TLS client users should upgrade to 1.0.1i.

Thanks to Joonas Kuorilehto and Riku Hietamäki (Codenomicon) for discovering
and
researching this issue. This issue was reported to OpenSSL on 2nd July 2014.

The fix was developed by Stephen Henson of the OpenSSL core team.

Comment 1 Alexander Bergmann 2014-08-07 13:37:52 UTC

Created attachment 601532 [details]
CVE-2014-5139 fix for the 1.0.1 branch.

Comment 2 Swamp Workflow Management 2014-08-07 22:00:31 UTC

bugbot adjusting priority

Comment 3 SMASH SMASH 2014-08-08 09:00:23 UTC

Affected packages:

SLE-10-SP3-TERADATA: openssl
SLE-11-SP1: openssl
SLE-11-SP3: openssl, openssl1

Comment 4 Swamp Workflow Management 2014-08-08 14:36:45 UTC

An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2014-08-22.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/58532

Comment 6 Marcus Meissner 2014-08-13 14:04:26 UTC

*** Bug 886831 has been marked as a duplicate of this bug. ***

Comment 7 Vítězslav Čížek 2014-08-14 10:42:52 UTC

All packages have been submitted.
Reassigning back to security-team.

Comment 8 Swamp Workflow Management 2014-08-21 14:04:54 UTC

openSUSE-SU-2014:1052-1: An update that fixes 9 vulnerabilities is now available.

Category: security (moderate)
Bug References: 890764,890765,890766,890767,890768,890769,890770,890771,890772
CVE References: CVE-2014-3505,CVE-2014-3506,CVE-2014-3507,CVE-2014-3508,CVE-2014-3509,CVE-2014-3510,CVE-2014-3511,CVE-2014-3512,CVE-2014-5139
Sources used:
openSUSE 13.1 (src):    openssl-1.0.1i-11.52.1
openSUSE 12.3 (src):    openssl-1.0.1i-1.64.1

Comment 9 Swamp Workflow Management 2014-08-28 12:19:33 UTC

An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2014-09-11.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/58762

Comment 10 Marcus Meissner 2014-09-11 07:35:43 UTC

released