'Severe Bug' To Be Patched In OpenSSL 69
An anonymous reader writes: The Register reports that upcoming OpenSSL versions 1.0.2d and 1.0.1p are claimed to fix a single security defect classified as "high" severity. It is not yet known what this mysterious vulnerability is — that would give the game away to attackers hoping to exploit the hole before the patch is released to the public. Some OpenSSL's examples of "high severity" vulnerabilities are a server denial-of-service, a significant leak of server memory, and remote code execution. If you are a system administrator, get ready to patch your systems this week. The defect does not affect the 1.0.0 or 0.9.8 versions of the library.
thanks Hacked Team! (Score:5, Funny)
Security! (Score:5, Funny)
Always keep your software up-to-date for security reasons!
Unless of course the up-to-date versions are less secure than the old versions...
Re: (Score:1)
The major differences between the 1.0.0, 1.0.1 and 1.0.2 branches is the addition of features (as can be seen here: https://en.wikipedia.org/wiki/... [wikipedia.org]). This means that the vulnerability is likely to be in one of those new features, rather than in the older code. It also illustrates the old adage that every feature is just an unexploited code path.
Re: (Score:2)
This is not the first time that has happened either. Making me think the same thing.
Good to hear your satire inoculation is working.
Re: (Score:2)
The 1.0.0 and 0.9.8 version of openssl do not have support for TLS 1.1 or 1.2.
If you want to stick to using SSLV3 and TLS 1.0, good luck to you. Have you heard of the POODLE attack [wikipedia.org]?
Re: (Score:2)
Always keep your software up-to-date for security reasons!
I hear the NSA have taken over development of OpenSSL. Oh look.... a new patch...
boring boring boring booooooooooring (Score:2, Insightful)
So tired of these pre-announcements. What's next, pre-pre-announcements? Just publish already, doofuses.
Re:boring boring boring booooooooooring (Score:5, Funny)
Re: (Score:1)
Re: (Score:2)
Sorry, the pre-announcement does have a point - if the security hole is major, then you want admins to be ready to patch their systems pretty much immediately.
If you just released the "fixed" version together with a description of the vulnerability - it might give extra time to potential attackers to figure out how to exploit the problem before an admin becomes aware that there even IS a new version.
In this case, the certificate verification might not have sounded like a big thing to you - but think where c
Use the diffs (Score:2)
I guess you could use the diffs to find the hole.
Re: (Score:3, Interesting)
Well lets assume it's the PSK allowing the buffer overflow
We can see the fix here [github.com], so lets look at the code they are replacing.. specifically:
- s->ctx->psk_identity_hint = BUF_strdup(tmp_id_hint);
- if (s->ctx->psk_identity_hint == NULL) {
+ s->session->psk_identity_hint = BUF_strndup((char *)p, i);
+ if (s->session->psk_identity_hint == NULL) {
Looks like they went from strdup() to strndup(). Lets look when strdup() was introduced
git grep "BUF_strdup(" $(git rev-list --all) | g
Re: (Score:2)
PAE and x86-64 and probably other CPUs now have page table flags for protecting against buffer overrun by non-executable, readonly memory sections and such. An overrun will cause a segfault rather than an actual overrun. This significantly improve things. So what is the status of this in major Linux distros?
Re: (Score:2)
You are right. Data could also be leaked, which would be awful. Guard pages are another feature often used, when a buffer overflow occurs it would often hit the guard page which being unallocated space will segfault, but its not perfect. Its a lot easier to protect code than it is to protect data.
Re: Sick of this shit (Score:1)
Rust? The language that hit 1.0 only about two months ago, so very long after it was first promised? The language with only one quasi-usable implementation? The language whose one quasi-usable implementation is riddled with bugs (its GitHub isse tracker is full of them)? The language that hasn't been used for anything significant, other than its own bug-riddled quasi-usable implementation? The language that is more hype than substance? The language that the Ruby on Rails fanboys jumped ship to after Rails a
Monoculture... (Score:5, Interesting)
Do what Amazon did... (Score:4, Interesting)
Offer up a version of the the package that is small enough to be audited in detail so that there are very very very few bugs with it.
I think they said they had it down to 6k? So do that. Obviously that strips out a lot of features people like. So decide what is more important to you.
security or covering your car with stickers and truck nuts.
good security has to be simple. you get complicated and you get something that can't be fully understood well enough to debug.
Re: (Score:1)
Amazon's s2n repo is cool, but it's only a lightweight TLS library. It does not have the crypto routines included and instead relies upon other libraries for that. It can use OpenSSL, LibreSSL, or some others... it would be nice if they just stripped OpenSSL down to a few crypto and hash sets as a light crypto package too.
Re: (Score:2)
Offer up a version of the the package that is small enough to be audited in detail so that there are very very very few bugs with it.
I think they said they had it down to 6k?
Amazon's package depends on OpenSSL. What they've essentially done is to build an OpenSSL version that's 6k bigger than the existing monster.
Re: (Score:2)
Only aspects of it and they can use other liberaries if they want.
The point remains that the code base can be simplified.
A big issue I see with a lot of these projects is that they get too complicated. Rather than adding new features they should simply compartmentalize the code so that portions of it can do these things but they exist at seperately audited components... and should only be used if actually needed.
I've no interest in getting involved in a tit for tat with you. We know there are problems maint
Re: (Score:2)
A "Sophie's Choice," if ever there was one.
No more! (Score:5, Interesting)
Every software developer, please stop using OpenSSL. It was crap then, it is crap now and it will be crap tomorrow. And LibreSSL is not the solution. You can't turn crap into something nice. You want a decent SSL library, try mbed TLS [mbed.org]. Unlike OpenSSL, this library has good documentation (example programs included), has a logical and sane API (no ugly callback shit) and its code is clean and secure.
I switched from OpenSSL to mbed TLS (named PolarSSL back then) in my open source project [hiawatha-webserver.org] some time ago. I should have done it more early! The migration was easy and only cost me a few days. So, stop punishing yourself and give mbed TLS a try. You won't regret it!!
Disclaimer:
No, I'm in no way connected to mbed TLS. Just a happy mbed TLS user who doesn't understand why people keep on torturing themselves and their users.
Re:No more! (Score:4, Informative)
Re: (Score:2)
It can be GPLv3 too, so that's OK.
Re: (Score:2)
GPLv2 (not LGPL) will be a big showstopper for some projects.
So those open source projects that ensure that code is contributed back to the community, will enjoy this code contribution and be secure. GPL cuts both ways, sure, and I'm actually glad that the secure option requires code to be contributed back.
Re: (Score:2, Insightful)
How about this: mbed TLS is under either a pay-for commercial license or the GPL, none of which are suitable to everyone's need, as opposed to Open/LibreSSL BSD or BSD-like licenses.
Granted they have a disclaimer at the end about "FOSS License Exception" that makes it *seem* like you can at least use it with most FOSS. But for proprietary software, nothing beats BSD, Apache and the likes.
This being said, thanks, I'll take a look at it next time I need a TLS library for an open source project.
Re: (Score:2)
Before complaining about mbed TLS's GPLv2 license, you should probably be aware that OpenSSL uses its own application-specific license, which is not OSI approved. The license contains an advertising clause similar to the original BSD license; that makes OpenSSL both GPL-incompatible [gnome.org] and a general PITA to work with.
In fact, I'd wager that almost every time OpenSSL is redistributed, it's done in violation of the license. When was the last time you saw a product advertising that "This product includes softwa
Re: (Score:2)
You can't turn crap into something nice.
Yes you can.
OpenSSL has good implementations of the core algorithms surrounded by a mountain of crap. LibreSSL strips that out leaving a goo, solid system.
Re: (Score:1)
LibreSSL strips that out leaving a goo, solid system.
Incredible how human brain and subconscious will speak the truth even if the human attached to the brain is not aware of it.
Re: (Score:1)
Mmm... free goo.
Re: (Score:3)
FIPS certification (Score:2)
The comment title says it all. Many developers don't torture themselves. Other people do the torturing by specifying OpenSSL effectively as a requirement. mbed TLS is not FIPS compliant based on a quick google search.
Re: FIPS certification (Score:2)
Re: (Score:2)
Regulations and certification rarely make sense.
Re: (Score:2)
Every software developer, please stop using OpenSSL
It was crap then, it is crap now and it will be crap tomorrow. And LibreSSL is not the solution. You can't turn crap into something nice.
You need to provide a coherent reason if you want people to do what you ask. "Cuz it's crap" does not convey objectively useful information.
You want a decent SSL library, try mbed TLS.
Lost me at GPL. Lack of SRP and DTLS also deal breakers.
No, I'm in no way connected to mbed TLS. Just a happy mbed TLS user who doesn't understand why people keep on torturing themselves and their users.
I'm happy it works for you.
Re: (Score:2)
with a solid foundation of systemd under it, openssl can be robust, secure and unstoppable!
Hu? (Score:1)
We, Gods of OpenSSL (Score:2)
We, Gods of OpenSSL are announcing that there will be a patch in 2 days. We will not tell you what it is as you could patch it yourself or use any of the forks that we dislike like LibreSSL. Surely we will not reveal what it is as bad people could use it (trust us, we tell you they cannot already). The only thing we will say is that it was introduced after 1.0.0,so we are sure you won't find out and that The Big Vendors who pay us will be able to deliver a patch when they are ready. And bad guys won't be ab
Wanna know the vulnerability? (Score:1)
Re: Wanna know the vulnerability? (Score:2)
better cancel your weekend plans (Score:1)
Mysterious?!! (much ado about nothing) (Score:2)
When processing an ECParameters structure OpenSSL enters an infinite loop if the curve specified is over a specially malformed binary polynomial field. This can be used to perform denial of service against any system which processes public keys, certificate requests or certificates. This includes TLS clients and TLS servers with client authentication enabled. [mitre.org]
original advisory [openssl.org] Hidden in plain sight. (sigh)
Isn't The Register a news satire site? [if not it needs reclassifying]