{"id":"MGASA-2015-0022","summary":"Updated openssl packages fix security vulnerabilities","details":"A carefully crafted DTLS message can cause a segmentation fault in\nOpenSSL due to a NULL pointer dereference. This could lead to a Denial\nOf Service attack (CVE-2014-3571).\n\nA memory leak can occur in the dtls1_buffer_record function under\ncertain conditions. In particular this could occur if an attacker\nsent repeated DTLS records with the same sequence number but for the\nnext epoch. The memory leak could be exploited by an attacker in a\nDenial of Service attack through memory exhaustion (CVE-2015-0206).\n\nWhen openssl is built with the no-ssl3 option and a SSL v3 ClientHello\nis received the ssl method would be set to NULL which could later\nresult in a NULL pointer dereference (CVE-2014-3569).\n\nAn OpenSSL client will accept a handshake using an ephemeral ECDH\nciphersuite using an ECDSA certificate if the server key exchange\nmessage is omitted. This effectively removes forward secrecy from\nthe ciphersuite (CVE-2014-3572).\n\nAn OpenSSL client will accept the use of an RSA temporary key in\na non-export RSA key exchange ciphersuite. A server could present\na weak temporary key and downgrade the security of the session\n(CVE-2015-0204).\n\nAn OpenSSL server will accept a DH certificate for client\nauthentication without the certificate verify message. This effectively\nallows a client to authenticate without the use of a private key. This\nonly affects servers which trust a client certificate authority which\nissues certificates containing DH keys: these are extremely rare and\nhardly ever encountered (CVE-2015-0205).\n\nOpenSSL accepts several non-DER-variations of certificate signature\nalgorithm and signature encodings. OpenSSL also does not enforce a\nmatch between the signature algorithm between the signed and unsigned\nportions of the certificate. By modifying the contents of the signature\nalgorithm or the encoding of the signature, it is possible to change\nthe certificate's fingerprint. This does not allow an attacker to\nforge certificates, and does not affect certificate verification or\nOpenSSL servers/clients in any other way. It also does not affect\ncommon revocation mechanisms. Only custom applications that rely\non the uniqueness of the fingerprint (e.g. certificate blacklists)\nmay be affected (CVE-2014-8275).\n\nBignum squaring (BN_sqr) may produce incorrect results on some\nplatforms, including x86_64. This bug occurs at random with a very\nlow probability, and is not known to be exploitable in any way,\nthough its exact impact is difficult to determine (CVE-2014-3570).\n\nThe updated packages have been upgraded to the 1.0.1k version where\nthese security flaws have been fixed.\n","modified":"2026-04-16T06:22:59.006977121Z","published":"2015-01-11T19:54:28Z","upstream":["CVE-2014-3569","CVE-2014-3570","CVE-2014-3571","CVE-2014-3572","CVE-2014-3575","CVE-2014-8275","CVE-2015-0204","CVE-2015-0205","CVE-2015-0206"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2015-0022.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=14987"},{"type":"WEB","url":"https://www.openssl.org/news/secadv_20150108.txt"},{"type":"ADVISORY","url":"http://www.mandriva.com/en/support/security/advisories/mbs1/MDVSA-2015%3A019/"}],"affected":[{"package":{"name":"openssl","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/openssl?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.1k-1.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2015-0022.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}