Bug 1093837 (CVE-2014-0198)
| Summary: | CVE-2014-0198 openssl: SSL_MODE_RELEASE_BUFFERS NULL pointer dereference in do_ssl3_write() | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Kurt Seifried <kseifried> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | aavati, abaron, acathrow, aneelica, anil.saldhana, aortega, apevec, ayoung, bazulay, carnil, cdewolf, cfergeau, chrisw, cpelland, dallan, darran.lofthouse, dblechte, dgregor, erik-fedora, fdeutsch, fnasser, gkotton, huwang, idith, iheim, jawilson, jboggs, jclere, jdoyle, jgreguske, jkurik, jrusnack, ktietz, lfarkas, lgao, lhh, markmc, myarboro, nlevinki, pgier, pmatouse, pslavice, rbryant, rfortier, rhos-maint, rhs-bugs, rh-spice-bugs, rjones, rsvoboda, sclewis, ssaha, tmraz, vbellur, vtunka, weli, yeylon |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | openssl 1.0.1h, openssl 1.0.0m | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2014-06-11 05:27:28 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1096233, 1096234, 1103604, 1103605, 1103632, 1103633, 1103741, 1104349, 1104350, 1127889 | ||
| Bug Blocks: | 1093849, 1103601 | ||
|
Description
Kurt Seifried
2014-05-02 19:09:45 UTC
This issue can happen when SSL_MODE_RELEASE_BUFFERS mode is enabled. Support for SSL_MODE_RELEASE_BUFFERS was only introduced upstream in OpenSSL version 1.0.0, so this does not affect openssl packages in Red Hat Enterprise Linux 5 and earlier. https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8671b89 In Red Hat Enterprise Linux 6, the only package that enabled SSL_MODE_RELEASE_BUFFERS is tog-pegasus. There are other packages in several layered product run on top of Red Hat Enterprise Linux 6 - ruby193-ruby, nodejs, nodejs010-nodejs, haproxy15side. These are included in one or more of the following products: Red Hat Software Collections, Red Hat OpenShift Enterprise, and Red Hat Enterprise Linux - OpenStack Platform. Statement: This issue did not affect the openssl packages shipped with Red Hat Enterprise Linux 5. Created openssl tracking bugs for this issue: Affects: fedora-all [bug 1096233] Created mingw-openssl tracking bugs for this issue: Affects: fedora-all [bug 1096234] OpenSSL upstream commit, as applied to 1.0.1 branch: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b107586 The fix is not needed for master/1.0.2 branch, which already contains different fix for the issue, that upstream does not plan to backport to 1.0.1 and 1.0.0, see upstream bug for details. https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3ef477c Fixed upstream in OpenSSL 1.0.1h and 1.0.0m. External References: https://www.openssl.org/news/secadv_20140605.txt This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2014:0625 https://rhn.redhat.com/errata/RHSA-2014-0625.html This issue has been addressed in following products: Red Hat Storage 2.1 Via RHSA-2014:0628 https://rhn.redhat.com/errata/RHSA-2014-0628.html openssl-1.0.1e-38.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report. openssl-1.0.1e-38.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report. This issue has been addressed in following products: Red Hat Enterprise Linux 7 Via RHSA-2014:0679 https://rhn.redhat.com/errata/RHSA-2014-0679.html |