As per the upstream advisory: A buffer overrun attack can be triggered by sending invalid DTLS fragments to an OpenSSL DTLS client or server. This is potentially exploitable to run arbitrary code on a vulnerable client or server. Only applications using OpenSSL as a DTLS client or server affected. OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m. OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h. Acknowledgements: Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Jüri Aedla as the original reporter of this issue.
Created attachment 901375 [details] Upstream patch
This issue was introduced upstream in version 0.9.8o via the following commit: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c713a4c https://rt.openssl.org/Ticket/Display.html?id=2230&user=guest&pass=guest Affected code does not exist in the openssl packages as shipped with Red Hat Enterprise Linux 5, which are based on upstream version 0.9.8e.
Fixed upstream in OpenSSL 1.0.1h, 1.0.0m and 0.9.8za. External References: https://www.openssl.org/news/secadv_20140605.txt
Upstream commits: OpenSSL-1.0.1: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1632ef744872edc2aa2a53d487d3e79c965a4ad3 OpenSSL-0.9.8: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=82ba68c42d6a9cf245afa489471005b2a0377c10
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2014:0625 https://rhn.redhat.com/errata/RHSA-2014-0625.html
Created openssl tracking bugs for this issue: Affects: fedora-all [bug 1096233]
Created mingw-openssl tracking bugs for this issue: Affects: fedora-all [bug 1096234]
This issue has been addressed in following products: Red Hat Storage 2.1 Via RHSA-2014:0628 https://rhn.redhat.com/errata/RHSA-2014-0628.html
Statement: This issue does not affect the version of openssl as shipped with Red Hat Enterprise Linux 5. This issue does not affect the version of openssl098e as shipped with Red Hat Enterprise Linux 6.
openssl-1.0.1e-38.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
openssl-1.0.1e-38.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in following products: Red Hat Enterprise Linux 7 Via RHSA-2014:0679 https://rhn.redhat.com/errata/RHSA-2014-0679.html
Created mingw32-openssl tracking bugs for this issue: Affects: epel-5 [bug 1127888]