Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 1152961 - (CVE-2014-3567) CVE-2014-3567 openssl: Invalid TLS/SSL session tickets could cause memory leak leading to server crash
CVE-2014-3567 openssl: Invalid TLS/SSL session tickets could cause memory lea...
Status: NEW
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20141015,repor...
: Security
Depends On: 1152854 1152855 1152856 1152857 1154551
Blocks: 1152790 1155552
  Show dependency treegraph
 
Reported: 2014-10-15 05:35 EDT by Huzaifa S. Sidhpurwala
Modified: 2018-07-18 10:32 EDT (History)
59 users (show)

See Also:
Fixed In Version: openssl 0.9.8zc, openssl 1.0.0o, openssl 1.0.1j
Doc Type: Bug Fix
Doc Text:
A memory leak flaw was found in the way an OpenSSL handled failed session ticket integrity checks. A remote attacker could exhaust all available memory of an SSL/TLS or DTLS server by sending a large number of invalid session tickets to that server.
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2014:1652 normal SHIPPED_LIVE Important: openssl security update 2014-10-16 14:59:13 EDT
Red Hat Product Errata RHSA-2014:1692 normal SHIPPED_LIVE Important: openssl security update 2014-10-22 17:15:52 EDT
Red Hat Product Errata RHSA-2015:0126 normal SHIPPED_LIVE Critical: rhev-hypervisor6 security update 2015-02-04 17:52:31 EST

  None (edit)
Description Huzaifa S. Sidhpurwala 2014-10-15 05:35:43 EDT 
OpenSSL upstream reported the following security flaw:

When an OpenSSL SSL/TLS/DTLS server receives a session ticket the integrity of that ticket is first verified. In the event of a session ticket integrity check failing, OpenSSL will fail to free memory causing a memory leak. By sending a large number of invalid session tickets an attacker could exploit this issue in a Denial Of Service attack.

OpenSSL 1.0.1 users should upgrade to 1.0.1j.
OpenSSL 1.0.0 users should upgrade to 1.0.0o.
OpenSSL 0.9.8 users should upgrade to 0.9.8zc.

This issue was reported to OpenSSL on 8th October 2014.

The fix was developed by Stephen Henson of the OpenSSL core team.

External Reference:

https://www.openssl.org/news/secadv_20141015.txt
Comment 3 Huzaifa S. Sidhpurwala 2014-10-15 10:24:25 EDT 
Statement:

This issue does not affect the version of openssl shipped with Red Hat Enterprise Linux 5; Red Hat JBoss Enterprise Application Server 5 and 6; and Red Hat JBoss Enterprise Web Server 1 and 2 because openssl-0.9.8e does not include support for session tickets.
Comment 5 Martin Prpič 2014-10-15 12:30:24 EDT 
IssueDescription:

A memory leak flaw was found in the way an OpenSSL handled failed session ticket integrity checks. A remote attacker could exhaust all available memory of an SSL/TLS or DTLS server by sending a large number of invalid session tickets to that server.
Comment 6 Tomas Hoger 2014-10-15 15:45:21 EDT 
Fixed upstream in OpenSSL versions 0.9.8zc, 1.0.0o and 1.0.1j:

https://www.openssl.org/news/secadv_20141015.txt
Comment 15 errata-xmlrpc 2014-10-16 11:00:09 EDT 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6
  Red Hat Enterprise Linux 7

Via RHSA-2014:1652 https://rhn.redhat.com/errata/RHSA-2014-1652.html
Comment 18 errata-xmlrpc 2014-10-22 13:16:54 EDT 
This issue has been addressed in the following products:

  Red Hat Storage 2.1

Via RHSA-2014:1692 https://rhn.redhat.com/errata/RHSA-2014-1692.html
Comment 19 errata-xmlrpc 2015-02-04 12:53:07 EST 
This issue has been addressed in the following products:

  RHEV-H and Agents for RHEL-6

Via RHSA-2015:0126 https://rhn.redhat.com/errata/RHSA-2015-0126.html
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.