PolarSSL security advisory 2011-01 [1] indicates that it is possible for an attacker to perform a man-in-the-middle attack during the Diffie Hellman key exchange, forcing the calculation of a fully predictable Diffie Hellman secret. The upstream advisory has a patch, and this is also corrected in version 0.14.2. [1] http://polarssl.org/trac/wiki/SecurityAdvisory201101
Created polarssl tracking bugs for this issue Affects: fedora-all [bug 705188]
I am quite sure this is the bug in 0.14.0 that was fixed in 0.14.1 (which included a change that was slightly different from the one in the advisory and was named dhm_verifypub). Vincent, do you think anything else remains to be done? I will update to 0.14.2 ASAP but as an ordinary update.
The upstream advisory is a bit confusing. It does indeed say 0.14.0 and earlier is vulnerable, has the patch applicable to 0.14.0, but says to upgrade to 0.14.2. It doesn't mention 0.14.1 at all. I'm not sure what that means. If the patch in question was applied to 0.14.1 (unstable release perhaps?) and that is what we currently provide, then I'm ok with it being a normal update. Was the only difference that they changed the function name from 0.14.1 to 0.14.2? Thanks.
This was assigned CVE-2011-1923.
http://polarssl.org/news says about 0.14.2: The original releases that included the security fix (0.14.1 and 0.99-pre2) have been revoked due to possible copyright issues.
Ahhh, thanks for that confirmation. I'll close these bugs then as they've been dealt with and are current in Fedora now (the fixed 0.14.1). Thanks!