-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 NetBSD Security Advisory 2012-001 ================================= Topic: OpenSSL buffer overflow in DER read function Version: NetBSD-current: source prior to Apr 20th, 2012 NetBSD 6.0 Beta: affected NetBSD 5.0.*: affected NetBSD 5.0: affected NetBSD 5.1: affected NetBSD 4.0.*: affected NetBSD 4.0: affected Severity: remote DoS, information disclosure Fixed: NetBSD-current: Apr 19th, 2012 NetBSD 6.0 Beta: Apr 23rd, 2012 NetBSD-5-0 branch: Apr 21st, 2012 NetBSD-5-1 branch: Apr 21st, 2012 NetBSD-5 branch: Apr 21st, 2012 NetBSD-4-0 branch: May 11th, 2012 NetBSD-4 branch: May 11th, 2012 Please note that NetBSD releases prior to 4.0 are no longer supported. It is recommended that all users upgrade to a supported release. Abstract ======== Incorrect integer conversions in OpenSSL DER buffer handling can result in memory corruption. This vulnerability has been assigned CVE-2012-2110. Technical Details ================= The openssl commit message to fix this issue is: check for potentially exploitable overflows in asn1_d2i_read_bio BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer in CRYPTO_realloc_clean. (CVE-2012-2110) Further information can be found at: http://www.openssl.org/news/secadv_20120419.txt http://lists.grok.org.uk/pipermail/full-disclosure/2012-April/086585.html Solutions and Workarounds ========================= Patch, recompile, and reinstall the library. File src/crypto/external/bsd/openssl/dist/crypto/mem.c CVS branch Rev. HEAD 1.2 netbsd-6 1.1.1.2.4.1 File src/crypto/external/bsd/openssl/dist/crypto/asn1/a_d2i_fp.c CVS branch Rev. HEAD 1.2 netbsd-6 1.1.1.1.8.1 File src/crypto/external/bsd/openssl/dist/crypto/buffer/buffer.c CVS branch Rev. HEAD 1.2 netbsd-6 1.1.1.2.4.1 File src/crypto/dist/openssl/crypto/mem.c CVS branch Rev. netbsd-5 1.1.1.8.4.1 netbsd-5-0 1.1.1.8.8.1 netbsd-5-1 1.1.1.8.12.1 netbsd-4 1.1.1.7.4.1 netbsd-4-0 1.1.1.7.14.1 File src/crypto/dist/openssl/crypto/asn1/a_d2i_fp.c CVS branch Rev. netbsd-5 1.1.1.3.26.1 netbsd-5-0 1.1.1.3.30.1 netbsd-5-1 1.1.1.3.34.1 netbsd-4 1.1.1.3.4.1 netbsd-4-0 1.1.1.3.14.1 File src/crypto/dist/openssl/crypto/buffer/buffer.c netbsd-5 1.1.1.5.4.1 netbsd-5-0 1.1.1.5.8.1 netbsd-5-1 1.1.1.5.12.1 netbsd-4 1.1.1.4.4.1 netbsd-4-0 1.1.1.4.14.1 Thanks To ========= Thanks to Tavis Ormandy, Google Security Team, for discovering this issue and to Adam Langley for fixing it. Revision History ================ 2012-06-06 Initial release More Information ================ Advisories may be updated as new information becomes available. The most recent version of this advisory (PGP signed) can be found at http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2012-001.txt.asc Information about NetBSD and NetBSD security can be found at http://www.NetBSD.org/ and http://www.NetBSD.org/Security/ . Copyright 2012, The NetBSD Foundation, Inc. All Rights Reserved. Redistribution permitted only in full, unmodified form. $NetBSD: NetBSD-SA2012-001.txt,v 1.2 2012/06/06 19:46:15 tonnerre Exp $ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBAgAGBQJPz7PrAAoJEAZJc6xMSnBuN4IP/3fAvQ4g3frJ1575eLaDcgKJ SIUWAbHtRhGMKFxFoX0lc5+zpcSzH76Em+Uuu48dhU7ohTCcJphod1oBtFj/PV0s I3Z8wuz6Rp6rnbp3hNVA7OLWnvq0M1Qs3qTUpL++8Ft//vc+xXsOy52SUMJ6fHwD R8FpdI2RTrNiY9oDKPZV1nd17SXWI/V8vLxztI10E41mRF4RiYNuGAPPUQs5fJwC jlMPKyfFpIST3k0kthKDWSYZGOrtN5eOMvdEkENZGdcwoRWdhZYMy3hMzdc8iIWB FbC6l69JHtYxABz/9JjdhVkYkgPz6zBp4xx3mZ7FQCA/1XX0GI1kqMN1muaDNQIW i9vhdEnMRGMega6RrSGgfH80EaBF/F/mzD5A/7A9kNpQGw/34Bt2KG/1JAywvj/i EIPi1DucV0uaOhSLhN4RXc+uC0DwzjhuOTa8rxLmEwFUKnd93bQCUw+8U5o2CNgE F9nK0l6dh9RvNAleg4p8aveJk6Cm2hJJKfNjsPCSc9vM3Rs2wwtJQ9bIIn6v9ndQ oDSHsZU+msrft0IA1P46MXRhiF8ez8JP5vhaQ/AM0CrjfvkcwOCE4yTc/22soiD8 RAB9CENHy3cfMmkReu2IXWnsovAKD3D61RXOrrnGAMZVgukLmX5fOPVQKGZNknBK 7UPOHuHe5Jo2UetAVTc3 =Yz6U -----END PGP SIGNATURE-----