| Description: | Summary:
The remote host is missing an update for the 'openssl' package(s) announced via the MGASA-2023-0130 advisory.
Vulnerability Insight:
A read buffer overrun can be triggered in X.509 certificate verification,
specifically in name constraint checking. Note that this occurs after
certificate chain signature verification and requires either a CA to have
signed the malicious certificate or for the application to continue
certificate verification despite failure to construct a path to a trusted
issuer. The read buffer overrun might result in a crash which could lead
to a denial of service attack. In theory it could also result in the
disclosure of private memory contents (such as private keys, or sensitive
plaintext) although we are not aware of any working exploit leading to
memory contents disclosure as of the time of release of this advisory. In
a TLS client, this can be triggered by connecting to a malicious server.
In a TLS server, this can be triggered if the server requests client
authentication and a malicious client connects. (CVE-2022-4203)
A timing based side channel exists in the OpenSSL RSA Decryption
implementation which could be sufficient to recover a plaintext across a
network in a Bleichenbacher style attack. To achieve a successful
decryption an attacker would have to be able to send a very large number
of trial messages for decryption. The vulnerability affects all RSA
padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS
connection, RSA is commonly used by a client to send an encrypted
pre-master secret to the server. An attacker that had observed a genuine
connection between a client and a server could use this flaw to send trial
messages to the server and record the time taken to process them. After a
sufficiently large number of messages the attacker could recover the
pre-master secret used for the original connection and thus be able to
decrypt the application data sent over that connection. (CVE-2022-4304)
The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and
decodes the 'name' (e.g. 'CERTIFICATE'), any header data and the payload
data. If the function succeeds then the 'name_out', 'header' and 'data'
arguments are populated with pointers to buffers containing the relevant
decoded data. The caller is responsible for freeing those buffers. It is
possible to construct a PEM file that results in 0 bytes of payload data.
In this case PEM_read_bio_ex() will return a failure code but will
populate the header argument with a pointer to a buffer that has already
been freed. If the caller also frees this buffer then a double free will
occur. This will most likely lead to a crash. This could be exploited by
an attacker who has the ability to supply malicious PEM files for parsing
to achieve a denial of service attack. The functions PEM_read_bio() and
PEM_read() are simple wrappers around PEM_read_bio_ex() and therefore
these functions are also directly affected. These functions are also
called indirectly by a number of other OpenSSL functions ... [Please see the references for more information on the vulnerabilities]
Affected Software/OS:
'openssl' package(s) on Mageia 8.
Solution:
Please install the updated package(s).
CVSS Score:
7.8
CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C
|
