SuSE Local Security Checks : openSUSE: Security Advisory for mbedtls (openSUSE-SU-2015:2257-1)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.851187

Category: SuSE Local Security Checks

Title: openSUSE: Security Advisory for mbedtls (openSUSE-SU-2015:2257-1)

Summary: The remote host is missing an update for the 'mbedtls'; package(s) announced via the referenced advisory.

Description: Summary:
The remote host is missing an update for the 'mbedtls'
package(s) announced via the referenced advisory.

Vulnerability Insight:
This update for mbedtls fixes the following security and non-security
issues:

- Update to 1.3.15

* Fix potential double free if ssl_set_psk() is called more than once
and some allocation fails. Cannot be forced remotely. Found by Guido
Vranken, Intelworks.

* Fix potential heap corruption on windows when x509_crt_parse_path() is
passed a path longer than 2GB. Cannot be triggered remotely. Found by
Guido Vranken, Intelworks.

* Fix potential buffer overflow in some asn1_write_xxx() functions.
Cannot be triggered remotely unless you create X.509 certificates based
on untrusted input or write keys of untrusted origin. Found by Guido
Vranken, Intelworks.

* The x509 max_pathlen constraint was not enforced on intermediate
certificates. Found by Nicholas Wilson, fix and tests provided by
Janos Follath. #280 and #319

* Self-signed certificates were not excluded from pathlen counting,
resulting in some valid X.509 being incorrectly rejected. Found and
fix provided by Janos Follath. #319

* Fix bug causing some handshakes to fail due to some non-fatal alerts
not begin properly ignored. Found by mancha and Kasom Koht-arsa, #308

* Fix build error with configurations where ecdhe-psk is the only key
exchange. Found and fix provided by Chris Hammond. #270

* Fix failures in mpi on sparc(64) due to use of bad assembly code.
Found by Kurt Danielson. #292

* Fix typo in name of the extkeyusage oid. found by inestlerode, #314

* Fix bug in asn.1 encoding of booleans that caused generated ca
certificates to be rejected by some applications, including OS X
Keychain. Found and fixed by Jonathan Leroy, Inikup.

* Fix 'destination buffer is too small' error in cert_write program.
Found and fixed by Jonathan Leroy, Inikup.

- Update to 1.3.14

* Added fix for CVE-2015-5291 (boo#949380) to prevent heap corruption
due to buffer
overflow of the hostname or session ticket. Found by Guido Vranken,
Intelworks.

* Fix stack buffer overflow in pkcs12 decryption (used by
mbedtls_pk_parse_key(file)() when the password is 129 bytes. Found
by Guido Vranken, Intelworks. Not triggerable remotely.

* Fix potential buffer overflow in mbedtls_mpi_read_string(). Found by
Guido Vranken, Intelworks. Not exploitable remotely in the context
of TLS, but might be in other uses. On 32 bit machines, requires
reading a string of close to or larger than 1GB to exploit on 64 bit
machines, would require reading a string of close to or larger than
2^62 bytes.

* Fix potential random memory allocation in mbedtls_pem_read_buffer()
on crafted PEM input data. ...

Description truncated, please see the referenced URL(s) for more information.

Affected Software/OS:
mbedtls on openSUSE Leap 42.1

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2015-5291
Debian Security Information: DSA-3468 (Google Search)
http://www.debian.org/security/2016/dsa-3468
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169625.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169765.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170317.html
https://security.gentoo.org/glsa/201706-18
https://guidovranken.files.wordpress.com/2015/10/cve-2015-5291.pdf
https://guidovranken.wordpress.com/2015/10/07/cve-2015-5291/
SuSE Security Announcement: openSUSE-SU-2015:2257 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00013.html
SuSE Security Announcement: openSUSE-SU-2015:2371 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-12/msg00119.html

Copyright Copyright (C) 2016 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.851187
Category:	SuSE Local Security Checks
Title:	openSUSE: Security Advisory for mbedtls (openSUSE-SU-2015:2257-1)
Summary:	The remote host is missing an update for the 'mbedtls'; package(s) announced via the referenced advisory.
Description:	Summary: The remote host is missing an update for the 'mbedtls' package(s) announced via the referenced advisory. Vulnerability Insight: This update for mbedtls fixes the following security and non-security issues: - Update to 1.3.15 * Fix potential double free if ssl_set_psk() is called more than once and some allocation fails. Cannot be forced remotely. Found by Guido Vranken, Intelworks. * Fix potential heap corruption on windows when x509_crt_parse_path() is passed a path longer than 2GB. Cannot be triggered remotely. Found by Guido Vranken, Intelworks. * Fix potential buffer overflow in some asn1_write_xxx() functions. Cannot be triggered remotely unless you create X.509 certificates based on untrusted input or write keys of untrusted origin. Found by Guido Vranken, Intelworks. * The x509 max_pathlen constraint was not enforced on intermediate certificates. Found by Nicholas Wilson, fix and tests provided by Janos Follath. #280 and #319 * Self-signed certificates were not excluded from pathlen counting, resulting in some valid X.509 being incorrectly rejected. Found and fix provided by Janos Follath. #319 * Fix bug causing some handshakes to fail due to some non-fatal alerts not begin properly ignored. Found by mancha and Kasom Koht-arsa, #308 * Fix build error with configurations where ecdhe-psk is the only key exchange. Found and fix provided by Chris Hammond. #270 * Fix failures in mpi on sparc(64) due to use of bad assembly code. Found by Kurt Danielson. #292 * Fix typo in name of the extkeyusage oid. found by inestlerode, #314 * Fix bug in asn.1 encoding of booleans that caused generated ca certificates to be rejected by some applications, including OS X Keychain. Found and fixed by Jonathan Leroy, Inikup. * Fix 'destination buffer is too small' error in cert_write program. Found and fixed by Jonathan Leroy, Inikup. - Update to 1.3.14 * Added fix for CVE-2015-5291 (boo#949380) to prevent heap corruption due to buffer overflow of the hostname or session ticket. Found by Guido Vranken, Intelworks. * Fix stack buffer overflow in pkcs12 decryption (used by mbedtls_pk_parse_key(file)() when the password is 129 bytes. Found by Guido Vranken, Intelworks. Not triggerable remotely. * Fix potential buffer overflow in mbedtls_mpi_read_string(). Found by Guido Vranken, Intelworks. Not exploitable remotely in the context of TLS, but might be in other uses. On 32 bit machines, requires reading a string of close to or larger than 1GB to exploit on 64 bit machines, would require reading a string of close to or larger than 2^62 bytes. * Fix potential random memory allocation in mbedtls_pem_read_buffer() on crafted PEM input data. ... Description truncated, please see the referenced URL(s) for more information. Affected Software/OS: mbedtls on openSUSE Leap 42.1 Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2015-5291 Debian Security Information: DSA-3468 (Google Search) http://www.debian.org/security/2016/dsa-3468 http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169625.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169765.html http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170317.html https://security.gentoo.org/glsa/201706-18 https://guidovranken.files.wordpress.com/2015/10/cve-2015-5291.pdf https://guidovranken.wordpress.com/2015/10/07/cve-2015-5291/ SuSE Security Announcement: openSUSE-SU-2015:2257 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00013.html SuSE Security Announcement: openSUSE-SU-2015:2371 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-12/msg00119.html
Copyright	Copyright (C) 2016 Greenbone Networks GmbH