More OpenSSL security fixes

OpenSSL 3.0 Released (September 7, 2021)
OpenSSL Blog entry
Newslog

 

Old Let’s Encrypt Root Certificate Expiration and OpenSSL 1.0.2 - 13 Sept 2021
https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/

See also:
DST Root CA X3 Expiration (September 2021)
https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/

Read more at those sites!!

 

OpenSSL 3.0 LTS - Fri Mar 4 11:04:00 UTC 2022
https://mta.openssl.org/pipermail/openssl-announce/2022-March/000215.html

Edit: whoops, I forgot to give the link

 

OpenSSL Security Advisory [15 March 2022]
https://www.openssl.org/news/vulnerabilities.html#CVE-2022-0778
https://www.openssl.org/news/secadv/20220315.txt

 

OpenSSL postponing the releases of 3.0.3 and 1.1.1o planned for today
https://mta.openssl.org/pipermail/openssl-announce/2022-April/000221.html
Tue Apr 26 12:42:43 UTC 2022

 

The postponed 3.0.3 and 1.1.1o are now published - 03 May 2022

OpenSSL Security Advisory [03 May 2022]
https://www.openssl.org/news/secadv/20220503.txt

OpenSSL version 3.0.3 published
https://mta.openssl.org/pipermail/openssl-announce/2022-May/000222.html

OpenSSL version 1.1.1o published
https://mta.openssl.org/pipermail/openssl-announce/2022-May/000223.html

 

OpenSSL Security Advisory [21 June 2022]
https://www.openssl.org/news/newslog.html
https://www.openssl.org/news/secadv/20220621.txt

 

OpenSSL Security Advisory [05 July 2022] - one high and one moderate severity fix
https://www.openssl.org/news/newslog.html

https://www.openssl.org/news/secadv/20220705.txt

Heap memory corruption with RSA private key operation (CVE-2022-2274)
Severity: High

The OpenSSL 3.0.4 release introduced a serious bug in the RSA
implementation for X86_64 CPUs supporting the AVX512IFMA instructions.

Users of the OpenSSL 3.0.4 version should upgrade to OpenSSL 3.0.5.
OpenSSL 1.1.1 and 1.0.2 are not affected by this issue.

=====

AES OCB fails to encrypt some bytes (CVE-2022-2097)
Severity: MODERATE

AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised
implementation will not encrypt the entirety of the data under some
circumstances.

This issue affects versions 1.1.1 and 3.0.
OpenSSL 1.1.1 users should upgrade to 1.1.1q
OpenSSL 3.0 users should upgrade to 3.0.5

 

PS:
For the tech persons interested in the math etc., there is an article from Guido Vranken :
Notes on OpenSSL remote memory corruption - June 27, 2022
https://guidovranken.com/2022/06/27/notes-on-openssl-remote-memory-corruption/

(I'm not quoting, sorry; this is for the experts)

 

Just got the update for Linux Mint 20.3.
(but not 1.1.1q)

Code:

openssl (1.1.1f-1ubuntu2.16) focal-security; urgency=medium

  * SECURITY UPDATE: AES OCB fails to encrypt some bytes
    - debian/patches/CVE-2022-2097-1.patch: fix AES OCB encrypt/decrypt for
      x86 AES-NI in crypto/aes/asm/aesni-x86.pl.
    - debian/patches/CVE-2022-2097-2.patch: add AES OCB test vectors in
      test/recipes/30-test_evp_data/evpciph.txt.
    - CVE-2022-2097

 

Withdrawal of OpenSSL 3.0.6 and 1.1.1r - Matt Caswell - Wed Oct 12 14:23:38 UTC 2022

https://mta.openssl.org/pipermail/openssl-announce/2022-October/000237.html

Quoting:

"We have received a report of a significant regression in the latest
3.0.6 and 1.1.1r versions. The regression is not thought to have
security consequences. While the regression is further investigated we
have taken the decision to withdraw the 3.0.6 and 1.1.1r versions and
instead recommend that users remain on the previous 3.0.5 and 1.1.1q
versions for now.

We will issue a new plan for the release of 3.0.7 and 1.1.1s soon."

 

PS:
It can also been seen in their Newslog:
https://www.openssl.org/news/newslog.html

 

Forthcoming OpenSSL Releases

https://mta.openssl.org/pipermail/openssl-announce/2022-October/000238.html

Please note the word CRITICAL

==========

Forthcoming OpenSSL Bug Fix Release

https://mta.openssl.org/pipermail/openssl-announce/2022-October/000239.html

 

GlobalSign has put an urgent message on their site about the upcoming critical OpenSSL security fix:
Urgent: Patch OpenSSL on November 1 to avoid “Critical” Security Vulnerability - October 28, 2022
https://www.globalsign.com/en/blog/...ember-1-avoid-critical-security-vulnerability

Read there more.

=====

Cisco article:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-W9sdCc2a
2022 October 28
Version 1.0: Interim

 

Thanks Ron!

More info also here:
https://mta.openssl.org/pipermail/openssl-announce/2022-November/000243.html

I give one quote because original the severity was Critical and has now been downgraded to High:

There is discussion on many internet sites about this.

=====

There were two related issues:
CVE-2022-3786 and CVE-2022-3602: X.509 Email Address Buffer Overflows

=====

On github there is this list (I don't know how "accurate" it is though; things might change):
Overview of software (un)affected by vulnerability
https://github.com/NCSC-NL/OpenSSL-2022/tree/main/software

==========

Let's not forget that there was also a fix for version 1.1.1 :
OpenSSL version 1.1.1s published
https://mta.openssl.org/pipermail/openssl-announce/2022-November/000242.html

 

There is a blog post by the OpenSSL Security Team explaining the situation - Nov 1st, 2022 3:00 pm
CVE-2022-3786 and CVE-2022-3602: X.509 Email Address Buffer Overflows
https://www.openssl.org/blog/blog/2022/11/01/email-address-overflows/

Read there more!

 

thanks, @FanJ .

 

Some room-temperature takes on yesterday's not-quite-RCE vulnerabilities in OpenSSL 3.0, and on what there is to learn about safe cryptography engineering.

https://words.filippo.io/dispatches/openssl-punycode/

 

Qualys blog - Travis Smith, VP, Malware Threat Research, Qualys - November 3, 2022
OpenSSL Vulnerability Recap
https://blog.qualys.com/vulnerabilities-threat-research/2022/11/03/openssl-vulnerability-recap

Two quotes:

 

OpenSSL Security Advisory [13 December 2022]
X.509 Policy Constraints Double Locking (CVE-2022-3996)
https://www.openssl.org/news/secadv/20221213.txt

Quoting:
"Severity: Low"

"If an X.509 certificate contains a malformed policy constraint and
policy processing is enabled, then a write lock will be taken twice
recursively. On some operating systems (most widely: Windows) this
results in a denial of service when the affected process hangs. Policy
processing being enabled on a publicly facing server is not considered
to be a common setup."

"OpenSSL versions 3.0.0 to 3.0.7 are vulnerable to this issue. However due
to the low severity of this issue we are not creating a new release at
this time. The mitigation for this issue can be found in commit 7725e7bfe."

Read there more.

See also https://mta.openssl.org/pipermail/openssl-announce/2022-December/000246.html

 

Forthcoming OpenSSL Releases - for 7 February 2023

https://mta.openssl.org/pipermail/openssl-announce/2023-January/000248.html

Quoting:

"The OpenSSL project team would like to announce the forthcoming release
of OpenSSL versions 3.0.8, 1.1.1t and 1.0.2zg. Note that OpenSSL 1.0.2
is End Of Life and so 1.0.2zg will be available to premium support
customers only.

These releases will be made available on Tuesday 7th February 2023
between 1300-1700 UTC.

These are security-fix releases. The highest severity issue fixed in
each of these three releases is High"

===

Emphasis by me in that quote

 

Hello All:

The following OpenSSL branches were updated on 07-February-2023.

On a severity scale from “Low” to “Critical”, these updates are deemed “High”.

1. 1.1.1 branch was updated to 1.1.1t
   
   
2. 3.0 branch was updated to 3.0.8

Newslog: https://www.openssl.org/news/newslog.html

HTH