DigiCert Blog

OpenSSL Patches 14 Security Vulnerabilities

The vulnerabilities identified today do not affect SSL/TLS Certificates, but plan to patch your OpenSSL framework as soon as possible.

Early this morning, the OpenSSL project team released three security patches—1.1.0a, 1.0.2i,  and 1.0.1u—for 14 security vulnerabilities discovered in OpenSSL. These three new patches fix one “high” severity, one “moderate” severity, and 12 “low” severity vulnerabilities.

None of these bugs affect your SSL/TLS Certificates, and no actions are required related to SSL/TLS Certificate management.

Source code for all the OpenSSL patches is available at OpenSSL Cryptography and SSL/TLS Toolkit.

For a full list of vulnerabilities, see the OpenSSL Security Advisory [22 Sep 2016].

About the High Severity Vulnerability

OCSP Status Request extension unbounded memory growth (CVE-2016-6304)

The OpenSSL Security advisory reported one “high” severity vulnerability. With this one, an attacker can initially deliver a large “Online Certificate Status Protocol (OCSP) Status Request extension.” Then the attacker requests renegotiations repeatedly, delivering a huge “OCSP Status Request extension” with each request and causing limitless memory growth on that server. This continued renegotiation exhausts server memory resulting in a (Denial of Service (DoS) attack.

If you are running an instance of OpenSSL with a default configuration, you are vulnerable to this attack—even if that configuration does not support OCSP. However, if your instance is configured with the “no-ocsp” build time option, you are not vulnerable.

Note: If you are running an instance of OpenSSL 1.0.1 – 1.0.1f with a default configuration and have not enabled OCSP stapling support, then you are not vulnerable.

Update your instance(s) of OpenSSL:

  • OpenSSL 1.1.0 users need to upgrade to version 1.1.0a
  • OpenSSL 1.0.2 users need to upgrade to version 1.0.2i
  • OpenSSL 1.0.1 users need to upgrade to version 1.0.1u

About the Moderate Severity Vulnerability

SSL_peek() hang on empty record (CVE-2016-6305)

The “moderate” severity vulnerability reported by the OpenSSL Security advisory deals with a DoS attack. If the attacker delivers an empty message, then OpenSSL 1.1.0 hangs as it makes a call to SSL_peek. An attacker could exploit this in a DoS attack.

This vulnerability only affects those running an instance of OpenSSL 1.1.0.

Update your instance(s) of OpenSSL:

  • OpenSSL 1.1.0 users need to upgrade to version 1.1.0a

About the Low Severity Vulnerabilities

Two of the “low” severity vulnerabilities affect only instances of OpenSSL 1.1.0:

  • Excessive allocation of memory in tls_get_message_header() (CVE-2016-6307)
    Note: DTLS users are not affected.
  • Excessive allocation of memory in dtls1_preprocess_fragment() (CVE-2016-6308)
    Note: TLS users are not affected.

Update your instance(s) of OpenSSL:

  • OpenSSL 1.1.0 users need to upgrade to version 1.1.0a

Ten of the “low” severity vulnerabilities only affect instances of OpenSSL: 1.0.2 and 1.0.1.

  • SWEET32 Mitigation (CVE-2016-2183)
  • OOB write in MDC2_Update() (CVE-2016-6303)
  • Malformed SHA512 ticket DoS (CVE-2016-6302)
  • OOB write in BN_bn2dec() (CVE-2016-2182)
  • OOB read in TS_OBJ_print_bio() (CVE-2016-2180)
  • Pointer arithmetic undefined behaviour (CVE-2016-2177)
  • Constant time flag not preserved in DSA signing (CVE-2016-2178)
  • Certificate message OOB reads (CVE-2016-6306)
  • DTLS buffered message DoS (CVE-2016-2179)
    Note: This only affects DTLS users
  • DTLS replay protection DoS (CVE-2016-2181)
    Note: This only affects DTLS users

Update your instance(s) of OpenSSL:

  • OpenSSL 1.0.2 users should upgrade to version 1.0.2i
  • OpenSSL 1.0.1 users should upgrade to version 1.0.1u

Upgrade to OpenSSL 1.0.2 or 1.1.0 Now

Only three months left until support for OpenSSL 1.0.1 ends on December 31, 2016. If you are running an instance of OpenSSL 1.0.1, make plans today to upgrade to the latest version of OpenSSL 1.1.0 (recommended) or 1.0.2.

Keeping Your OpenSSL Secure

Even though making patches takes time and energy, the OpenSSL community (comprised of devoted researchers and security experts working with online providers and open source developers) isn’t trying to make your job more difficult. Their job is to keep your supported versions of OpenSSL secure. The OpenSSL community works hard to find and fix vulnerabilities in the framework before attackers find and exploit them.

As soon as you’re done moaning and groaning, take the time to apply the latest patches and keep your OpenSSL code secure.

Share on Facebook0Share on Google+0Tweet about this on TwitterShare on LinkedIn2

About Jason Sabin

DigiCert's Chief Security Officer, Jason Sabin, develops innovative products and features to simplify SAAS-based digital certificate management. Previously he oversaw Novell’s Security Review Board and built their first pen testing teams. He has filed over 50 patents, earning him the “Utah Genius” award.