Hello community, here is the log from the commit of package libopenssl0_9_8 for openSUSE:Factory checked in at Wed Sep 21 17:10:46 CEST 2011. -------- --- libopenssl0_9_8/libopenssl0_9_8.changes 2010-12-09 06:00:19.000000000 +0100 +++ /mounts/work_src_done/STABLE/libopenssl0_9_8/libopenssl0_9_8.changes 2011-09-20 11:19:59.000000000 +0200 @@ -1,0 +2,6 @@ +Tue Sep 20 09:18:23 UTC 2011 - gjhe@suse.com + +- fix bug[bnc#716144] - VUL-0: openssl ECDH crash. + CVE-2011-3210 + +------------------------------------------------------------------- calling whatdependson for head-i586 New: ---- CVE-2011-3210.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libopenssl0_9_8.spec ++++++ --- /var/tmp/diff_new_pack.w701fz/_old 2011-09-21 17:10:41.000000000 +0200 +++ /var/tmp/diff_new_pack.w701fz/_new 2011-09-21 17:10:41.000000000 +0200 @@ -35,6 +35,7 @@ Patch0: merge_from_0_9_8k.patch Patch1: openssl-CVE-2010-0740.patch Patch2: CVE-2010-4180.patch +Patch3: CVE-2011-3210.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build Recommends: openssl-certs @@ -59,6 +60,7 @@ %patch0 -p1 %patch1 -p1 %patch2 -p1 +%patch3 -p1 cp -p %{S:10} . echo "adding/overwriting some entries in the 'table' hash in Configure" # $dso_scheme:$shared_target:$shared_cflag:$shared_ldflag:$shared_extension:$ranlib:$arflags ++++++ CVE-2011-3210.patch ++++++ Index: openssl-0.9.8h/ssl/s3_lib.c =================================================================== --- openssl-0.9.8h.orig/ssl/s3_lib.c +++ openssl-0.9.8h/ssl/s3_lib.c @@ -1722,11 +1722,17 @@ void ssl3_clear(SSL *s) } #ifndef OPENSSL_NO_DH if (s->s3->tmp.dh != NULL) + { DH_free(s->s3->tmp.dh); + s->s3->tmp.dh = NULL; + } #endif #ifndef OPENSSL_NO_ECDH if (s->s3->tmp.ecdh != NULL) + { EC_KEY_free(s->s3->tmp.ecdh); + s->s3->tmp.ecdh = NULL; + } #endif rp = s->s3->rbuf.buf; Index: openssl-0.9.8h/ssl/s3_srvr.c =================================================================== --- openssl-0.9.8h.orig/ssl/s3_srvr.c +++ openssl-0.9.8h/ssl/s3_srvr.c @@ -712,6 +712,13 @@ int ssl3_check_client_hello(SSL *s) s->s3->tmp.dh = NULL; } #endif +#ifndef OPENSSL_NO_ECDH + if (s->s3->tmp.ecdh != NULL) + { + EC_KEY_free(s->s3->tmp.ecdh); + s->s3->tmp.ecdh = NULL; + } +#endif return 2; } return 1; @@ -1316,7 +1323,6 @@ int ssl3_send_server_key_exchange(SSL *s if (s->s3->tmp.dh != NULL) { - DH_free(dh); SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); goto err; } @@ -1377,7 +1383,6 @@ int ssl3_send_server_key_exchange(SSL *s if (s->s3->tmp.ecdh != NULL) { - EC_KEY_free(s->s3->tmp.ecdh); SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); goto err; } @@ -1388,12 +1393,11 @@ int ssl3_send_server_key_exchange(SSL *s SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB); goto err; } - if (!EC_KEY_up_ref(ecdhp)) + if ((ecdh = EC_KEY_dup(ecdhp)) == NULL) { SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB); goto err; } - ecdh = ecdhp; s->s3->tmp.ecdh=ecdh; if ((EC_KEY_get0_public_key(ecdh) == NULL) || @@ -2247,6 +2251,12 @@ int ssl3_get_client_key_exchange(SSL *s) /* Get encoded point length */ i = *p; p += 1; + if (n != 1 + i) + { + SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, + ERR_R_EC_LIB); + goto err; + } if (EC_POINT_oct2point(group, clnt_ecpoint, p, i, bn_ctx) == 0) { ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org