OpenSSL - Several vulnerabilities

  • CVE-2015-0291: [High severity] 19th March 2015


    ClientHello sigalgs DoS. If a client connects to an OpenSSL 1.0.2 server and renegotiates with an invalid signature algorithms extension a NULL pointer dereference will occur. This can be exploited in a DoS attack against the server. (original advisory). Reported by David Ramos (Stanford University).


    Fixed in OpenSSL 1.0.2a (Affected 1.0.2)


    CVE-2015-0290: [Moderate severity] 19th March 2015


    Multiblock corrupted pointer. OpenSSL 1.0.2 introduced the "multiblock" performance improvement. This feature only applies on 64 bit x86 architecture platforms that support AES NI instructions. A defect in the implementation of "multiblock" can cause OpenSSL's internal write buffer to become incorrectly set to NULL when using non-blocking IO. Typically, when the user application is using a socket BIO for writing, this will only result in a failed connection. However if some other BIO is used then it is likely that a segmentation fault will be triggered, thus enabling a potential DoS attack. (original advisory). Reported by Daniel Danner and Rainer Mueller.


    Fixed in OpenSSL 1.0.2a (Affected 1.0.2)


    More information: http://www.openssl.org/news/vulnerabilities.html