Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2018.2882 polarssl security update 26 September 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: polarssl Publisher: Debian Operating System: Debian GNU/Linux 8 Impact/Access: Access Privileged Data -- Remote/Unauthenticated Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2018-9989 CVE-2018-9988 CVE-2018-0498 CVE-2018-0497 CVE-2013-0169 Reference: ASB-2016.0054.2 ESB-2018.2775 ESB-2014.2485 ESB-2014.1820 Original Bulletin: https://lists.debian.org/debian-lts-announce/2018/09/msg00029.html - --------------------------BEGIN INCLUDED TEXT-------------------- Package : polarssl Version : 1.3.9-2.1+deb8u4 CVE ID : CVE-2013-0169 CVE-2018-0497 CVE-2018-0498 CVE-2018-9988 CVE-2018-9989 Debian Bug : Two vulnerabilities were discovered in polarssl, a lightweight crypto and SSL/TLS library (nowadays continued under the name mbedtls) which could result in plain text recovery via side-channel attacks. Two other minor vulnerabilities were discovered in polarssl which could result in arithmetic overflow errors. CVE-2018-0497 As a protection against the Lucky Thirteen attack, the TLS code for CBC decryption in encrypt-then-MAC mode performs extra MAC calculations to compensate for variations in message size due to padding. The amount of extra MAC calculation to perform was based on the assumption that the bulk of the time is spent in processing 64-byte blocks, which is correct for most supported hashes but not for SHA-384. Correct the amount of extra work for SHA-384 (and SHA-512 which is currently not used in TLS, and MD2 although no one should care about that). This is a regression fix for what CVE-2013-0169 had been fixed this. CVE-2018-0498 The basis for the Lucky 13 family of attacks is for an attacker to be able to distinguish between (long) valid TLS-CBC padding and invalid TLS-CBC padding. Since our code sets padlen = 0 for invalid padding, the length of the input to the HMAC function gives information about that. Information about this length (modulo the MD/SHA block size) can be deduced from how much MD/SHA padding (this is distinct from TLS-CBC padding) is used. If MD/SHA padding is read from a (static) buffer, a local attacker could get information about how much is used via a cache attack targeting that buffer. Let's get rid of this buffer. Now the only buffer used is the internal MD/SHA one, which is always read fully by the process() function. CVE-2018-9988 Prevent arithmetic overflow on bounds check and add bound check before signature length read in ssl_parse_server_key_exchange(). CVE-2018-9989 Prevent arithmetic overflow on bounds check and add bound check before length read in ssl_parse_server_psk_hint() For Debian 8 "Jessie", these problems have been fixed in version 1.3.9-2.1+deb8u4. We recommend that you upgrade your polarssl packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBW6rV22aOgq3Tt24GAQgHwg//Z7r8qLK+JJUdu+o18QUnGKirzCBf45bK PLvAHgN6qLgKk+em49XdopE2XJMf/6EUD4bE223ky1AQ2LnrCWDtqshoD6dnU3FY /0o6Qeeeb/Ob+zh9qqENUF8AvRvDXXJUPwziqfSHd1Goa7JiCoj9LX55uQ1gJ3ln xLVl7XtTE3+TqlJC9IvU/e1jxQ9J0mgB/j7pSWNbSuxcEJncgQkIBqr+P+Qeru5p SH7HbvtQacqtWcNqgtresgiWffPpML4frtDS1f3xatdoSTL2p/pEaJRm21mqfsYT kDVLRYN7oaqYsLRumdhq/r6u9NP/WwhzBg7GQ2SLjwgWXgl7iPIm3LF+5ycDA3LD NZQs88YN5mvO1uRkvqfwEuVJq4E3GK59ozNxE0h3GRvab9g660vOG7t9S8XEnC3l QKliepdJpwTtPx2JYB/o2qO08A33UhqIVJEJZfqDm4s5eyDKszZAz/I9XZGJzU1y wEfDtThvpPBWPNgpNce7KJTE+S5b6Qmk3gvA/4p+0Rh696oGQbZMuRDODo5aOWoz IxgH4Czp4ehO/fAWD2YDLIxyd0P9rv85FQauJFMd+ZTJLCiOqLXRfq8Mt2ou4CYt 6bz8mXOWdjoPrIeoKdrE7GTxV2WZik9Mw9c23t94js2Cm8z53QcCgmP3csRbx+Ym SmrnaBDFUPQ= =Yrmz -----END PGP SIGNATURE-----