openSUSE Security Update : mbedtls (openSUSE-2015-898)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update for mbedtls fixes the following security and non-security
issues :

- Update to 1.3.15

- Fix potential double free if ssl_set_psk() is called
more than once and some allocation fails. Cannot be
forced remotely. Found by Guido Vranken, Intelworks.

- Fix potential heap corruption on windows when
x509_crt_parse_path() is passed a path longer than 2GB.
Cannot be triggered remotely. Found by Guido Vranken,

- Fix potential buffer overflow in some asn1_write_xxx()
functions. Cannot be triggered remotely unless you
create X.509 certificates based on untrusted input or
write keys of untrusted origin. Found by Guido Vranken,

- The x509 max_pathlen constraint was not enforced on
intermediate certificates. Found by Nicholas Wilson, fix
and tests provided by Janos Follath. #280 and #319

- Self-signed certificates were not excluded from pathlen
counting, resulting in some valid X.509 being
incorrectly rejected. Found and fix provided by Janos
Follath. #319

- Fix bug causing some handshakes to fail due to some
non-fatal alerts not begin properly ignored. Found by
mancha and Kasom Koht-arsa, #308

- Fix build error with configurations where ecdhe-psk is
the only key exchange. Found and fix provided by Chris
Hammond. #270

- Fix failures in mpi on sparc(64) due to use of bad
assembly code. Found by Kurt Danielson. #292

- Fix typo in name of the extkeyusage oid. found by
inestlerode, #314

- Fix bug in asn.1 encoding of booleans that caused
generated ca certificates to be rejected by some
applications, including OS X Keychain. Found and fixed
by Jonathan Leroy, Inikup.

- Fix 'destination buffer is too small' error in
cert_write program. Found and fixed by Jonathan Leroy,

- Update to 1.3.14

- Added fix for CVE-2015-5291 (boo#949380) to prevent heap
corruption due to buffer overflow of the hostname or
session ticket. Found by Guido Vranken, Intelworks.

- Fix stack-based buffer overflow in pkcs12 decryption
(used by mbedtls_pk_parse_key(file)() when the password
is > 129 bytes. Found by Guido Vranken, Intelworks. Not
triggerable remotely.

- Fix potential buffer overflow in
mbedtls_mpi_read_string(). Found by Guido Vranken,
Intelworks. Not exploitable remotely in the context of
TLS, but might be in other uses. On 32 bit machines,
requires reading a string of close to or larger than 1GB
to exploit; on 64 bit machines, would require reading a
string of close to or larger than 2^62 bytes.

- Fix potential random memory allocation in
mbedtls_pem_read_buffer() on crafted PEM input data.
Found and fix provided by Guido Vranken, Intelworks. Not
triggerable remotely in TLS. Triggerable remotely if you
accept PEM data from an untrusted source.

- Fix potential double-free if ssl_set_psk() is called
repeatedly on the same ssl_context object and some
memory allocations fail. Found by Guido Vranken,
Intelworks. Can not be forced remotely.

- Fix possible heap buffer overflow in base64_encode()
when the input buffer is 512MB or larger on 32-bit
platforms. Found by Guido Vranken, Intelworks. Found by
Guido Vranken. Not trigerrable remotely in TLS.

- Fix potential heap buffer overflow in servers that
perform client authentication against a crafted CA cert.
Cannot be triggered remotely unless you allow third
parties to pick trust CAs for client auth. Found by
Guido Vranken, Intelworks.

- Fix compile error in net.c with musl libc. found and
patch provided by zhasha (#278).

- Fix macroization of 'inline' keywork when building as
c++. (#279)

- Added checking of hostname length in ssl_set_hostname()
to ensure domain names are compliant with RFC 1035.

- Changes for 1.3.13

- Fix possible client-side NULL pointer dereference (read)
when the client tries to continue the handshake after it
failed (a misuse of the API). (Found and patch provided
by Fabian Foerg, Gotham Digital Science using afl-fuzz.)

- Add countermeasure against lenstra's rsa-crt attack for
pkcs#1 v1.5 signatures. (Found by Florian Weimer, Red

- Setting ssl_min_dhm_bytes in config.h had no effect
(overriden in ssl.h) (found by Fabio Solari) (#256)

- Fix bug in mbedtls_rsa_public() and
mbedtls_rsa_private() that could result trying to unlock
an unlocked mutex on invalid input (found by Fredrik
Axelsson) (#257)

- Fix -wshadow warnings (found by hnrkp) (#240)

- Fix unused function warning when using mbedtls_mdx_alt
or MBEDTLS_SHAxxx_ALT (found by Henrik) (#239)

- Fix memory corruption in pkey programs (found by
yankuncheng) (#210)

- Fix memory corruption on client with overlong psk
identity, around SSL_MAX_CONTENT_LEN or higher - not
triggerrable remotely (found by Aleksandrs Saveljevs)

- Fix off-by-one error in parsing supported point format
extension that caused some handshakes to fail.

- When verifying a certificate chain, if an intermediate
certificate is trusted, no later cert is checked.
(suggested by hannes-landeholm) (#220).

- Changes for 1.3.12

- Increase the minimum size of diffie-hellman parameters
accepted by the client to 1024 bits, to protect against
Logjam attack.

- Increase the size of default diffie-hellman parameters
on the server to 2048 bits. This can be changed with

- Fix thread-safety issue in ssl debug module (found by
edwin van vliet).

- Some example programs were not built using make, not
included in visual Studio projects (found by Kristian

- Fix build error with cmake and pre-4.5 versions of gcc
(found by hugo Leisink).

- Fix missing -static-ligcc when building shared libraries
for windows with make.

- Fix compile error with armcc5 --gnu.

- Add ssl_min_dhm_bytes configuration parameter in
config.h to choose the minimum size of Diffie-Hellman
parameters accepted by the client.

- The pem parser now accepts a trailing space at end of
lines (#226).

See also :

Solution :

Update the affected mbedtls packages.

Risk factor :

Medium / CVSS Base Score : 6.8

Family: SuSE Local Security Checks

Nessus Plugin ID: 87394 ()

Bugtraq ID:

CVE ID: CVE-2015-5291

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now