Amazon Linux AMI update for openssl

Published: 2018-12-07 10:09:56 | Updated: 2018-12-07
Severity Medium
Patch available YES
Number of vulnerabilities 3
CVE ID CVE-2018-0495
CVE-2017-3735
CVE-2018-0739
CVSSv3 2.9 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
3.3 [CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:W/RC:C]
4.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CWE ID CWE-200
CWE-125
CWE-400
Exploitation vector Network
Public exploit N/A
Vulnerable software Amazon Linux AMI
Vulnerable software versions Amazon Linux AMI 2017.03
Vendor URL Amazon Web Services, Inc.

Security Advisory

1) Memory-cache side-channel attack

Description

The vulnerability allows a local attacker to obtain potentially sensitive information.

The vulnerability exists due to a leakage of information through memory caches when the affected library uses a private key to create Elliptic Curve Digital Signature Algorithm (ECDSA) signatures.  A local attacker can conduct a memory-cache side-channel attack on ECDSA signatures and recover sensitive information, such as ECDSA private keys, which could be used to conduct further attacks. 

Note: The vulnerability is known as the "Return Of the Hidden Number Problem" or ROHNP.

Remediation

Update the affected packages.

i686:
    openssl-static-1.0.2k-16.146.amzn1.i686
    openssl-1.0.2k-16.146.amzn1.i686
    openssl-devel-1.0.2k-16.146.amzn1.i686
    openssl-perl-1.0.2k-16.146.amzn1.i686
    openssl-debuginfo-1.0.2k-16.146.amzn1.i686

src:
    openssl-1.0.2k-16.146.amzn1.src

x86_64:
    openssl-perl-1.0.2k-16.146.amzn1.x86_64
    openssl-devel-1.0.2k-16.146.amzn1.x86_64
    openssl-1.0.2k-16.146.amzn1.x86_64
    openssl-static-1.0.2k-16.146.amzn1.x86_64
    openssl-debuginfo-1.0.2k-16.146.amzn1.x86_64

External links

https://alas.aws.amazon.com/ALAS-2018-1102.html

2) Out-of-bounds read

Description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to one-byte out-of-bounds read when parsing an IPAddressFamily extension in an X.509 certificate. A remote attacker can disguise text display of the certificate.

Remediation

Update the affected packages.

i686:
    openssl-static-1.0.2k-16.146.amzn1.i686
    openssl-1.0.2k-16.146.amzn1.i686
    openssl-devel-1.0.2k-16.146.amzn1.i686
    openssl-perl-1.0.2k-16.146.amzn1.i686
    openssl-debuginfo-1.0.2k-16.146.amzn1.i686

src:
    openssl-1.0.2k-16.146.amzn1.src

x86_64:
    openssl-perl-1.0.2k-16.146.amzn1.x86_64
    openssl-devel-1.0.2k-16.146.amzn1.x86_64
    openssl-1.0.2k-16.146.amzn1.x86_64
    openssl-static-1.0.2k-16.146.amzn1.x86_64
    openssl-debuginfo-1.0.2k-16.146.amzn1.x86_64

External links

https://alas.aws.amazon.com/ALAS-2018-1102.html

3) Resource exhaustion

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to excessive stack memory consumption. A remote attacker can cause the service to crash.

Remediation

Update the affected packages.

i686:
    openssl-static-1.0.2k-16.146.amzn1.i686
    openssl-1.0.2k-16.146.amzn1.i686
    openssl-devel-1.0.2k-16.146.amzn1.i686
    openssl-perl-1.0.2k-16.146.amzn1.i686
    openssl-debuginfo-1.0.2k-16.146.amzn1.i686

src:
    openssl-1.0.2k-16.146.amzn1.src

x86_64:
    openssl-perl-1.0.2k-16.146.amzn1.x86_64
    openssl-devel-1.0.2k-16.146.amzn1.x86_64
    openssl-1.0.2k-16.146.amzn1.x86_64
    openssl-static-1.0.2k-16.146.amzn1.x86_64
    openssl-debuginfo-1.0.2k-16.146.amzn1.x86_64

External links

https://alas.aws.amazon.com/ALAS-2018-1102.html

Back to List