New OpenSSL Security Advisory Announced

New submitter eyeareque writes: It's time to patch OpenSSL again. The OpenSSL project has patched several moderate- and low-severity security vulnerabilities and also has added protection against the Logjam attack in new releases of the software. Personally I wish that OpenSSL released these in a predictable cadence. Patch Tuesday maybe?

Predictable cadence?

[mars-nl]

What's the use of a predictable cadence for security updates? Security vulnerabilities are not found on a schedule. Personally I want my updates ASAP. You can update when you want (but sooner is better for everyone).

Re:Predictable cadence?

[JSG]

"Security vulnerabilities are not found on a schedule."

Agreed. Still, at least we get silly names for OpenSSL vulns rather than simply just CVEs and KB numbers with descriptions that usually say something like "A vulnerability in stuff can cause your cat to spontaneously combust on wednesdays when the full moon is in venus. You may have to reboot your computer after applying this update."

Oh well, it's time to:
$sudo apt-get update && sudo apt-get upgrade
$sudo pacman -Syu
#emerge -uva --deep --newuse --keep-going @world
$sudo yum up

The third one above is my patch tuesday, wednesday and probably thursday 8) My laptop is starting to cook my bollocks, compiling LibreOffice.

Re:Predictable cadence?

[eyeareque]

It helps companies plan for downtime and patching. Right now they give you a three day notice and this only tells you "something is coming in three days" and maybe the severity. If you can plan it out it makes for a smoother fix process.

Re:Predictable cadence?

[Dutch+Gun]

You're obviously patching your own machine, not thousands of other people's machines, for whom any patch carries the risk of breaking mission-critical software and potentially costing your company millions of dollars in lots productivity per day. A predictable cadence is extremely useful for non-zero-day exploits, and even zero-day exploits if the risk is deemed acceptable or can otherwise be mitigated temporarily. The whole notion of a once-a-month patch schedule is entirely for the benefit of corporate customers, to make it easier to test and deploy those patches on a regular schedule.

Re:Predictable cadence?

[Dutch+Gun]

Personally, I've got four machines to patch (two Windows, one Mac, one Linux), and didn't mean to imply otherwise. It's rather common knowledge that "patch Tuesday" was started by MS in order to make things more convenient for corporate customers, instead of releasing patches on an ad hoc schedule.

Re:Predictable cadence?

[myowntrueself]

You're obviously patching your own machine, not thousands of other people's machines, for whom any patch carries the risk of breaking mission-critical software and potentially costing your company millions of dollars in lots productivity per day.

Not quite *any* patch.

Debian has a good reputation for not changing anything in a security patch other than the security vulnerability itself. Ie if the version of the software in the distribution is, say 1.0 then patching security updates will never change the version to 2.0. The patched version has exactly the same behaviors as the version its updating minus the security vulnerabilities. If you were somehow taking advantage of those vulnerabilities then, well, thats your problem. Also if you are mixing 3rd party non-Debian packaged software in, you are on your own there too. But a pure Debian server should be able to be apt-get upgraded with no problems.

(There was one time when the package maintainer of sudo _decided_ that the defaults for handling environment variables were 'unsecure' and changed them as a security update, which broke a lot of peoples shit. But that was a long time ago).

Re:Predictable cadence?

[thegarbz]

Or they could release a patch and companies can install it 3 days later. I don't understand why you would want to hold the patch back? It was a retarded concept when MS introduced it, but even now you can control the distribution of windows updates in a controlled manner throughout an organisation so even that has run its course.

Re:Predictable cadence?

[thegarbz]

What stops you from patching your machine in your own time?

Re:Predictable cadence?

[arglebargle_xiv]

I think it's a sign that there's something seriously wrong when people are requesting a regular release cadence to fix all the security holes in the software that's supposed to be protecting them from security problems...

ObXKCD.

Re:Predictable cadence?

[Demonoid-Penguin]

Personally, I've got four machines to patch (two Windows, one Mac, one Linux), and didn't mean to imply otherwise. It's rather common knowledge that "patch Tuesday" was started by MS in order to make things more convenient for corporate customers, instead of releasing patches on an ad hoc schedule.

As someone who deals with many of their corporate customers let me assure you it ain't convenient - we want the patches as soon as possible, and we'll deploy them as soon as we've tested them. Despite not knowing the personal motivations behind all the M$ executives who decided it's a monthly thing (and ignoring that I remember when it wasn't even monthly) I have a hard time believing they do because it's best for their corporate clients.

Re:Predictable cadence?

[luis_a_espinal]

Unfortunately in this world with change control, number of systems affected, testers that need to be lined up, business stakeholder notified of outage if any etc means that unless a security issue is out in the wild your are not going to deploy it. By having regular predictable releases you can organise regular pre-approved changes etc.

Hans

And how do you schedule predicable zero-day security patches, for instance?

Re:Predictable cadence?

[luis_a_espinal]

What stops you from patching your machine in your own time?

Budgets, schedules, coordination with other 24/7 services that depend on it, etc, etc. If it is a single isolated system, then yeah, it's trivial. When we are talking about production and test environments with dozens (or even more) systems, then it is not just a matter of working "own your own time." This gets worse when there are systems that heavily utilize SSL.

Any such upgrade requires some type of basic regression testing of said systems outside of the typical testing schedules associated to development. And that brings up pulling resources from somewhere else to do the testing.

It is almost never our own time alone.

Re:Predictable cadence?

[pscottdv]

The point is, why should patches be held back from everyone else just so your organization has time to plan and test. Your organization can wait until it is ready to apply the patch while some other, more nimble, organization can apply it sooner. There is absolutely no reason for the patch to be held back to give you time to get your duck in a row.

Re:Predictable cadence?

[LeadSongDog]

... My laptop is starting to cook my bollocks, compiling LibreOffice.

Sure, it's called a "laptop" in the user manual, but that doesn't constitute a How-to now, does it?

Re:Predictable cadence?

[thegarbz]

So telling you that the patch will come out on a Tuesday will alleviate your budget, schedule and co-ordination problems, but simply releasing the patch and letting you install it on a Tuesday doesn't?

Why should I wait for my patch because you have a co-ordination issue?

Re:Predictable cadence?

[Dutch+Gun]

Well, I can give you at least one reason:

Assuming we're talking about non-zero-day exploits (stuff that white hats reported in confidence), part of the issue is that actually releasing a patch tells black hats a lot about how to create an exploit, and this applies to both open source and non-open source, but with slightly different methodologies. It's fairly easy for black hats to reverse engineer a patch to determine exactly how you can now exploit unpatched systems. So, the clock starts ticking the moment the patch is released, essentially. Hence "Patch Tuesday", and "Exploit Wednesday".

If the patches are released as they're ready, then you're putting corporation IT departments into a near-continuous patch and test cycle. What happens if they're in the middle of some other project and a critical patch is issued? The monthly patch cycle gives them a bit of predictability so they can schedule products around this date.

Naturally, this doesn't apply to zero-day exploits/patches, especially those which are widely known about. The monthly cycle obviously works against zero day issues in terms of response time, but there's always the option of a temporary workaround, or even an out-of-band patch for extremely serious issues - and that isn't unprecedented.

Re:Predictable cadence?

[rdnetto]

Oh well, it's time to:
$sudo apt-get update && sudo apt-get upgrade
$sudo pacman -Syu
#emerge -uva --deep --newuse --keep-going @world
$sudo yum up

The third one above is my patch tuesday, wednesday and probably thursday 8) My laptop is starting to cook my bollocks, compiling LibreOffice.

I run Sabayon, you insensitive clod! :P

Re:I wish

[viperidaenz]

How about you pay them for the software and they may do something to benefit you more.

OpenSSL has been replaced...

[unixisc]

...by LibreSSL in FreeBSD, in addition to in OpenBSD. Wonder how long is it before Linux, Windows and MacOS (both OS-X and iOS) follow?

Re:OpenSSL has been replaced...

[yuhong]

OS X and iOS already picked SecureTransport years ago, which had it's own problems BTW (though with 10.11 it is finally getting better).

Re:OpenSSL has been replaced...

[Pow]

LibreSSL patches today:

Avoid an infinite loop that can occur when verifying a message with an unknown hash function OID.
Diff based on OpenSSL.
Fixes CVE-2015-1792 (however, this code is not enabled/built in LibreSSL).
ok doug@ miod@

Avoid a potential out-of-bounds read in X509_cmp_time(), due to missing length checks.
Diff based on changes in OpenSSL.
Fixes CVE-2015-1789.
ok doug@

Avoid an infinite loop that can be triggered by parsing an ASN.1
ECParameters structure that has a specially malformed binary polynomial field.
Issue reported by Joseph Barr-Pixton and fix based on OpenSSL.
Fixes CVE-2015-1788.
ok doug@ miod@

Re:OpenSSL has been replaced...

FreeBSD has not replaced OpenSSL with LibreSSL; OpenSSL is still used in the base system, while LibreSSL (like newer versions of OpenSSL, or WolfSSL, or anything else) are available via ports:

stable/8: http://svnweb.freebsd.org/base/stable/8/crypto/openssl/?view=log
stable/9: http://svnweb.freebsd.org/base/stable/9/crypto/openssl/?view=log
stable/10: http://svnweb.freebsd.org/base/stable/10/crypto/openssl/?view=log
head (FreeBSD 11.x): http://svnweb.freebsd.org/base/head/crypto/openssl/?view=log

It sure looks like there's a lot of work to be done (API/ABI incompatibilities with ports) before LibreSSL could replace OpenSSL in the base system: https://wiki.freebsd.org/LibreSSL

Re:OpenSSL has been replaced...

[Bengie]

About 80% of the known OpenSSL bugs that have been fixed, were inadvertently fixed in LibreSSL during the refactoring. Many of OpenSSL's bugs are entirely do to horrible coding practices. Of the remaining 20%, a sizable portion were actually found by LibreSSL during the clean up.

Re:OpenSSL has been replaced...

[WaffleMonster]

About 80% of the known OpenSSL bugs that have been fixed, were inadvertently fixed in LibreSSL during the refactoring. Many of OpenSSL's bugs are entirely do to horrible coding practices. Of the remaining 20%, a sizable portion were actually found by LibreSSL during the clean up.

You should immediately contact OpenSSL and have them correct attributions in the change log to reflect this reality.

Re:OpenSSL has been replaced...

[serviscope_minor]

It sure looks like there's a lot of work to be done (API/ABI incompatibilities with ports) before LibreSSL could replace OpenSSL in the base system

I'm curious as to why: LibreSSL isn't a rewrite from scratch. I thought they were explicitly doing an audit and clean up, which means keepint the external interfaces the same. Or is it just a question of actually testing things to make sure nothing has broken for obscure reasons?

Re:OpenSSL has been replaced...

[unixisc]

I thought that they were starting w/ the former, and continuing w/ the latter

Re:OpenSSL has been replaced...

[jandrese]

IIRC they did remove some of the more obscure APIs, but honestly most of those were research projects that were never used in real life, so they shouldn't break anything. The OpenBSD guys compile their own ports tree against LibreSSL and have only had a small handful of applications break I think.

Re:And I wish...

Would you like to discuss all the vulnerabilities in Windows various versions, that has led to MILLIONS of different Malware???

No, I dont use Windows so those dont affect me. The problems with OpenSSL affect me. Also since this a story about the vulnerabilities in OpenSSL why would we change the topic to Windows?

I sleep very well at night using Linux, and NOT using Windows software as much as humanly possible.

Good for you but this is nothing to do with Linux or Windows, this is about OpenSSL (or do you think OpenSSL is a Linux thing?).

Re:And I wish...

[Ziest]

Your are invited to submit your patches to fix the problems you have found in OpenSSL

Re:And I wish...

Because if you aren't using OpenSSL, you must be using Windows. I must have imagined GnuTLS, MatrixSSL, MbedTLS, LibreSSL, NSS, Botan, Bouncy castle, wolfSSL, Boring SSL, cryptlib, etc.

Logjam / Diffie Hellman attacks

[complete+loony]

OpenSSL has added protection for TLS clients by rejecting handshakes with DH parameters shorter than 768 bits. This limit will be increased to 1024 bits in a future release.

Good. But it doesn't go far enough. How about some kind of deprecation warning if DH is using any well known prime number?

Re:Logjam / Diffie Hellman attacks

[luis_a_espinal]

OpenSSL has added protection for TLS clients by rejecting handshakes with DH parameters shorter than 768 bits. This limit will be increased to 1024 bits in a future release.

Good. But it doesn't go far enough. How about some kind of deprecation warning if DH is using any well known prime number?

What prime number that is known or effectively computable for DH is not well known? Maybe I'm missing something here.

Re:Logjam / Diffie Hellman attacks

[complete+loony]

In the logjam paper, they speculate that the NSA has the funds to run the first part of a number field sieve on a small number of 1024bit primes. So long as we keep using software implementations with these well known primes hard coded in their source code, HTTPS SSH & VPN connections may be vulnerable.

Not putting all of our eggs in one basket reduces this risk considerably. In response to this threat, we should periodically publish and use a new set of primes that are appropriate for DH exchanges. Though I would be happier if it were possible to generate a new prime on the first boot of a server.

Or we could swap to using a different method for producing session keys.

Re:And I wish...

[Ziest]

Thank you for your deep insight into this problem. Now that you have tossed OpenSSL what are you going to be replacing it with.

Re: And I wish...

Plus I use openSSL on Windows.

Re:And I wish...

[Antique+Geekmeister]

LibreSSL for drop-in compatibility? Or gnutls?

Re:And I wish...

[ToasterMonkey]

Would you like to discuss all the vulnerabilities in Windows various versions, that has led to MILLIONS of different Malware??? Why doesn't Mickey$oft fix most of these??? They simply refuse!!!

I will take Linux, Open Source and Free Software any day of the week, and will deal with any flaws that come up. They are usually corrected quite quickly, and in this case, I am sure they spent a lot of time testing to inure all is fixed.

I sleep very well at night using Linux, and NOT using Windows software as much as humanly possible.

Who, the hell, said anything about Windows OR Linux besides you? OpenSSL runs on everything.
Do you really think we shouldn't hold OpenSSL, or any open source software to a higher standard, "because Microsoft"?

. ... are your parents OK with you using the Internet all by yourself?

Re:And I wish...

[Bengie]

I bet you don't like some things the government does. You are invited to run for Senate or President. Because obviously if you don't, you should just shut up and gtfo.

Complaining about open source software is like voting, you're letting your voice be heard but letting the other run the show. Submitting patches is like being a politician, you're the only actually doing the work.

OpenBSD

[xdor]

So Did OpenBSD's much vaunted refactor of OpenSSL turn up this bug before the OpenSSL team found it?

Re:OpenBSD

[styrotech]

LibreSSL seems to have been immune to somewhere between half and two thirds of OpenSSL vulnerabilities recently. Not perfect, but a significant improvement.

Early on this was mostly due to the amount of outdated crap they deleted (less attack surface area), but as time goes on more and more will hopefully be due to improving the code that was left behind.

There's still a long way to go though.

Re:OpenBSD

[weilawei]

B..b..but... it's not perfect!!!

Yeah, fuck the whiners. It's a huge step forward, and the whiners don't have the technical chops to know what's going on or why they should shut up and care--or just shut up and accept that something useful is being done and will likely benefit them in the future.

Re:OpenBSD

[TCM]

From http://www.openbsd.org/errata5... (emphasis mine)

009: SECURITY FIX: June 11, 2015 All architectures
Fix several defects from OpenSSL:

        CVE-2015-1788 - Malformed ECParameters causes infinite loop
        CVE-2015-1789 - Exploitable out-of-bounds read in X509_cmp_time
        CVE-2015-1792 - CMS verify infinite loop with unknown hash function

Note that CMS was already disabled in LibreSSL. Several other issues did not apply or were already fixed and one is under review.
For more information, see the OpenSSL advisory.
A source code patch exists which remedies this problem.

Re:And I wish...

[myowntrueself]

Thank you for your deep insight into this problem. Now that you have tossed OpenSSL what are you going to be replacing it with.

Nothing. We'll overload the fuckers. They are probably throwing away petabytes of encrypted data because, given its context, decrypting it to find out if it happens to be valuable is too much work. If we send everything in the plain they will have to devote billions of man hours of human intelligence to everyones blathering! The NSA etc would be overwhelmed! Genius!

Re:And I wish...

[sexconker]

Can one miss a point that isn't there?

Re:And I wish...

[daveime]

Anything but GNUTLS. I tried that piece of shit a few years ago, and encountered a database corruption bug that just killed your SSL at random intervals without warning and no messages in error_log. Only solution was to delete the database before restarting apache ... a restart by itself didn't fix the db.

Re: And I wish...

[TheManInTheMoon]

Yes, of course. Just like the man on the stairs. http://en.m.wikipedia.org/wiki...

Re:And I wish...

[Demonoid-Penguin]

Dear butt-weasel,

People can point out issues even if they are not capable of providing fixes for them.

They can. Indeed they can. Only the other day I saw a bloke in a dressing gown giving similar suggestions to emergency workers fixing power lines. No doubt they appreciated the insights he offered.Just because a particular field of endeavor requires practitioners years of study and experience shouldn't prohibit the intuitively enhanced from giving directions. I bet the computer repair shop appreciate your directions on how to fix problems - that you don't know how to fix.

Not everyone is a coder, you elitist asshat.

Forgive me for not recognising the insurmountable barriers that have prevented you from ever learning to program. I now appreciate that not everyone is an uninformed arse-clown, we all have our crosses to bear. Carry on.

Re:And I wish...

[Demonoid-Penguin]

I bet you don't like some things the government does. You are invited to run for Senate or President. Because obviously if you don't, you should just shut up and gtfo.

Comprehension eludes you. There's a difference between having the capacity for the moral depravity and incompetence needed to be a politician - and the actual desire to be one. The ability to code, and active participation in OpenSSL seems similar - but what would I know. You certainly have my vote.

Complaining about open source software is like voting, you're letting your voice be heard but letting the other run the show.

A novel analogy. In what country to do you vote on random web forums? Which Open Source projects use any old web forum for bug tracking?

Submitting patches is like being a politician, you're the only actually doing the work.

If you'd only mentioned earlier that you were a politician it would have saved us all the trouble of taking anything you say seriously. Not that I think for a minute that you have tickets on yourself. Thanks for your invaluable opinions, unlike voting I actually welcome input from the uninformed - especially those that don't use my code, it's what motivates me to devote so much time to Open Source (and you thought it was because I'm tax payer funded and required to by law - how, um, quaint)

mbed TLS

[Aethedor]

I can advice every software developer to take a look at mbed TLS (former PolarSSL). It has everything a modern SSL-enabled application needs. It's API is easier that OpenSSL's, it has very good documentation (example programs included) and last but not least: it's secure!

No, I'm not the mbed TLS developer or in any way connected or related to mbed TLS. I'm just a very happy developer who replaced OpenSSL with mbed TLS in my project many years ago and never had any reason to look back. Even the users of my project are very happy with it. Good riddance!!

Re:And I wish...

[drinkypoo]

Who, the hell, said anything about Windows OR Linux besides you? OpenSSL runs on everything.

Not just that, but Microsoft is about to incorporate OpenSSH into Windows.

Re: And I wish...

[jmac_the_man]

Which Open Source projects use any old web forum for bug tracking?

Discourse is open source fourm software that self-hosts its bug tracker. And by "self-hosts," I mean they literally use a Discourse fourm to track bugs and cudgel fourm features into bugtracking features. For example, each bug is supposed to be the OP of a topic, and they prioritize bugs by counting the number of users that "like" the post describing the bug.

It works about as well as you'd expect.

with regards to meaningless slogans

[luis_a_espinal]

There's a difference between having the capacity for the moral depravity and incompetence needed to be a politician

What a load of meaningless crock. I'm sure it makes up for one hell of a slogan. Meaningless, but certainly attention-grabbing for the purpose of rhetorical posturing. Congratulations.

Re:with regards to meaningless slogans

[Demonoid-Penguin]

There's a difference between having the capacity for the moral depravity and incompetence needed to be a politician

I'm sure it makes up for one hell of a slogan.

Touchy much?

Re: And I wish...

[Demonoid-Penguin]

It works about as well as you'd expect.

Better than bitching on Slashdot? Noooooo