Bugzilla – Bug 957812
VUL-0: CVE-2015-3195: openssl: X509_ATTRIBUTE memory leak
Last modified: 2022-02-16 21:21:20 UTC
https://www.openssl.org/news/secadv/20151203.txt X509_ATTRIBUTE memory leak (CVE-2015-3195) ========================================== Severity: Moderate When presented with a malformed X509_ATTRIBUTE structure OpenSSL will leak memory. This structure is used by the PKCS#7 and CMS routines so any application which reads PKCS#7 or CMS data from untrusted sources is affected. SSL/TLS is not affected. This issue affects OpenSSL versions 1.0.2 and 1.0.1, 1.0.0 and 0.9.8. OpenSSL 1.0.2 users should upgrade to 1.0.2e OpenSSL 1.0.1 users should upgrade to 1.0.1q OpenSSL 1.0.0 users should upgrade to 1.0.0t OpenSSL 0.9.8 users should upgrade to 0.9.8zh This issue was reported to OpenSSL on November 9 2015 by Adam Langley (Google/BoringSSL) using libFuzzer. The fix was developed by Dr. Stephen Henson of the OpenSSL development team.
An update workflow for this issue was started. This issue was rated as "moderate". Please submit fixed packages until "Dec. 10, 2015". When done, reassign the bug to "security-team@suse.de". /update/121082/.
An update workflow for this issue was started. This issue was rated as moderate. Please submit fixed packages until 2015-12-17. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/62367
An update workflow for this issue was started. This issue was rated as "moderate". Please submit fixed packages until "Dec. 10, 2015". When done, reassign the bug to "security-team@suse.de". /update/62367/.
bugbot adjusting priority
This is an autogenerated message for OBS integration: This bug (957812) was mentioned in https://build.opensuse.org/request/show/347471 13.2+13.1 / openssl
Packages submitted. Reassigning to security team.
This is an autogenerated message for OBS integration: This bug (957812) was mentioned in https://build.opensuse.org/request/show/347504 Factory / openssl
Created attachment 658489 [details] cve-2015-3195.c gcc -g -O2 -o cve-2015-3195 cve-2015-3195.c -lcrypto valgrind --leak-check=full ./cve-2015-3195 before: ==2531== 41 (40 direct, 1 indirect) bytes in 1 blocks are definitely lost in loss record 7 of 16 ==2531== at 0x4C2A00F: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==2531== by 0x4EA2377: CRYPTO_malloc (in /lib64/libcrypto.so.1.0.0) ==2531== by 0x4F8CD59: ASN1_OBJECT_new (in /lib64/libcrypto.so.1.0.0) ==2531== by 0x4F8CF94: c2i_ASN1_OBJECT (in /lib64/libcrypto.so.1.0.0) ==2531== by 0x4F9E577: asn1_ex_c2i (in /lib64/libcrypto.so.1.0.0) ==2531== by 0x4F9EB69: ??? (in /lib64/libcrypto.so.1.0.0) ==2531== by 0x4F9F9F9: ASN1_item_ex_d2i (in /lib64/libcrypto.so.1.0.0) ==2531== by 0x4F9FD5A: ??? (in /lib64/libcrypto.so.1.0.0) ==2531== by 0x4F9FFB0: ??? (in /lib64/libcrypto.so.1.0.0) ==2531== by 0x4F9F693: ASN1_item_ex_d2i (in /lib64/libcrypto.so.1.0.0) ==2531== by 0x4F9FC4E: ??? (in /lib64/libcrypto.so.1.0.0) ==2531== by 0x4F9FFB0: ??? (in /lib64/libcrypto.so.1.0.0) after: no such leak
SUSE-SU-2015:2230-1: An update that solves three vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 954256,957812,957813,957815 CVE References: CVE-2015-3194,CVE-2015-3195,CVE-2015-3196 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP1 (src): openssl-1.0.1i-36.1 SUSE Linux Enterprise Server 12-SP1 (src): openssl-1.0.1i-36.1 SUSE Linux Enterprise Desktop 12-SP1 (src): openssl-1.0.1i-36.1
SUSE-SU-2015:2237-1: An update that solves three vulnerabilities and has three fixes is now available. Category: security (moderate) Bug References: 937085,947104,954256,957812,957813,957815 CVE References: CVE-2015-3194,CVE-2015-3195,CVE-2015-3196 Sources used: SUSE Linux Enterprise Software Development Kit 12 (src): openssl-1.0.1i-27.6.1 SUSE Linux Enterprise Server 12 (src): openssl-1.0.1i-27.6.1 SUSE Linux Enterprise Desktop 12 (src): openssl-1.0.1i-27.6.1
Hello Jan, bsc#957815 (CVE-2015-3194) and bsc#957812 (CVE-2015-3195) also affect LibreSSL: http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.2.5-relnotes.txt > We have released LibreSSL 2.2.5, which will be arriving in the > LibreSSL directory of your local OpenBSD mirror soon. > > This release is based on the stable OpenBSD 5.8 branch. > > * Fixes from OpenSSL 1.0.1q > - CVE-2015-3194 - NULL pointer dereference in client side certificate > validation. > - CVE-2015-3195 - Memory leak in PKCS7 - not reachable from TLS/SSL For your convenience, here are the commits: https://github.com/libressl-portable/openbsd/commit/70e905b0d750d02740f6bd15d1616a819a51af92 Fix for OpenSSL CVE-2015-3195 https://github.com/libressl-portable/openbsd/commit/9900c16beb14eb3bfc8f4d8c6191e6e1a271c861 Fix for OpenSSL CVE-2015-3194 The affected distributions are: openSUSE:13.2:Update/libressl (2.2.1) openSUSE:Leap:42.1:Update/libressl (2.3.0) as well as security/libressl and Tumbleweed. This fix was not committed to the 2.3.x snapshot series. Please submit a maintenance update, thanks!
SUSE-SU-2015:2251-1: An update that solves one vulnerability and has one errata is now available. Category: security (moderate) Bug References: 952099,957812 CVE References: CVE-2015-3195 Sources used: SUSE Linux Enterprise Server for SAP 11-SP4 (src): compat-openssl097g-0.9.7g-146.22.36.1 SUSE Linux Enterprise Server for SAP 11-SP3 (src): compat-openssl097g-0.9.7g-146.22.36.1 SUSE Linux Enterprise Server for SAP 11-SP2 (src): compat-openssl097g-0.9.7g-146.22.36.1 SUSE Linux Enterprise Desktop 11-SP4 (src): compat-openssl097g-0.9.7g-146.22.36.1 SUSE Linux Enterprise Desktop 11-SP3 (src): compat-openssl097g-0.9.7g-146.22.36.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): compat-openssl097g-0.9.7g-146.22.36.1 SUSE Linux Enterprise Debuginfo 11-SP3 (src): compat-openssl097g-0.9.7g-146.22.36.1 SUSE Linux Enterprise Debuginfo 11-SP2 (src): compat-openssl097g-0.9.7g-146.22.36.1
LibreSSL issue split into boo#958768
SUSE-SU-2015:2253-1: An update that solves three vulnerabilities and has two fixes is now available. Category: security (moderate) Bug References: 937085,954256,957812,957813,957815 CVE References: CVE-2015-3194,CVE-2015-3195,CVE-2015-3196 Sources used: SUSE Linux Enterprise Server 11-SECURITY (src): openssl1-1.0.1g-0.35.1 SUSE Linux Enterprise Debuginfo 11-SP3 (src): openssl1-1.0.1g-0.35.1
SUSE-SU-2015:2275-1: An update that solves one vulnerability and has one errata is now available. Category: security (moderate) Bug References: 952099,957812 CVE References: CVE-2015-3195 Sources used: SUSE Studio Onsite 1.3 (src): openssl-0.9.8j-0.80.1 SUSE Linux Enterprise Software Development Kit 11-SP4 (src): openssl-0.9.8j-0.80.1 SUSE Linux Enterprise Software Development Kit 11-SP3 (src): openssl-0.9.8j-0.80.1 SUSE Linux Enterprise Server for VMWare 11-SP3 (src): openssl-0.9.8j-0.80.1 SUSE Linux Enterprise Server 11-SP4 (src): openssl-0.9.8j-0.80.1 SUSE Linux Enterprise Server 11-SP3 (src): openssl-0.9.8j-0.80.1 SUSE Linux Enterprise Server 11-SP2-LTSS (src): openssl-0.9.8j-0.80.1 SUSE Linux Enterprise Desktop 11-SP4 (src): openssl-0.9.8j-0.80.1 SUSE Linux Enterprise Desktop 11-SP3 (src): openssl-0.9.8j-0.80.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): openssl-0.9.8j-0.80.1 SUSE Linux Enterprise Debuginfo 11-SP3 (src): openssl-0.9.8j-0.80.1 SUSE Linux Enterprise Debuginfo 11-SP2 (src): openssl-0.9.8j-0.80.1
openSUSE-SU-2015:2288-1: An update that fixes three vulnerabilities is now available. Category: security (moderate) Bug References: 957812,957813,957815 CVE References: CVE-2015-3194,CVE-2015-3195,CVE-2015-3196 Sources used: openSUSE 13.2 (src): openssl-1.0.1k-2.27.1 openSUSE 13.1 (src): openssl-1.0.1k-11.75.1
openSUSE-SU-2015:2289-1: An update that solves three vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 954256,957812,957813,957815 CVE References: CVE-2015-3194,CVE-2015-3195,CVE-2015-3196 Sources used: openSUSE Leap 42.1 (src): openssl-1.0.1i-9.1
SUSE-SU-2015:2342-1: An update that solves one vulnerability and has one errata is now available. Category: security (moderate) Bug References: 952099,957812 CVE References: CVE-2015-3195 Sources used: SUSE Linux Enterprise Module for Legacy Software 12 (src): compat-openssl098-0.9.8j-87.1 SUSE Linux Enterprise Desktop 12-SP1 (src): compat-openssl098-0.9.8j-87.1 SUSE Linux Enterprise Desktop 12 (src): compat-openssl098-0.9.8j-87.1
openSUSE-SU-2015:2349-1: An update that solves one vulnerability and has one errata is now available. Category: security (moderate) Bug References: 952099,957812 CVE References: CVE-2015-3195 Sources used: openSUSE Leap 42.1 (src): compat-openssl098-0.9.8j-6.1
Created attachment 663072 [details] openssl-CVE-2015-3195.patch openssl-CVE-2015-3195.patch used in sle12 update
released
openSUSE-SU-2016:0637-1: An update that fixes 11 vulnerabilities is now available. Category: security (important) Bug References: 957812,957815,963415,968046,968047,968048,968050,968265,968374 CVE References: CVE-2015-1794,CVE-2015-3194,CVE-2015-3195,CVE-2015-3197,CVE-2016-0701,CVE-2016-0702,CVE-2016-0705,CVE-2016-0797,CVE-2016-0798,CVE-2016-0799,CVE-2016-0800 Sources used: openSUSE Evergreen 11.4 (src): openssl-1.0.1p-71.1
SUSE-SU-2016:0678-1: An update that fixes 8 vulnerabilities is now available. Category: security (important) Bug References: 937492,957812,963415,968046,968048,968051,968053,968374 CVE References: CVE-2015-0287,CVE-2015-3195,CVE-2015-3197,CVE-2016-0703,CVE-2016-0704,CVE-2016-0797,CVE-2016-0799,CVE-2016-0800 Sources used: SUSE Linux Enterprise Server 10 SP4 LTSS (src): openssl-0.9.8a-18.94.2
openSUSE-SU-2016:1327-1: An update that solves four vulnerabilities and has two fixes is now available. Category: security (moderate) Bug References: 950707,950708,957812,957815,977584,978492 CVE References: CVE-2015-3194,CVE-2015-3195,CVE-2015-5333,CVE-2015-5334 Sources used: openSUSE 13.2 (src): libressl-2.2.7-2.13.1
SUSE-FU-2022:0445-1: An update that solves 183 vulnerabilities, contains 21 features and has 299 fixes is now available. Category: feature (moderate) Bug References: 1000080,1000117,1000194,1000677,1000742,1001148,1001912,1002585,1002895,1003091,1005246,1009528,1010874,1010966,1011936,1015549,1019637,1021641,1022085,1022086,1022271,1027079,1027610,1027688,1027705,1027908,1028281,1028723,1029523,1029902,1030038,1032118,1032119,1035604,1039469,1040164,1040256,1041090,1042392,1042670,1044095,1044107,1044175,1049186,1049304,1050653,1050665,1055478,1055542,1055825,1056058,1056951,1057496,1062237,1065363,1066242,1066873,1068790,1070737,1070738,1070853,1071905,1071906,1071941,1073310,1073845,1073879,1074247,1076519,1077096,1077230,1078329,1079761,1080301,1081005,1081750,1081751,1082155,1082163,1082318,1083826,1084117,1084157,1085276,1085529,1085661,1087102,1087104,1088573,1089039,1090427,1090765,1090953,1093518,1093917,1094788,1094814,1094883,1095267,1096738,1096937,1097158,1097531,1097624,1098535,1098592,1099308,1099569,1100078,1101246,1101470,1102868,1104789,1106197,1108508,1109882,1109998,1110435,1110869,1110871,1111493,1111622,1111657,1112209,1112357,1113534,1113652,1113742,1113975,1115769,1117951,1118611,1119376,1119416,1119792,1121717,1121852,1122191,1123064,1123185,1123186,1123558,1124885,1125815,1126283,1126318,1127080,1127173,1128146,1128323,1128355,1129071,1129566,1130840,1131291,1132174,1132323,1132455,1132663,1132900,1135009,1136444,1138666,1138715,1138746,1139915,1140255,1141168,1142899,1143033,1143454,1143893,1144506,1149686,1149792,1150003,1150190,1150250,1150895,1153830,1155815,1156677,1156694,1156908,1157104,1157354,1158809,1159235,1159538,1160163,1161557,1161770,1162224,1162367,1162743,1163978,1164310,1165439,1165578,1165730,1165823,1165960,1166139,1166758,1167008,1167501,1167732,1167746,1168480,1168973,1169489,1170175,1170863,1171368,1171561,1172226,1172908,1172928,1173226,1173356,1174009,1174091,1174514,1175729,1176116,1176129,1176134,1176232,1176256,1176257,1176258,1176259,1176262,1176389,1176785,1176977,1177120,1177127,1177559,1178168,1178341,1178670,1179491,1179562,1179630,1179805,1180125,1180781,1181126,1181324,1181944,1182066,1182211,1182244,1182264,1182331,1182333,1182379,1182963,1183059,1183374,1183858,1184505,1185588,1185706,1185748,1186738,1187045,1189521,1190781,1193357,356549,381844,394317,408865,428177,430141,431945,437293,442740,459468,489641,504687,509031,526319,590833,610223,610642,629905,637176,651003,657698,658604,670526,673071,693027,715423,720601,743787,747125,748738,749210,749213,749735,750618,751718,751946,751977,754447,754677,761500,774710,784670,784994,787526,793420,799119,802184,803004,809831,811890,822642,825221,828513,831629,832833,834601,835687,839107,84331,849377,855666,855676,856687,857203,857850,858239,867887,869945,871152,872299,873351,876282,876710,876712,876748,880891,885662,885882,889013,889363,892477,892480,895129,898917,901223,901277,901902,902364,906878,907584,908362,908372,912014,912015,912018,912292,912293,912294,912296,912460,913229,915479,917607,917759,917815,919648,920236,922448,922488,922496,922499,922500,926597,929678,929736,930189,931698,931978,933898,933911,934487,934489,934491,934493,935856,937085,937212,937492,937634,937912,939456,940608,942385,942751,943421,944204,945455,946648,947104,947357,947679,948198,952871,954256,954486,954690,957812,957813,957815,958501,961334,962291,963415,963974,964204,964472,964474,965830,967128,968046,968047,968048,968050,968265,968270,968374,968601,975875,976942,977584,977614,977615,977616,977663,978224,981848,982268,982575,983249,984323,985054,988086,990207,990392,990419,990428,991193,991877,992120,992988,992989,992992,993130,993819,993825,993968,994749,994844,994910,995075,995324,995359,995377,995959,996255,997043,997614,998190,999665,999666,999668 CVE References: CVE-2006-2937,CVE-2006-2940,CVE-2006-3738,CVE-2006-4339,CVE-2006-4343,CVE-2006-7250,CVE-2007-3108,CVE-2007-4995,CVE-2007-5135,CVE-2008-0891,CVE-2008-1672,CVE-2008-5077,CVE-2009-0590,CVE-2009-0591,CVE-2009-0789,CVE-2009-1377,CVE-2009-1378,CVE-2009-1379,CVE-2009-1386,CVE-2009-1387,CVE-2010-0740,CVE-2010-0742,CVE-2010-1633,CVE-2010-2939,CVE-2010-3864,CVE-2010-5298,CVE-2011-0014,CVE-2011-3207,CVE-2011-3210,CVE-2011-3389,CVE-2011-4108,CVE-2011-4576,CVE-2011-4577,CVE-2011-4619,CVE-2011-4944,CVE-2012-0027,CVE-2012-0050,CVE-2012-0845,CVE-2012-0884,CVE-2012-1150,CVE-2012-1165,CVE-2012-2110,CVE-2012-2686,CVE-2012-4929,CVE-2013-0166,CVE-2013-0169,CVE-2013-1752,CVE-2013-4238,CVE-2013-4314,CVE-2013-4353,CVE-2013-6449,CVE-2013-6450,CVE-2014-0012,CVE-2014-0076,CVE-2014-0160,CVE-2014-0195,CVE-2014-0198,CVE-2014-0221,CVE-2014-0224,CVE-2014-1829,CVE-2014-1830,CVE-2014-2667,CVE-2014-3470,CVE-2014-3505,CVE-2014-3506,CVE-2014-3507,CVE-2014-3508,CVE-2014-3509,CVE-2014-3510,CVE-2014-3511,CVE-2014-3512,CVE-2014-3513,CVE-2014-3566,CVE-2014-3567,CVE-2014-3568,CVE-2014-3570,CVE-2014-3571,CVE-2014-3572,CVE-2014-4650,CVE-2014-5139,CVE-2014-7202,CVE-2014-7203,CVE-2014-8275,CVE-2014-9721,CVE-2015-0204,CVE-2015-0205,CVE-2015-0206,CVE-2015-0209,CVE-2015-0286,CVE-2015-0287,CVE-2015-0288,CVE-2015-0289,CVE-2015-0293,CVE-2015-1788,CVE-2015-1789,CVE-2015-1790,CVE-2015-1791,CVE-2015-1792,CVE-2015-2296,CVE-2015-3194,CVE-2015-3195,CVE-2015-3196,CVE-2015-3197,CVE-2015-3216,CVE-2015-4000,CVE-2016-0702,CVE-2016-0705,CVE-2016-0797,CVE-2016-0798,CVE-2016-0799,CVE-2016-0800,CVE-2016-10745,CVE-2016-2105,CVE-2016-2106,CVE-2016-2107,CVE-2016-2109,CVE-2016-2176,CVE-2016-2177,CVE-2016-2178,CVE-2016-2179,CVE-2016-2180,CVE-2016-2181,CVE-2016-2182,CVE-2016-2183,CVE-2016-6302,CVE-2016-6303,CVE-2016-6304,CVE-2016-6306,CVE-2016-7052,CVE-2016-7055,CVE-2016-9015,CVE-2017-18342,CVE-2017-3731,CVE-2017-3732,CVE-2017-3735,CVE-2017-3736,CVE-2017-3737,CVE-2017-3738,CVE-2018-0732,CVE-2018-0734,CVE-2018-0737,CVE-2018-0739,CVE-2018-18074,CVE-2018-20060,CVE-2018-5407,CVE-2018-7750,CVE-2019-10906,CVE-2019-11236,CVE-2019-11324,CVE-2019-13132,CVE-2019-1547,CVE-2019-1551,CVE-2019-1559,CVE-2019-1563,CVE-2019-20907,CVE-2019-20916,CVE-2019-5010,CVE-2019-6250,CVE-2019-8341,CVE-2019-9740,CVE-2019-9947,CVE-2020-14343,CVE-2020-15166,CVE-2020-15523,CVE-2020-15801,CVE-2020-1747,CVE-2020-1971,CVE-2020-25659,CVE-2020-26137,CVE-2020-27783,CVE-2020-28493,CVE-2020-29651,CVE-2020-36242,CVE-2020-8492,CVE-2021-23336,CVE-2021-23840,CVE-2021-23841,CVE-2021-28957,CVE-2021-29921,CVE-2021-3177,CVE-2021-33503,CVE-2021-3426,CVE-2021-3712 JIRA References: ECO-3105,SLE-11435,SLE-12684,SLE-12986,SLE-13688,SLE-14253,SLE-15159,SLE-15860,SLE-15861,SLE-16754,SLE-17532,SLE-17957,SLE-18260,SLE-18354,SLE-18446,SLE-19264,SLE-3887,SLE-4480,SLE-4577,SLE-7686,SLE-9135 Sources used: SUSE Manager Tools 12-BETA (src): venv-salt-minion-3002.2-3.3.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.