OpenSSL today released an emergency security update after a patch in its most recent update issued last week introduced a critical vulnerability in the cryptographic library.
The new flaw affects only OpenSSL 1.1.0a, which was made available last Thursday; users are urged to update to 1.1.0b immediately.
The original patch addressed an issue, CVE-2016-6307, where there was excessive memory allocation in tls_get_message_header. OpenSSL rated that flaw a low-severity bug and said it could cause servers to crash.
The patch, however, brought a new vulnerability to the code where if messages larger than 16k are received, the underlying buffer that stores the message would be reallocated and moved, OpenSSL said.
“Unfortunately a dangling pointer to the old location is left which results in an attempt to write to the previously freed location,” OpenSSL said in its advisory today. “This is likely to result in a crash, however it could potentially lead to execution of arbitrary code.”
OpenSSL also included a patch for another new vulnerability affecting only OpenSSL 1.0.2i, which was also released last week.
The bug, CVE-2016-7052, is labeled a missing certificate revocation list (CRL) sanity check component. The sanity check, OpenSSL said, was added originally to 1.1.0, but omitted from 1.0.2i.
“As a result any attempt to use CRLs in OpenSSL 1.0.2i will crash with a null pointer exception,” OpenSSL said. It added that users should upgrade to 1.0.2j to remedy this issue.
Last week’s update patched only one critical vulnerability, which was found and fixed in OpenSSL’s implementation of the Online Certificate Status Protocol (OCSP) that could cause servers to crash, and in some situations, allows attackers to execute arbitrary code.
OCSP is considered an alternative to CRLs and is used by a client to ping a server requesting the status of a digital certificate. A client sending an overly large OCSP Status Request extension could trigger the bug and crash the server, OpenSSL said.
OpenSSL also mitigated the SWEET32 vulnerability, CVE-2016-2183. Sweet32 was disclosed in August and affected 64-bit ciphers such as Triple-DES (3DES) and Blowfish and could allow an attacker to recover authentication cookie data from 3DES traffic, and usernames and passwords from OpenVPN traffic, which is secured by Blowfish. As expected, OpenSSL moved 64-bit ciphers from the high cipherstring group to medium in OpenSSL 1.0.1 and 1.0.2. OpenSSL 1.1.0 disables these ciphersuites by default.