Skip to content

Commit

Permalink
Blog: update to OpenSSL 1.0.2m announcement
Browse files Browse the repository at this point in the history
  • Loading branch information
rvagg committed Nov 2, 2017
1 parent 4eebe79 commit 0f1cd94
Showing 1 changed file with 45 additions and 0 deletions.
45 changes: 45 additions & 0 deletions locale/en/blog/vulnerability/openssl-november-2017.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,51 @@ layout: blog-post.hbs
author: Rod Vagg
---

## _(Update 2-Nov-2017)_ Node.js Impact Assessment & Release Plan

The following impact assessment for Node.js of the flaws fixed in OpenSSL 1.0.2m has been provided by Shigeki Ohtsu from our crypto team. Original details about the announcement from the OpenSSL team can be found [below](#original_post).

### [CVE-2017-3735](https://www.openssl.org/news/vulnerabilities.html#2017-3735): OOB read parsing IPAdressFamily in an X.509 certificate

CVE-2017-3735 fixes buffer over-read in parsing X.509 certificates using extensions defined in RFC3779.

Node.js disables RFC3779 support by defining `OPENSSL_NO_RFC3779` during compile. It is therefore **unlikely that Node.js is impacted in any way by this vulnerability**.

### [CVE-2017-3736](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3736): OOB read parsing IPAdressFamily in an X.509 certificate

CVE-2017-3736 fixes a carry propagating bug in the x86_64 [_Montgomery squaring_](https://en.wikipedia.org/wiki/Exponentiation_by_squaring#Montgomery.27s_ladder_technique) procedure.

> Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against Diffie-Hellman are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent Diffie-Hellman parameters and a private key that is shared between multiple clients.
> This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen.
CVE-2017-3736 impacts Node.js users but the likelihood of successful attack using the flaw is **very low and we therefore deem it to be non-critical**.

### Additional fixes

OpenSSL 1.0.2m also includes two additional fixes that do not have a CVE assigned to them.

1. A [side channel attack of ECDSA](https://github.com/openssl/openssl/commit/23f7e974d59a576ad7d8cfd9f7ac957a883e361f) which appears too difficult to execute and can only obtain limited information about a private key.
2. A fix for [TLS servers with SNI enabled](https://github.com/openssl/openssl/commit/a92ca561bc91f4ebd2f53578e82058efcde61aed). Node.js does not use `SSL_set_SSL_CTX` in this context so is not impacted.

### Release plan

Due to the low impact and low severity of these fixes, we have decided ***not*** to push urgent releases of Node.js this week. Releases of all active release lines are scheduled for next Tuesday, the 7th of November and these releases will all include OpenSSL 1.0.2m along with other regular Node.js patches and additions.

Our active release lines are:

* Node.js 4 LTS "Argon" (Maintenance LTS)
* Node.js 6 LTS "Boron" (Active LTS)
* Node.js 8 LTS "Carbon" (Active LTS)
* Node.js 9 (Current)

We will include an update here once all releases are made available.


<a name="original_post"></a>
***Original post is included below***

--------------------------------------

The OpenSSL project has [announced](https://mta.openssl.org/pipermail/openssl-announce/2017-October/000103.html) _(also see their [correction](https://mta.openssl.org/pipermail/openssl-announce/2017-October/000104.html))_ that that they will be releasing versions 1.1.0g and 1.0.2m this week, on **Thursday the 2nd of November 2017, UTC**. The releases will fix one _"low severity security issue"_ and one _"moderate level security issue"_. "Moderate" level security issues for OpenSSL:

> ... includes issues like crashes in client applications, flaws in protocols that are less commonly used (such as DTLS), and local flaws.
Expand Down

0 comments on commit 0f1cd94

Please sign in to comment.