Six security flaws fixed in OpenSSL
The OpenSSL developers have released two updates, 1.0.0f and 0.9.8s, which close six security holes. Four of the flaws affect both the 1.0.0 and 0.9.8 versions. Among them, the critical vulnerability in the CBC ("Cipher block chaining") encryption mode which enabled plaintext recovery of OpenSSL's implementation of DTLS (Datagram TLS), has been addressed.
Last year, researchers discovered that the implementation of CBC – a process which XORs a block of plaintext with the ciphertext of the previous block making each encrypted block dependent on all the previous blocks – was vulnerable in part because the initialisation of the CBC process was not randomised. The Padding Oracle Attacks research has been expanded on by researchers who describe how they exploit timing differences in the processing of DTLS packets in OpenSSL in their paper Plaintext-Recovery Attacks Against Datagram TLS.
Another problem was the use of uninitialised memory when padding out SSL 3.0 blocks. This meant that potentially sensitive memory content was being sent, encrypted, to the receiving system if the buffers had not been deleted. This issue does not affect TLS. Another memory issue, a double free, and three denial of service vulnerabilities were also addressed in the updates.
Source code for the updated OpenSSL libraries is available to download though most users should expect their operating system vendor or distribution to release an update soon.