Adam Langley

**Name of the Vulnerable Software and Affected Versions** OpenSSL versions 1.0.1 through 1.0.1s OpenSSL versions 1.0.2 through 1.0.2g MySQL Server versions 5.6.29 and earlier MySQL Server versions 5.7.11 and earlier **Description** A double free vulnerability in the dsa priv decode function in crypto/dsa/dsa ameth.c in OpenSSL allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key. Additionally, a side-channel attack was found which makes use of cache-bank conflicts on the Intel Sandy-Bridge microarchitecture which could lead to the recovery of RSA keys. A vulnerability in the MySQL Server component of Oracle MySQL allows high privileged attackers with network access via multiple protocols to compromise MySQL Server, resulting in unauthorized ability to cause a hang or frequently repeatable crash of MySQL Server. **Recommendations** For OpenSSL versions 1.0.1 through 1.0.1s, update to version 1.0.1s or later to resolve the issue. For OpenSSL versions 1.0.2 through 1.0.2g, update to version 1.0.2g or later to resolve the issue. For MySQL Server versions 5.6.29 and earlier, update to version 5.6.30 or later to resolve the issue. For MySQL Server versions 5.7.11 and earlier, update to version 5.7.12 or later to resolve the issue. As a temporary workaround, consider restricting access to the dsa priv decode function in OpenSSL until a patch is available. Avoid using the `dsa priv decode` function in OpenSSL until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** OpenSSL versions prior to 0.9.8zh OpenSSL versions prior to 1.0.0t OpenSSL versions prior to 1.0.1q OpenSSL versions prior to 1.0.2e **Description** The issue is related to the implementation of ASN1 TFLG COMBINE in the OpenSSL library, specifically in the crypto/asn1/tasn dec.c file. It is associated with a lack of protection for service data. Exploitation of this issue may allow a remote attacker to obtain sensitive information from the process memory. This can occur by triggering a decoding failure in a PKCS#7 or CMS application using malformed X509 ATTRIBUTE data. **Recommendations** For versions prior to 0.9.8zh, update to version 0.9.8zh or later. For versions prior to 1.0.0t, update to version 1.0.0t or later. For versions prior to 1.0.1q, update to version 1.0.1q or later. For versions prior to 1.0.2e, update to version 1.0.2e or later.

**Name of the Vulnerable Software and Affected Versions** OpenSSL versions 1.0.1n through 1.0.1o OpenSSL versions 1.0.2b through 1.0.2c MySQL Server version 5.6.25 and earlier **Description** The issue is related to the processing of X.509 Basic Constraints cA values during the identification of alternative certificate chains, which can allow remote attackers to spoof a Certification Authority role and trigger unintended certificate verifications via a valid leaf certificate. This can enable an attacker to forge "trusted" certificates that could be used to conduct man-in-the-middle attacks. The vulnerability affects applications that verify certificates, including SSL/Transport Layer Security (TLS)/Datagram Transport Layer Security (DTLS) clients and SSL/TLS/DTLS servers using client authentication. **Recommendations** For OpenSSL versions 1.0.1n through 1.0.1o, update to a version that addresses this vulnerability. For OpenSSL versions 1.0.2b through 1.0.2c, update to a version that addresses this vulnerability. For MySQL Server version 5.6.25 and earlier, update to a version that addresses this vulnerability. As a temporary workaround, consider restricting access to untrusted certificates to minimize the risk of exploitation. Avoid using the vulnerable `X509 verify cert` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** OpenSSL versions prior to 1.3.0 OpenJDK versions prior to 1.3.0 PolarSSL versions prior to 1.3.0 **Description** The issue concerns the TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, which do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding. This allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, also known as the "Lucky Thirteen" issue. **Recommendations** For OpenSSL versions prior to 1.3.0, update to version 1.3.0 or later to resolve the issue. For OpenJDK versions prior to 1.3.0, update to version 1.3.0 or later to resolve the issue. For PolarSSL versions prior to 1.3.0, update to version 1.3.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable protocols until a patch is available.