<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>Patch Package: OTP 20.1.7
<br>
Git Tag: OTP-20.1.7
<br>
Date: 2017-11-22
<br>
Trouble Report Id: OTP-14632, OTP-14653, OTP-14655, OTP-14748,
OTP-14766
<br>
Seq num:
<br>
System: OTP
<br>
Release: 20
<br>
Application: public_key-1.5.1, ssl-8.2.2
<br>
Predecessor: OTP 20.1.6
<br>
<br>
Check out the git tag OTP-20.1.7, and build a full OTP system
<br>
including documentation. Apply one or more applications from this
<br>
build as patches to your installation using the 'otp_patch_apply'
<br>
tool. For information on install requirements, see descriptions
for
<br>
each application version below.
<br>
<br>
---------------------------------------------------------------------
<br>
--- public_key-1.5.1
------------------------------------------------
<br>
---------------------------------------------------------------------
<br>
<br>
The public_key-1.5.1 application can be applied independently of
<br>
other applications on a full OTP 20 installation.
<br>
<br>
--- Improvements and New Features ---
<br>
<br>
OTP-14653 Application(s): public_key
<br>
<br>
Hostname verification: Add handling of the general
name
<br>
iPAddress in certificate's subject alternative name
<br>
extension (subjAltName).
<br>
<br>
<br>
OTP-14766 Application(s): public_key
<br>
<br>
Correct key handling in pkix_test_data/1 and use a
<br>
generic example mail address instead of an existing
<br>
one.
<br>
<br>
<br>
Full runtime dependencies of public_key-1.5.1: asn1-3.0,
crypto-3.8,
<br>
erts-6.0, kernel-3.0, stdlib-2.0
<br>
<br>
<br>
---------------------------------------------------------------------
<br>
--- ssl-8.2.2
-------------------------------------------------------
<br>
---------------------------------------------------------------------
<br>
<br>
Note! The ssl-8.2.2 application can <b class="moz-txt-star"><span
class="moz-txt-tag">*</span>not<span class="moz-txt-tag">*</span></b>
be applied independently of
<br>
other applications on an arbitrary OTP 20 installation.
<br>
<br>
On a full OTP 20 installation, also the following runtime
<br>
dependency has to be satisfied:
<br>
-- public_key-1.5 (first satisfied in OTP 20.1)
<br>
<br>
<br>
--- Fixed Bugs and Malfunctions ---
<br>
<br>
OTP-14632 Application(s): ssl
<br>
<br>
TLS sessions must be registered with SNI if
provided,
<br>
so that sessions where client hostname verification
<br>
would fail can not connect reusing a session
created
<br>
when the server name verification succeeded.
<br>
<br>
Thanks to Graham Christensen for reporting this.
<br>
<br>
<br>
OTP-14748 Application(s): ssl
<br>
<br>
An erlang TLS server configured with cipher suites
<br>
using rsa key exchange, may be vulnerable to an
<br>
Adaptive Chosen Ciphertext attack (AKA
Bleichenbacher
<br>
attack) against RSA, which when exploited, may
result
<br>
in plaintext recovery of encrypted messages and/or
a
<br>
Man-in-the-middle (MiTM) attack, despite the
attacker
<br>
not having gained access to the server’s private
key
<br>
itself. CVE-2017-1000385
<br>
<br>
Exploiting this vulnerability to perform plaintext
<br>
recovery of encrypted messages will, in most
practical
<br>
cases, allow an attacker to read the plaintext only
<br>
after the session has completed. Only TLS sessions
<br>
established using RSA key exchange are vulnerable
to
<br>
this attack.
<br>
<br>
Exploiting this vulnerability to conduct a MiTM
attack
<br>
requires the attacker to complete the initial
attack,
<br>
which may require thousands of server requests,
during
<br>
the handshake phase of the targeted session within
the
<br>
window of the configured handshake timeout. This
attack
<br>
may be conducted against any TLS session using RSA
<br>
signatures, but only if cipher suites using RSA key
<br>
exchange are also enabled on the server. The
limited
<br>
window of opportunity, limitations in bandwidth,
and
<br>
latency make this attack significantly more
difficult
<br>
to execute.
<br>
<br>
RSA key exchange is enabled by default although
least
<br>
prioritized if server order is honored. For such a
<br>
cipher suite to be chosen it must also be supported
by
<br>
the client and probably the only shared cipher
suite.
<br>
<br>
Captured TLS sessions encrypted with ephemeral
cipher
<br>
suites (DHE or ECDHE) are not at risk for
subsequent
<br>
decryption due to this vulnerability.
<br>
<br>
As a workaround if default cipher suite
configuration
<br>
was used you can configure the server to not use
<br>
vulnerable suites with the ciphers option like
this:
<br>
<br>
{ciphers, [Suite || Suite <-
ssl:cipher_suites(),
<br>
element(1,Suite) =/= rsa]}
<br>
<br>
that is your code will look somethingh like this:
<br>
<br>
ssl:listen(Port, [{ciphers, [Suite || Suite <-
<br>
ssl:cipher_suites(), element(1,S) =/= rsa]} |
<br>
Options]).
<br>
<br>
Thanks to Hanno Böck, Juraj Somorovsky and Craig
Young
<br>
for reporting this vulnerability.
<br>
<br>
<br>
--- Improvements and New Features ---
<br>
<br>
OTP-14655 Application(s): ssl
<br>
<br>
If no SNI is available and the hostname is an
<br>
IP-address also check for IP-address match. This
check
<br>
is not as good as a DNS hostname check and
certificates
<br>
using IP-address are not recommended.
<br>
<br>
Thanks to Graham Christensen for reporting this.
<br>
<br>
<br>
Full runtime dependencies of ssl-8.2.2: crypto-3.3, erts-7.0,
<br>
inets-5.10.7, kernel-3.0, public_key-1.5, stdlib-3.2
<br>
<br>
<br>
---------------------------------------------------------------------
<br>
---------------------------------------------------------------------
<br>
---------------------------------------------------------------------
<br>
</p>
</body>
</html>