OpenSSL updates, 1.0.1t and 1.0.2h

Rod Vagg

Rod Vagg

(Update 6-May-2016) New Node.js Releases

The following releases have been made available to include the security updates to OpenSSL discussed in the post below. Please upgrade your Node.js installation as soon as possible in order to be protected against the disclosed vulnerabilities.

  • Node v6.1.0 (Current): /blog/release/v6.1.0/
  • Node v5.11.1: /blog/release/v5.11.1/
  • Node v4.4.4 (LTS): /blog/release/v4.4.4/
  • Node v0.12.14 (Maintenance): /blog/release/v0.12.14/
  • Node v0.10.45 (Maintenance): /blog/release/v0.10.45/

Original post is included below, along with an update containing a risk assessment

The OpenSSL project has announced that they will be releasing versions 1.0.1t and 1.0.2h this week, on Tuesday the 3rd of May, UTC. The releases will fix "several security defects" that are labelled as "high" severity under their security policy, meaning they are:

... issues that are of a lower risk than critical, perhaps due to affecting less common configurations, or which are less likely to be exploitable.

Node.js v0.10 and v0.12 both use OpenSSL v1.0.1 and Node.js v4, v5 and v6 use OpenSSL v1.0.2 and releases from nodejs.org and some other popular distribution sources are statically compiled. Therefore, all active release lines are impacted by this update.

At this stage, due to embargo, it is uncertain the exact nature of these defects, nor what impact they will have on Node.js users, if any. We will proceed as follows:

Within approximately 24 hours of the OpenSSL releases, our crypto team will make an impact assessment for Node.js users of the OpenSSL releases. This information may vary depending for the different active release lines and will be posted here.

As part of that impact assessment we will announce our release plans for each of the active release lines to take into account any impact. Please be prepared for the possibility of important updates to Node.js v0.10, v0.12, v4, v5 and v6 soon after Tuesday, the 3rd of May. It is likely that if upgrades are required that they will be ready on or after Thursday, the 5th of May.

Note that Node.js v5 will be supported until June and will therefore be included in this set of releases.

Please monitor the nodejs-sec Google Group for updates, including an impact assessment and updated details on release timing within approximately 24 hours after the OpenSSL release: https://groups.google.com/forum/#!forum/nodejs-sec

Contact and future updates

The current Node.js security policy can be found at https://github.com/nodejs/node/security/policy#security.

Please contact security@nodejs.org if you wish to report a vulnerability in Node.js.

Subscribe to the low-volume announcement-only nodejs-sec mailing list at https://groups.google.com/forum/#!forum/nodejs-sec to stay up to date on security vulnerabilities and security-related releases of Node.js and the projects maintained in the nodejs GitHub organization.

(Update 4-May-2016) OpenSSL Impact Assessment

Our crypto team (Ben Noordhuis, Shigeki Ohtsu and Fedor Indutny) have performed an analysis of the defects addressed in this week's OpenSSL releases, 1.0.2h and 1.0.1t. The results of this analysis are included below.

We will be producing new versions this week for all of our active release lines containing the new versions of OpenSSL in order to provide security assurance. We will provide an update here once all releases are available. We anticipate that they will be available on, or soon after, Thursday the 5th of May, UTC.

CVE-2016-2107: Padding oracle in AES-NI CBC MAC check

A man-in-the-middle (MITM) attacker may be able to execute a padding oracle attack to decrypt traffic when a connection uses an AES-CBC cipher and the server runs on an Intel CPU supporting AES-NI. This is a common configuration for TLS servers.

The OpenSSL project has labelled this vulnerability high severity.

Assessment: All versions of Node.js are affected by this vulnerability.

CVE-2016-2105: EVP_EncodeUpdate overflow

An overflow can occur in the OpenSSL EVP_EncodeUpdate() function which is used for Base64 encoding of binary data. An attacker must be able to supply large amounts of input data in order to cause an overflow.

Node.js uses the EVP_EncodeUpdate() internally during calls to crypto.Certificate#exportPublicKey() for SPKAC Certificate Signing Requests. User-supplied data must be passed to this method for applications to be vulnerable. This method has been available since Node.js v0.12.

The OpenSSL project has labelled this vulnerability low severity.

  • Node.js v0.10 is unaffected
  • Node.js v0.12, v4, v5 and v6 are affected

CVE-2016-2108: Memory corruption in the ASN.1 encoder

Assessment: All versions of Node.js are believed to be unaffected by this vulnerability.

CVE-2016-2106: EVP_EncryptUpdate overflow

Assessment: All versions of Node.js are believed to be unaffected by this vulnerability

CVE-2016-2109: ASN.1 BIO excessive memory allocation (CVE-2016-2109)

Assessment: All versions of Node.js are believed to be unaffected by this vulnerability

CVE-2016-2176: EBCDIC overread

Assessment: All versions of Node.js are believed to be unaffected by this vulnerability