[Pkg-openssl-devel] Bug#838652: Segmentation fault in openssl

Mario Lipinski mario.lipinski at iserv.eu
Fri Sep 23 10:38:24 UTC 2016 

Package: openssl
Version: 1.0.1t-1+deb8u4
Severity: important

Dear OpenSSL maintainers,

the most recent Debian security update for openssl introduces a 
segmentation fault while running openssl:

# openssl x509 -noout -dates -subject -issuer -text -in 
/etc/ssl/certs/iserv.crt
notBefore=Oct  9 02:17:03 2015 GMT
notAfter=Oct  9 02:17:10 2017 GMT
subject= /C=DE/ST=Niedersachsen/L=Braunschweig/O=IServ 
GmbH/CN=dev2.iserv.eu/emailAddress=hostmaster at iserv.eu
issuer= /C=IL/O=StartCom Ltd./OU=Secure Digital Certificate 
Signing/CN=StartCom Class 2 Primary Intermediate Server CA
Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
             08:28:21:16:be:a3:fe
     Signature Algorithm: sha256WithRSAEncryption
         Issuer: C=IL, O=StartCom Ltd., OU=Secure Digital Certificate 
Signing, CN=StartCom Class 2 Primary Intermediate Server CA
         Validity
             Not Before: Oct  9 02:17:03 2015 GMT
             Not After : Oct  9 02:17:10 2017 GMT
         Subject: C=DE, ST=Niedersachsen, L=Braunschweig, O=IServ GmbH, 
CN=dev2.iserv.eu/emailAddress=hostmaster at iserv.eu
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
                 Public-Key: (4096 bit)
                 Modulus:
                     00:af:0c:91:61:91:4d:96:c4:30:87:e7:cc:e6:b4:
                     dc:5a:b4:73:6f:ef:ec:65:50:54:6c:2f:1c:84:df:
                     1d:38:b5:d2:f0:ac:83:e4:09:46:23:d5:02:23:ae:
                     2e:fa:48:3f:f2:82:c7:d6:4b:63:7d:65:98:9b:b0:
                     4c:ba:0d:96:12:7e:30:55:53:32:b9:99:0b:b9:9c:
                     8a:b2:79:60:30:4c:50:71:61:da:8c:6b:00:ee:39:
                     95:36:a1:b2:e3:38:fb:44:9e:ac:6f:ca:3c:d3:87:
                     ce:f8:20:fd:e4:bb:1a:70:57:4a:6e:05:64:3a:66:
                     aa:c8:b8:cb:91:49:ae:74:b0:38:3d:5d:15:45:0a:
                     77:31:f1:d3:bc:dd:f7:bd:8d:84:fc:7f:49:4e:f5:
                     b3:8f:87:ee:e0:12:18:6d:9f:f6:f1:56:26:23:ab:
                     78:cf:c9:00:7d:0b:ce:0c:eb:45:d1:e7:95:09:40:
                     d6:30:34:2b:ad:12:91:88:2b:d3:96:db:e2:ee:be:
                     72:eb:98:64:d0:17:de:56:21:a0:08:d4:58:7d:f1:
                     04:aa:06:ae:b0:83:12:0a:60:e1:59:cf:6e:41:66:
                     67:90:cf:b8:40:de:ef:fd:d3:e2:98:b8:a7:2b:98:
                     bd:9b:c3:9a:ec:fe:e9:06:82:22:b5:f7:e4:89:4d:
                     0b:bc:60:15:64:e3:0d:c6:fe:75:d8:ff:26:a5:d9:
                     d6:73:68:9a:61:4e:18:1c:d4:15:e6:b8:17:f0:18:
                     97:81:a9:a6:b4:41:17:1e:48:73:74:7b:42:61:f0:
                     30:56:ea:e2:36:31:55:0f:f3:86:5f:02:60:63:91:
                     6f:8a:80:91:e6:ce:d6:37:bb:2b:a3:a6:1c:be:4e:
                     f5:4f:d5:48:e5:b2:c8:76:1a:3e:1f:76:74:0d:80:
                     20:a4:31:f4:25:87:61:76:97:95:34:3b:70:cb:64:
                     4c:83:f0:a5:c3:d4:8a:64:08:ce:1b:13:b3:e8:52:
                     fe:18:2c:e3:dd:7e:7a:7f:e1:e3:d3:2a:59:af:bc:
                     c1:55:ce:bd:c3:b4:fe:b5:c5:ba:e8:12:7d:02:a7:
                     6f:4a:10:ba:8e:05:2b:c5:4e:cd:cc:22:0e:2b:ad:
                     6d:a1:6f:b3:60:75:93:75:56:7f:e6:a5:e4:e9:7b:
                     c2:c8:c3:95:ad:60:c6:4f:74:58:64:0e:76:7a:3f:
                     d0:66:16:0d:5b:ec:47:0d:16:27:f2:b9:d7:80:1b:
                     e0:5e:67:3c:75:5f:8b:4c:85:38:65:70:04:b6:02:
                     b6:5a:79:cc:bb:99:40:b3:e7:93:7c:15:a0:fd:61:
                     a4:56:62:ea:c4:01:4f:bb:07:ee:77:fa:ba:eb:88:
                     f7:20:13
                 Exponent: 65537 (0x10001)
         X509v3 extensions:
             X509v3 Basic Constraints:
                 CA:FALSE
             X509v3 Key Usage:
                 Digital Signature, Key Encipherment, Key Agreement
             X509v3 Extended Key Usage:
                 TLS Web Client Authentication, TLS Web Server 
Authentication
             X509v3 Subject Key Identifier:
                 35:BD:44:3E:E6:27:C5:8D:EE:A5:7C:61:80:FF:8B:4A:87:2D:99:4E
             X509v3 Authority Key Identifier:
 
keyid:11:DB:23:45:FD:54:CC:6A:71:6F:84:8A:03:D7:BE:F7:01:2F:26:86

             X509v3 Subject Alternative Name:
                 DNS:dev2.iserv.eu, DNS:iserv.eu, DNS:iserv.dev2.iserv.eu
             X509v3 Certificate Policies:
                 Policy: 2.23.140.1.2.2
                 Policy: 1.3.6.1.4.1.23223.1.2.3
                   CPS: http://www.startssl.com/policy.pdf
                   User Notice:
                     Organization: StartCom Certification Authority
Speicherzugriffsfehler (Speicherabzug geschrieben)


For us, this affects certificates issued after around beginning of 
October with StartSSL.

I can reproduce this issue on other machines running a different 
architecture.

Let me know if you need any more information to reproduce the problem.

One affected certificate is

-----BEGIN CERTIFICATE-----
MIIHmTCCBoGgAwIBAgIHCCghFr6j/jANBgkqhkiG9w0BAQsFADCBjDELMAkGA1UE
BhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsTIlNlY3VyZSBE
aWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxODA2BgNVBAMTL1N0YXJ0Q29tIENs
YXNzIDIgUHJpbWFyeSBJbnRlcm1lZGlhdGUgU2VydmVyIENBMB4XDTE1MTAwOTAy
MTcwM1oXDTE3MTAwOTAyMTcxMFowgY0xCzAJBgNVBAYTAkRFMRYwFAYDVQQIEw1O
aWVkZXJzYWNoc2VuMRUwEwYDVQQHEwxCcmF1bnNjaHdlaWcxEzARBgNVBAoTCklT
ZXJ2IEdtYkgxFjAUBgNVBAMTDWRldjIuaXNlcnYuZXUxIjAgBgkqhkiG9w0BCQEW
E2hvc3RtYXN0ZXJAaXNlcnYuZXUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK
AoICAQCvDJFhkU2WxDCH58zmtNxatHNv7+xlUFRsLxyE3x04tdLwrIPkCUYj1QIj
ri76SD/ygsfWS2N9ZZibsEy6DZYSfjBVUzK5mQu5nIqyeWAwTFBxYdqMawDuOZU2
obLjOPtEnqxvyjzTh874IP3kuxpwV0puBWQ6ZqrIuMuRSa50sDg9XRVFCncx8dO8
3fe9jYT8f0lO9bOPh+7gEhhtn/bxViYjq3jPyQB9C84M60XR55UJQNYwNCutEpGI
K9OW2+LuvnLrmGTQF95WIaAI1Fh98QSqBq6wgxIKYOFZz25BZmeQz7hA3u/90+KY
uKcrmL2bw5rs/ukGgiK19+SJTQu8YBVk4w3G/nXY/yal2dZzaJphThgc1BXmuBfw
GJeBqaa0QRceSHN0e0Jh8DBW6uI2MVUP84ZfAmBjkW+KgJHmztY3uyujphy+TvVP
1Ujlssh2Gj4fdnQNgCCkMfQlh2F2l5U0O3DLZEyD8KXD1IpkCM4bE7PoUv4YLOPd
fnp/4ePTKlmvvMFVzr3DtP61xbroEn0Cp29KELqOBSvFTs3MIg4rrW2hb7NgdZN1
Vn/mpeTpe8LIw5WtYMZPdFhkDnZ6P9BmFg1b7EcNFifyudeAG+BeZzx1X4tMhThl
cAS2ArZaecy7mUCz55N8FaD9YaRWYurEAU+7B+53+rrriPcgEwIDAQABo4IC+zCC
AvcwCQYDVR0TBAIwADALBgNVHQ8EBAMCA6gwHQYDVR0lBBYwFAYIKwYBBQUHAwIG
CCsGAQUFBwMBMB0GA1UdDgQWBBQ1vUQ+5ifFje6lfGGA/4tKhy2ZTjAfBgNVHSME
GDAWgBQR2yNF/VTManFvhIoD1773AS8mhjA3BgNVHREEMDAugg1kZXYyLmlzZXJ2
LmV1gghpc2Vydi5ldYITaXNlcnYuZGV2Mi5pc2Vydi5ldTCCAVYGA1UdIASCAU0w
ggFJMAgGBmeBDAECAjCCATsGCysGAQQBgbU3AQIDMIIBKjAuBggrBgEFBQcCARYi
aHR0cDovL3d3dy5zdGFydHNzbC5jb20vcG9saWN5LnBkZjCB9wYIKwYBBQUHAgIw
geowJxYgU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwAwIBARqBvlRo
aXMgY2VydGlmaWNhdGUgd2FzIGlzc3VlZCBhY2NvcmRpbmcgdG8gdGhlIENsYXNz
IDIgVmFsaWRhdGlvbiByZXF1aXJlbWVudHMgb2YgdGhlIFN0YXJ0Q29tIENBIHBv
bGljeSwgcmVsaWFuY2Ugb25seSBmb3IgdGhlIGludGVuZGVkIHB1cnBvc2UgaW4g
Y29tcGxpYW5jZSBvZiB0aGUgcmVseWluZyBwYXJ0eSBvYmxpZ2F0aW9ucy4wNQYD
VR0fBC4wLDAqoCigJoYkaHR0cDovL2NybC5zdGFydHNzbC5jb20vY3J0Mi1jcmwu
Y3JsMIGOBggrBgEFBQcBAQSBgTB/MDkGCCsGAQUFBzABhi1odHRwOi8vb2NzcC5z
dGFydHNzbC5jb20vc3ViL2NsYXNzMi9zZXJ2ZXIvY2EwQgYIKwYBBQUHMAKGNmh0
dHA6Ly9haWEuc3RhcnRzc2wuY29tL2NlcnRzL3N1Yi5jbGFzczIuc2VydmVyLmNh
LmNydDAjBgNVHRIEHDAahhhodHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS8wDQYJKoZI
hvcNAQELBQADggEBAAgtWiVpspne4FF4PYUrt0ecVOJA2sC5p5QCNwd52DT4YAWo
AjooYqZCACxSZ/Quxjo6AWHmEGLy2alZlvswgG28VVAusQyzDKMkwSLFWqTTKSZ6
EAvP0ShcatTtPSvEbaK5AvxYt7AHjRwOp1p0tpKQN3Opx6W+5kvr34wX7RVEUB1O
sSq1y2YAFyhnV4Ev/+3pxG/u5/R9a2P+DqTYcb0pvgrb6Mm/shIRPbAk4uPF7sKc
EV+/Q4Lg6QyTzDar4ixoZ11a2TZa8ZRwTjS9Ewr+vkch/j+ZTpuWcFv8VxAJg/si
mGNGSwKg1VnDz+EiH7hU4Sv44Gp3N0ksBxVMDRQ=
-----END CERTIFICATE-----

-- 
Mit freundlichen Grüßen,
Mario Lipinski

IServ GmbH
Bültenweg 73
38106 Braunschweig

Telefon:   0531-2243666-0
Fax:       0531-2243666-9
E-Mail:    info at iserv.eu
Internet:  iserv.eu

USt-IdNr. DE265149425 | Amtsgericht Braunschweig | HRB 201822
Geschäftsführer: Benjamin Heindl, Jörg Ludwig

More information about the Pkg-openssl-devel mailing list