OpenSSL has released new version 1.0.2r of OpenSSL to fix a vulnerability in versions 1.0.2–1.0.2q.
The software security update addresses a 0-byte record padding oracle vulnerability (CVE-2019-1559).
An excerpt of the OpenSSL bug as described in the advisory:
“If an application encounters a fatal protocol error and then calls
SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data.”
The advisory also noted that “non-stitched” ciphersuites must be in use for the bug to be exploitable. Also, the application must call SSL_shutdown() twice even if a protocol error has occurred.
The issue also does not impact OpenSSL 1.1.1 or 1.1.0.
Users of older versions are encouraged to upgrade to OpenSSL 1.1.1 if they are running 1.0.2 or 1.1.0, which support ends on December 31st and September 11th of this year, respectively.