OpenSSL fixes six security holes

The most serious flaw is a DTLS plaintext recovery attack that has already been publicly documented.

OpenSSL has released an alert to warn of at least six security vulnerabilities affecting users of the open source implementation of the SSL and TLS protocols.

The vulnerabilities have been fixed in OpenSSL versions 1.0.0f and 0.9.8s.

The most serious flaw is a DTLS plaintext recovery attack that is publicly known (.pdf):

Nadhem Alfardan and Kenny Paterson have discovered an extension of the Vaudenay padding oracle attack on CBC mode encryption which enables an efficient plaintext recovery attack against the OpenSSL implementation of DTLS. Their attack exploits timing differences arising during decryption processing.

The latest OpenSSL updates also fixes a policy check failure that leads to a double-free bug and a separate issue where OpenSSL prior to 1.0.0f and 0.9.8s fails to clear the bytes used as block cipher padding in SSL 3.0 records. This affects both clients and servers that accept SSL 3.0 handshakes.

"As a result, in each record, up to 15 bytes of uninitialized memory may be sent, encrypted, to the SSL peer. This could include sensitive contents of previously freed memory," the open-source group said in an advisory.