{"id":"MGASA-2020-0467","summary":"Updated openssl packages fix security vulnerability","details":"The X.509 GeneralName type is a generic type for representing different types\nof names. One of those name types is known as EDIPartyName.\nOpenSSL provides a function GENERAL_NAME_cmp which compares different\ninstances of a GENERAL_NAME to see if they are equal or not. This function\nbehaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME.\nA NULL pointer dereference and a crash may occur leading to a possible\ndenial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function\nfor two purposes:\n1) Comparing CRL distribution point names between an available CRL and a\nCRL distribution point embedded in an X509 certificate\n2) When verifying that a timestamp response token signer matches the\ntimestamp authority name (exposed via the API functions TS_RESP_verify_response\nand TS_RESP_verify_token)\nIf an attacker can control both items being compared then that attacker\ncould trigger a crash. For example if the attacker can trick a client or\nserver into checking a malicious certificate against a malicious CRL then\nthis may occur.\nNote that some applications automatically download CRLs based on a URL\nembedded in a certificate. This checking happens prior to the signatures on\nthe certificate and CRL being verified. OpenSSL's s_server, s_client and\nverify tools have support for the \"-crl_download\" option which implements\nautomatic CRL downloading and this attack has been demonstrated to work\nagainst those tools. Note that an unrelated bug means that affected versions\nof OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME.\nHowever it is possible to construct a malformed EDIPARTYNAME that OpenSSL's\nparser will accept and hence trigger this attack.\n(CVE-2020-1971)\n","modified":"2026-04-16T00:09:21.441146214Z","published":"2020-12-21T21:47:06Z","upstream":["CVE-2020-1971"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2020-0467.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=27791"},{"type":"WEB","url":"https://www.openssl.org/news/secadv/20201208.txt"},{"type":"WEB","url":"https://www.debian.org/security/2020/dsa-4807"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-4662-1"}],"affected":[{"package":{"name":"openssl","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/openssl?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.1.0l-1.2.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2020-0467.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}