From owner-freebsd-security-notifications@FreeBSD.ORG Wed May 30 12:47:41 2012 Return-Path: Delivered-To: freebsd-security-notifications@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 89D011065676; Wed, 30 May 2012 12:47:41 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 711418FC23; Wed, 30 May 2012 12:47:41 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id q4UClf16007584; Wed, 30 May 2012 12:47:41 GMT (envelope-from security-advisories@freebsd.org) Received: (from bz@localhost) by freefall.freebsd.org (8.14.5/8.14.5/Submit) id q4UClfAF007582; Wed, 30 May 2012 12:47:41 GMT (envelope-from security-advisories@freebsd.org) Date: Wed, 30 May 2012 12:47:41 GMT Message-Id: <201205301247.q4UClfAF007582@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: bz set sender to security-advisories@freebsd.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Precedence: bulk Cc: Subject: FreeBSD Security Advisory FreeBSD-SA-12:01.openssl X-BeenThere: freebsd-security-notifications@freebsd.org X-Mailman-Version: 2.1.5 Reply-To: freebsd-security@freebsd.org List-Id: "Moderated Security Notifications \[moderated, low volume\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 May 2012 12:47:41 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-12:01.openssl Security Advisory The FreeBSD Project Topic: OpenSSL multiple vulnerabilities Category: contrib Module: openssl Announced: 2012-05-03 Credits: Adam Langley, George Kadianakis, Ben Laurie, Ivan Nestlerode, Tavis Ormandy Affects: All supported versions of FreeBSD. Corrected: 2012-05-30 12:01:28 UTC (RELENG_7, 7.4-STABLE) 2012-05-30 12:01:28 UTC (RELENG_7_4, 7.4-RELEASE-p8) 2012-05-30 12:01:28 UTC (RELENG_8, 8.3-STABLE) 2012-05-30 12:01:28 UTC (RELENG_8_3, 8.3-RELEASE-p2) 2012-05-30 12:01:28 UTC (RELENG_8_2, 8.2-RELEASE-p8) 2012-05-30 12:01:28 UTC (RELENG_8_1, 8.1-RELEASE-p10) 2012-05-30 12:01:28 UTC (RELENG_9, 9.0-STABLE) 2012-05-30 12:01:28 UTC (RELENG_9_0, 9.0-RELEASE-p2) CVE Name: CVE-2011-4576, CVE-2011-4619, CVE-2011-4109, CVE-2012-0884, CVE-2012-2110 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . 0. Revision History v1.0 2012-05-02 Initial release. v1.1 2012-05-30 Updated patch to add SGC and BUF_MEM_grow_clean(3) bug fixes. I. Background FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. II. Problem Description OpenSSL fails to clear the bytes used as block cipher padding in SSL 3.0 records when operating as a client or a server that accept SSL 3.0 handshakes. As a result, in each record, up to 15 bytes of uninitialized memory may be sent, encrypted, to the SSL peer. This could include sensitive contents of previously freed memory. [CVE-2011-4576] OpenSSL support for handshake restarts for server gated cryptography (SGC) can be used in a denial-of-service attack. [CVE-2011-4619] If an application uses OpenSSL's certificate policy checking when verifying X509 certificates, by enabling the X509_V_FLAG_POLICY_CHECK flag, a policy check failure can lead to a double-free. [CVE-2011-4109] A weakness in the OpenSSL PKCS #7 code can be exploited using Bleichenbacher's attack on PKCS #1 v1.5 RSA padding also known as the million message attack (MMA). [CVE-2012-0884] The asn1_d2i_read_bio() function, used by the d2i_*_bio and d2i_*_fp functions, in OpenSSL contains multiple integer errors that can cause memory corruption when parsing encoded ASN.1 data. This error can occur on systems that parse untrusted ASN.1 data, such as X.509 certificates or RSA public keys. [CVE-2012-2110] III. Impact Sensitive contents of the previously freed memory can be exposed when communicating with a SSL 3.0 peer. However, FreeBSD OpenSSL version does not support SSL_MODE_RELEASE_BUFFERS SSL mode and therefore have a single write buffer per connection. That write buffer is partially filled with non-sensitive, handshake data at the beginning of the connection and, thereafter, only records which are longer than any previously sent record leak any non-encrypted data. This, combined with the small number of bytes leaked per record, serves to limit to severity of this issue. [CVE-2011-4576] Denial of service can be caused in the OpenSSL server application supporting server gated cryptography by performing multiple handshake restarts. [CVE-2011-4619] The double-free, when an application performs X509 certificate policy checking, can lead to denial of service in that application. [CVE-2011-4109] A weakness in the OpenSSL PKCS #7 code can lead to a successful Bleichenbacher attack. Only users of PKCS #7 decryption operations are affected. A successful attack needs on average 2^20 messages. In practice only automated systems will be affected as humans will not be willing to process this many messages. SSL/TLS applications are not affected. [CVE-2012-0884] The vulnerability in the asn1_d2i_read_bio() OpenSSL function can lead to a potentially exploitable attack via buffer overflow. The SSL/TLS code in OpenSSL is not affected by this issue, nor are applications using the memory based ASN.1 functions. There are no applications in FreeBSD base system affected by this issue, though some 3rd party consumers of these functions might be vulnerable when processing untrusted ASN.1 data. [CVE-2012-2110] The patch provided with the initial version of this advisory introduced bug to the Server Gated Cryptography (SGC) handshake code, that could cause SGC handshake to fail for a legitimate client. The updated patch also fixes the return error code in the BUF_MEM_grow_clean(3) function in the buffer size check code introduced by the CVE-2012-2110 fix. IV. Workaround No workaround is available. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to 7-STABLE, 8-STABLE or 9-STABLE, or to the RELENG_7_4, RELENG_8_3, RELENG_8_2, RELENG_8_1, RELENG_9_0 security branch dated after the correction date. 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to FreeBSD 7.4, 8.3, 8.2, 8.1, and 9.0 systems. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch http://security.FreeBSD.org/patches/SA-12:01/openssl2.patch # fetch http://security.FreeBSD.org/patches/SA-12:01/openssl2.patch.asc NOTE: The patch distributed at the time of the original advisory fixed the security vulnerability, but introduced a bug to the SGC handshake code that can cause the SGC handshake to fail for a legitimate client. Systems to which the original patch was applied should be patched with the following corrective patch, which contains only the additional changes required to fix the newly-introduced SGC handshake bug. The updated patch also corrects an error code for an error check introduced in the original patch. # fetch http://security.FreeBSD.org/patches/SA-12:01/openssl-sgc-fix.patch # fetch http://security.FreeBSD.org/patches/SA-12:01/openssl-sgc-fix.patch.asc b) Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system as described in and reboot the system. NOTE: Any third-party applications, including those installed from the FreeBSD ports collection, which are statically linked to libcrypto(3) should be recompiled in order to use the corrected code. 3) To update your vulnerable system via a binary patch: Systems running 7.4-RELEASE, 8.3-RELEASE, 8.2-RELEASE, 8.1-RELEASE or 9.0-RELEASE on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. CVS: Branch Revision Path - ------------------------------------------------------------------------- RELENG_7 src/crypto/openssl/crypto/buffer/buffer.c 1.1.1.4.2.3 src/crypto/openssl/crypto/pkcs7/pk7_doit.c 1.1.1.13.2.2 src/crypto/openssl/crypto/mem.c 1.1.1.8.2.2 src/crypto/openssl/crypto/x509v3/pcy_map.c 1.1.1.1.2.2 src/crypto/openssl/crypto/x509v3/pcy_tree.c 1.1.1.2.2.2 src/crypto/openssl/crypto/asn1/a_d2i_fp.c 1.1.1.3.2.1 src/crypto/openssl/ssl/ssl.h 1.1.1.16.2.3 src/crypto/openssl/ssl/ssl_err.c 1.1.1.11.2.3 src/crypto/openssl/ssl/s3_enc.c 1.1.1.13.2.2 src/crypto/openssl/ssl/s3_srvr.c 1.1.1.17.2.8 src/crypto/openssl/ssl/ssl3.h 1.1.1.6.2.2 RELENG_7_4 src/UPDATING 1.507.2.36.2.10 src/sys/conf/newvers.sh 1.72.2.18.2.13 src/crypto/openssl/crypto/buffer/buffer.c 1.1.1.4.2.1.2.2 src/crypto/openssl/crypto/pkcs7/pk7_doit.c 1.1.1.13.2.1.2.1 src/crypto/openssl/crypto/mem.c 1.1.1.8.2.1.2.1 src/crypto/openssl/crypto/x509v3/pcy_map.c 1.1.1.1.2.1.2.1 src/crypto/openssl/crypto/x509v3/pcy_tree.c 1.1.1.2.2.1.2.1 src/crypto/openssl/crypto/asn1/a_d2i_fp.c 1.1.1.3.20.1 src/crypto/openssl/ssl/ssl.h 1.1.1.16.2.2.2.1 src/crypto/openssl/ssl/ssl_err.c 1.1.1.11.2.2.2.1 src/crypto/openssl/ssl/s3_enc.c 1.1.1.13.2.1.2.1 src/crypto/openssl/ssl/s3_srvr.c 1.1.1.17.2.5.2.2 src/crypto/openssl/ssl/ssl3.h 1.1.1.6.2.1.2.1 RELENG_8 src/crypto/openssl/crypto/buffer/buffer.c 1.2.2.2 src/crypto/openssl/crypto/pkcs7/pk7_doit.c 1.1.1.13.10.2 src/crypto/openssl/crypto/mem.c 1.2.2.1 src/crypto/openssl/crypto/x509v3/pcy_map.c 1.2.2.1 src/crypto/openssl/crypto/x509v3/pcy_tree.c 1.2.2.2 src/crypto/openssl/crypto/asn1/a_d2i_fp.c 1.1.1.3.10.1 src/crypto/openssl/ssl/ssl.h 1.2.2.2 src/crypto/openssl/ssl/ssl_err.c 1.2.2.2 src/crypto/openssl/ssl/s3_enc.c 1.2.2.2 src/crypto/openssl/ssl/s3_srvr.c 1.3.2.6 src/crypto/openssl/ssl/ssl3.h 1.2.2.2 RELENG_8_3 src/UPDATING 1.632.2.26.2.4 src/sys/conf/newvers.sh 1.83.2.15.2.6 src/crypto/openssl/crypto/buffer/buffer.c 1.2.14.2 src/crypto/openssl/crypto/pkcs7/pk7_doit.c 1.1.1.13.10.1.4.1 src/crypto/openssl/crypto/mem.c 1.2.14.1 src/crypto/openssl/crypto/x509v3/pcy_map.c 1.2.14.1 src/crypto/openssl/crypto/x509v3/pcy_tree.c 1.2.2.1.6.1 src/crypto/openssl/crypto/asn1/a_d2i_fp.c 1.1.1.3.26.1 src/crypto/openssl/ssl/ssl.h 1.2.2.1.6.1 src/crypto/openssl/ssl/ssl_err.c 1.2.2.1.6.1 src/crypto/openssl/ssl/s3_enc.c 1.2.2.1.4.1 src/crypto/openssl/ssl/s3_srvr.c 1.3.2.4.2.2 src/crypto/openssl/ssl/ssl3.h 1.2.2.1.6.1 RELENG_8_2 src/UPDATING 1.632.2.19.2.10 src/sys/conf/newvers.sh 1.83.2.12.2.13 src/crypto/openssl/crypto/buffer/buffer.c 1.2.8.2 src/crypto/openssl/crypto/pkcs7/pk7_doit.c 1.1.1.13.10.1.2.1 src/crypto/openssl/crypto/mem.c 1.2.8.1 src/crypto/openssl/crypto/x509v3/pcy_map.c 1.2.8.1 src/crypto/openssl/crypto/x509v3/pcy_tree.c 1.2.2.1.4.1 src/crypto/openssl/crypto/asn1/a_d2i_fp.c 1.1.1.3.18.1 src/crypto/openssl/ssl/ssl.h 1.2.2.1.4.1 src/crypto/openssl/ssl/ssl_err.c 1.2.2.1.4.1 src/crypto/openssl/ssl/s3_enc.c 1.2.2.1.2.1 src/crypto/openssl/ssl/s3_srvr.c 1.3.2.3.2.2 src/crypto/openssl/ssl/ssl3.h 1.2.2.1.4.1 RELENG_8_1 src/UPDATING 1.632.2.14.2.13 src/sys/conf/newvers.sh 1.83.2.10.2.14 src/crypto/openssl/crypto/buffer/buffer.c 1.2.6.2 src/crypto/openssl/crypto/pkcs7/pk7_doit.c 1.1.1.13.16.1 src/crypto/openssl/crypto/mem.c 1.2.6.1 src/crypto/openssl/crypto/x509v3/pcy_map.c 1.2.6.1 src/crypto/openssl/crypto/x509v3/pcy_tree.c 1.2.2.1.2.1 src/crypto/openssl/crypto/asn1/a_d2i_fp.c 1.1.1.3.16.1 src/crypto/openssl/ssl/ssl.h 1.2.2.1.2.1 src/crypto/openssl/ssl/ssl_err.c 1.2.2.1.2.1 src/crypto/openssl/ssl/s3_enc.c 1.2.6.1 src/crypto/openssl/ssl/s3_srvr.c 1.3.2.2.2.2 src/crypto/openssl/ssl/ssl3.h 1.2.2.1.2.1 RELENG_9 src/crypto/openssl/crypto/buffer/buffer.c 1.2.10.2 src/crypto/openssl/crypto/pkcs7/pk7_doit.c 1.2.2.1 src/crypto/openssl/crypto/mem.c 1.2.10.1 src/crypto/openssl/crypto/x509v3/pcy_map.c 1.2.10.1 src/crypto/openssl/crypto/x509v3/pcy_tree.c 1.3.2.1 src/crypto/openssl/crypto/asn1/a_d2i_fp.c 1.1.1.3.22.1 src/crypto/openssl/ssl/ssl.h 1.3.2.1 src/crypto/openssl/ssl/ssl_err.c 1.3.2.1 src/crypto/openssl/ssl/s3_enc.c 1.3.2.1 src/crypto/openssl/ssl/s3_srvr.c 1.7.2.2 src/crypto/openssl/ssl/ssl3.h 1.3.2.1 RELENG_9_0 src/UPDATING 1.702.2.4.2.4 src/sys/conf/newvers.sh 1.95.2.4.2.6 src/crypto/openssl/crypto/buffer/buffer.c 1.2.12.2 src/crypto/openssl/crypto/pkcs7/pk7_doit.c 1.2.4.1 src/crypto/openssl/crypto/mem.c 1.2.12.1 src/crypto/openssl/crypto/x509v3/pcy_map.c 1.2.12.1 src/crypto/openssl/crypto/x509v3/pcy_tree.c 1.3.4.1 src/crypto/openssl/crypto/asn1/a_d2i_fp.c 1.1.1.3.24.1 src/crypto/openssl/ssl/ssl.h 1.3.4.1 src/crypto/openssl/ssl/ssl_err.c 1.3.4.1 src/crypto/openssl/ssl/s3_enc.c 1.3.4.1 src/crypto/openssl/ssl/s3_srvr.c 1.7.4.2 src/crypto/openssl/ssl/ssl3.h 1.3.4.1 - ------------------------------------------------------------------------- Subversion: Branch/path Revision - ------------------------------------------------------------------------- stable/7/ r236304 releng/7.4/ r236304 stable/8/ r236304 releng/8.3/ r236304 releng/8.2/ r236304 releng/8.1/ r236304 stable/9/ r236304 releng/9.0/ r236304 - ------------------------------------------------------------------------- VII. References http://www.openssl.org/news/secadv_20120419.txt http://www.openssl.org/news/secadv_20120312.txt http://www.openssl.org/news/secadv_20120104.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4576 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4619 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4109 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0884 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2110 http://lists.openwall.net/full-disclosure/2012/04/19/4 The latest revision of this advisory is available at http://security.FreeBSD.org/advisories/FreeBSD-SA-12:01.openssl.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (FreeBSD) iEYEARECAAYFAk/GEsMACgkQFdaIBMps37IOkwCgj6lSWidx+sk/C/seNNBmQfN8 36sAn2OQg0TEYq9xPf8yd0hrPICuDyGK =T8ip -----END PGP SIGNATURE----- From owner-freebsd-security-notifications@FreeBSD.ORG Wed May 30 12:47:52 2012 Return-Path: Delivered-To: freebsd-security-notifications@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 0ED6D1065676; Wed, 30 May 2012 12:47:52 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id EBB668FC18; Wed, 30 May 2012 12:47:51 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id q4UClp15007638; Wed, 30 May 2012 12:47:51 GMT (envelope-from security-advisories@freebsd.org) Received: (from bz@localhost) by freefall.freebsd.org (8.14.5/8.14.5/Submit) id q4UClpMx007637; Wed, 30 May 2012 12:47:51 GMT (envelope-from security-advisories@freebsd.org) Date: Wed, 30 May 2012 12:47:51 GMT Message-Id: <201205301247.q4UClpMx007637@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: bz set sender to security-advisories@freebsd.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Precedence: bulk Cc: Subject: FreeBSD Security Advisory FreeBSD-SA-12:02.crypt X-BeenThere: freebsd-security-notifications@freebsd.org X-Mailman-Version: 2.1.5 Reply-To: freebsd-security@freebsd.org List-Id: "Moderated Security Notifications \[moderated, low volume\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 May 2012 12:47:52 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-12:02.crypt Security Advisory The FreeBSD Project Topic: Incorrect crypt() hashing Category: core Module: libcrypt Announced: 2012-05-30 Credits: Rubin Xu, Joseph Bonneau, Donting Yu Affects: All supported versions of FreeBSD. Corrected: 2012-05-30 12:01:28 UTC (RELENG_7, 7.4-STABLE) 2012-05-30 12:01:28 UTC (RELENG_7_4, 7.4-RELEASE-p8) 2012-05-30 12:01:28 UTC (RELENG_8, 8.3-STABLE) 2012-05-30 12:01:28 UTC (RELENG_8_3, 8.3-RELEASE-p2) 2012-05-30 12:01:28 UTC (RELENG_8_2, 8.2-RELEASE-p8) 2012-05-30 12:01:28 UTC (RELENG_8_1, 8.1-RELEASE-p10) 2012-05-30 12:01:28 UTC (RELENG_9, 9.0-STABLE) 2012-05-30 12:01:28 UTC (RELENG_9_0, 9.0-RELEASE-p2) CVE Name: CVE-2012-2143 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background The crypt(3) function performs password hashing with additional code added to deter key search attempts. II. Problem Description There is a programming error in the DES implementation used in crypt() when handling input which contains characters that can not be represented with 7-bit ASCII. III. Impact When the input contains characters with only the most significant bit set (0x80), that character and all characters after it will be ignored. IV. Workaround No workaround is available, but systems not using crypt(), or which only use it to handle 7-bit ASCII are not vulnerable. Note that, because DES does not have the computational complexity to defeat brute force search on modern computers, it is not recommended for new applications. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to 7-STABLE, 8-STABLE, or 9-STABLE, or to the RELENG_7_4, RELENG_8_3, RELENG_8_2, RELENG_8_1, or RELENG_9_0 security branch dated after the correction date. 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to FreeBSD 7.4, 8.3, 8.2, 8.1 and 9.0 systems. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch http://security.FreeBSD.org/patches/SA-12:02/crypt.patch # fetch http://security.FreeBSD.org/patches/SA-12:02/crypt.patch.asc # cd /usr/src # patch < /path/to/patch # cd /usr/src/lib/libcrypt # make obj && make depend && make && make install NOTE: On the amd64 platform, the above procedure will not update the lib32 (i386 compatibility) libraries. On amd64 systems where the i386 compatibility libraries are used, the operating system should instead be recompiled as described in 3) To update your vulnerable system via a binary patch: Systems running 7.4-RELEASE, 8.3-RELEASE, 8.2-RELEASE, 8.1-RELEASE, or 9.0-RELEASE on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. CVS: Branch Revision Path - ------------------------------------------------------------------------- RELENG_7 src/secure/lib/libcrypt/crypt-des.c 1.16.24.1 RELENG_7_4 src/UPDATING 1.507.2.36.2.10 src/sys/conf/newvers.sh 1.72.2.18.2.13 src/secure/lib/libcrypt/crypt-des.c 1.16.40.2 RELENG_8 src/secure/lib/libcrypt/crypt-des.c 1.16.36.2 RELENG_8_3 src/UPDATING 1.632.2.26.2.4 src/sys/conf/newvers.sh 1.83.2.15.2.6 src/secure/lib/libcrypt/crypt-des.c 1.16.36.1.8.2 RELENG_8_2 src/UPDATING 1.632.2.19.2.10 src/sys/conf/newvers.sh 1.83.2.12.2.13 src/secure/lib/libcrypt/crypt-des.c 1.16.36.1.6.2 RELENG_8_1 src/UPDATING 1.632.2.14.2.13 src/sys/conf/newvers.sh 1.83.2.10.2.14 src/secure/lib/libcrypt/crypt-des.c 1.16.36.1.4.2 RELENG_9 src/secure/lib/libcrypt/crypt-des.c 1.16.42.2 RELENG_9_0 src/UPDATING 1.702.2.4.2.4 src/sys/conf/newvers.sh 1.95.2.4.2.6 src/secure/lib/libcrypt/crypt-des.c 1.16.42.1.2.2 - ------------------------------------------------------------------------- Subversion: Branch/path Revision - ------------------------------------------------------------------------- stable/7/ r236304 releng/7.4/ r236304 stable/8/ r236304 releng/8.3/ r236304 releng/8.2/ r236304 releng/8.1/ r236304 stable/9/ r236304 releng/9.0/ r236304 - ------------------------------------------------------------------------- VII. References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2143 The latest revision of this advisory is available at http://security.FreeBSD.org/advisories/FreeBSD-SA-12:02.crypt.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (FreeBSD) iEYEARECAAYFAk/GEsoACgkQFdaIBMps37JSYQCfZGZceQY4D53qgR9JbI79ZNht /GIAnjnhxlCnF27cWOhqxkkTWM6f45IM =7CVu -----END PGP SIGNATURE-----