From owner-svn-ports-head@FreeBSD.ORG Wed Aug 6 23:12:59 2014 Return-Path: Delivered-To: svn-ports-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 2052F52F for ; Wed, 6 Aug 2014 23:12:59 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 03C2B2823 for ; Wed, 6 Aug 2014 23:12:59 +0000 (UTC) Received: from delphij (uid 1035) (envelope-from delphij@FreeBSD.org) id 59a3 by svn.freebsd.org (DragonFly Mail Agent v0.9+); Wed, 06 Aug 2014 23:12:58 +0000 From: Xin LI Date: Wed, 6 Aug 2014 23:12:58 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r364230 - head/security/vuxml X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Message-Id: <53e2b67a.59a3.154ca685@svn.freebsd.org> X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Aug 2014 23:12:59 -0000 Author: delphij Date: Wed Aug 6 23:12:58 2014 New Revision: 364230 URL: http://svnweb.freebsd.org/changeset/ports/364230 QAT: https://qat.redports.org/buildarchive/r364230/ Log: Document OpenSSL multiple vulnerabilities. Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Wed Aug 6 23:02:16 2014 (r364229) +++ head/security/vuxml/vuln.xml Wed Aug 6 23:12:58 2014 (r364230) @@ -57,6 +57,82 @@ Notes: --> + + OpenSSL -- multiple vulnerabilities + + + openssl + 1.0.11.0.1_14 + + + mingw32-openssl + 1.0.11.0.1i + + + + +

The OpenSSL Project reports:

+
+

A flaw in OBJ_obj2txt may cause pretty printing functions + such as X509_name_oneline, X509_name_print_ex et al. to leak + some information from the stack. [CVE-2014-3508]

+

The issue affects OpenSSL clients and allows a malicious + server to crash the client with a null pointer dereference + (read) by specifying an SRP ciphersuite even though it was + not properly negotiated with the client. [CVE-2014-5139]

+

If a multithreaded client connects to a malicious server + using a resumed session and the server sends an ec point + format extension it could write up to 255 bytes to freed + memory. [CVE-2014-3509]

+

An attacker can force an error condition which causes + openssl to crash whilst processing DTLS packets due to + memory being freed twice. This can be exploited through + a Denial of Service attack. [CVE-2014-3505]

+

An attacker can force openssl to consume large amounts + of memory whilst processing DTLS handshake messages. + This can be exploited through a Denial of Service + attack. [CVE-2014-3506]

+

By sending carefully crafted DTLS packets an attacker + could cause openssl to leak memory. This can be exploited + through a Denial of Service attack. [CVE-2014-3507]

+

OpenSSL DTLS clients enabling anonymous (EC)DH + ciphersuites are subject to a denial of service attack. + A malicious server can crash the client with a null pointer + dereference (read) by specifying an anonymous (EC)DH + ciphersuite and sending carefully crafted handshake + messages. [CVE-2014-3510]

+

A flaw in the OpenSSL SSL/TLS server code causes the + server to negotiate TLS 1.0 instead of higher protocol + versions when the ClientHello message is badly + fragmented. This allows a man-in-the-middle attacker + to force a downgrade to TLS 1.0 even if both the server + and the client support a higher protocol version, by + modifying the client's TLS records. [CVE-2014-3511]

+

A malicious client or server can send invalid SRP + parameters and overrun an internal buffer. Only + applications which are explicitly set up for SRP + use are affected. [CVE-2014-3512]

+
+ +
+ + https://www.openssl.org/news/secadv_20140806.txt + CVE-2014-3505 + CVE-2014-3506 + CVE-2014-3507 + CVE-2014-3508 + CVE-2014-3509 + CVE-2014-3510 + CVE-2014-3511 + CVE-2014-3512 + CVE-2014-5139 + + + 2014-08-06 + 2014-08-06 + +
+ krfb -- Possible Denial of Service or code execution via integer overflow