Date: Mon, 12 Sep 2016 20:05:47 +0000 (UTC) From: Johan van Selst <johans@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r421955 - head/security/vuxml Message-ID: <201609122005.u8CK5lBQ083602@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: johans Date: Mon Sep 12 20:05:47 2016 New Revision: 421955 URL: https://svnweb.freebsd.org/changeset/ports/421955 Log: Document WolfSSL vulnerabilities (< 3.6.8) PR: 205936 Submitted by: Christoph Moench-Tegeder Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Mon Sep 12 19:44:03 2016 (r421954) +++ head/security/vuxml/vuln.xml Mon Sep 12 20:05:47 2016 (r421955) @@ -58,6 +58,56 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="331eabb3-85b1-466a-a2af-66ac864d395a"> + <topic>wolfssl -- leakage of private key information</topic> + <affects> + <package> + <name></name> + <range><lt>3.6.8</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>Florian Weimer of Redhat discovered that an optimization in + RSA signature validation can result in disclosure of the + server's private key under certain fault conditions.</p> + </body> + </description> + <references> + <url>https://www.wolfssl.com/wolfSSL/Blog/Entries/2015/9/17_Two_Vulnerabilities_Recently_Found%2C_An_Attack_on_RSA_using_CRT_and_DoS_Vulnerability_With_DTLS.html</url>; + <url>https://securityblog.redhat.com/2015/09/02/factoring-rsa-keys-with-tls-perfect-forward-secrecy/</url>; + <cvename>CVE-2015-7744</cvename> + </references> + <dates> + <discovery>2015-09-17</discovery> + <entry>2016-01-05</entry> + </dates> + </vuln> + <vuln vid="3d1372e1-7822-4fd8-b56e-5ee832afbd96"> + <topic>wolfssl -- DDoS amplification in DTLS</topic> + <affects> + <package> + <name>wolfssl</name> + <range><lt>3.6.8</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>Sebastian Ramacher identified an error in wolfSSL's implementation + of the server side of the DTLS handshake, which could be abused + for DDoS amplification or a DoS on the DTLS server itself.</p> + </body> + </description> + <references> + <url>https://www.wolfssl.com/wolfSSL/Blog/Entries/2015/9/17_Two_Vulnerabilities_Recently_Found%2C_An_Attack_on_RSA_using_CRT_and_DoS_Vulnerability_With_DTLS.html</url>; + <url>https://github.com/IAIK/wolfSSL-DoS</url>; + <cvename>CVE-2015-6925</cvename> + </references> + <dates> + <discovery>2015-09-18</discovery> + <entry>2016-01-05</entry> + </dates> + </vuln> <vuln vid="a0128291-7690-11e6-95a8-0011d823eebd"> <topic>gnutls -- OCSP validation issue</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201609122005.u8CK5lBQ083602>