svn commit: r296462 - in stable/9: crypto/openssl/crypto/bio crypto/openssl/crypto/bn crypto/openssl/doc/apps crypto/openssl/ssl secure/usr.bin/openssl/man
Mike Tancsa
mike at sentex.net
Tue Mar 8 12:46:02 UTC 2016
Hi,
I tried on 2 separate boxes, and sshd segfaults when this rev is applied
---Mike
On 3/7/2016 11:18 AM, Xin LI wrote:
> Author: delphij
> Date: Mon Mar 7 16:18:07 2016
> New Revision: 296462
> URL: https://svnweb.freebsd.org/changeset/base/296462
>
> Log:
> Fix multiple OpenSSL vulnerabilities as published in
> OpenSSL advisory on 2016/03/01:
>
> constant-time MOD_EXP_CTIME_COPY_FROM_PREBUF.
> [CVE-2016-0702, upstream d6482a8. 5ea08bd, d6d422e,
> 8fc8f48 317be63 skipped intentionally as we are not
> using the code on FreeBSD. Backport done by jkim at .
>
> Fix memory issues in BIO_*printf functions.
> [CVE-2016-0799, upstream d889682, a801bf2].
>
> Fix BN_hex2bn/BN_dec2bn NULL ptr/heap corruption.
> [CVE-2016-0797, upstream 8f65132].
>
> Disable SSLv2 in default negotiation and weak ciphers.
> [CVE-2016-0800 "DROWN", upstream 56f1acf5]. Note that
> support of SSLv2 is not removed in order to preserve
> ABI compatibility, and application may still explicitly
> ask for vulnerable protocol or ciphers.
>
> In collaboration with: jkim
--
-------------------
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, mike at sentex.net
Providing Internet services since 1994 www.sentex.net
Cambridge, Ontario Canada http://www.tancsa.com/
More information about the freebsd-stable
mailing list