[prev in list] [next in list] [prev in thread] [next in thread]
List: openbsd-announce
Subject: libcrypto errata
From: "Ted Unangst" <tedu () tedunangst ! com>
Date: 2016-05-03 14:32:17
Message-ID: e753777efc5a776717e59045 () tedunangst ! com
[Download RAW message or body]
OpenSSL announced several issues today that also affect LibreSSL.
- Memory corruption in the ASN.1 encoder (CVE-2016-2108)
- Padding oracle in AES-NI CBC MAC check (CVE-2016-2107)
- EVP_EncodeUpdate overflow (CVE-2016-2105)
- EVP_EncryptUpdate overflow (CVE-2016-2106)
- ASN.1 BIO excessive memory allocation (CVE-2016-2109)
Thanks to OpenSSL for providing information and patches.
Refer to https://www.openssl.org/news/secadv/20160503.txt
Patches for OpenBSD are available:
http://ftp.openbsd.org/pub/OpenBSD/patches/5.9/common/005_crypto.patch.sig
http://ftp.openbsd.org/pub/OpenBSD/patches/5.8/common/013_crypto.patch.sig
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic