FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  318877
Date:      2013-05-23
Time:      15:30:07Z
Committer: flo

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
60eb344e-6eb1-11e1-8ad7-00e0815b8da8OpenSSL -- CMS and S/MIME Bleichenbacher attack

The OpenSSL Team reports:

A weakness in the OpenSSL CMS and PKCS #7 code can be exploited using Bleichenbacher's attack on PKCS #1 v1.5 RSA padding also known as the million message attack (MMA).

Only users of CMS, PKCS #7, or S/MIME decryption operations are affected. A successful attack needs on average 2^20 messages. In practice only automated systems will be affected as humans will not be willing to process this many messages.

SSL/TLS applications are *NOT* affected by this problem since the SSL/TLS code does not use the PKCS#7 or CMS decryption code.


Discovery 2012-03-12
Entry 2012-03-15
openssl
lt 1.0.0_10

CVE-2012-0884
http://www.openssl.org/news/secadv_20120312.txt
60eb344e-6eb1-11e1-8ad7-00e0815b8da8OpenSSL -- CMS and S/MIME Bleichenbacher attack

The OpenSSL Team reports:

A weakness in the OpenSSL CMS and PKCS #7 code can be exploited using Bleichenbacher's attack on PKCS #1 v1.5 RSA padding also known as the million message attack (MMA).

Only users of CMS, PKCS #7, or S/MIME decryption operations are affected. A successful attack needs on average 2^20 messages. In practice only automated systems will be affected as humans will not be willing to process this many messages.

SSL/TLS applications are *NOT* affected by this problem since the SSL/TLS code does not use the PKCS#7 or CMS decryption code.


Discovery 2012-03-12
Entry 2012-03-15
openssl
lt 1.0.0_10

CVE-2012-0884
http://www.openssl.org/news/secadv_20120312.txt
dba5d1c9-9f29-11e1-b511-003067c2616fOpenSSL -- DTLS and TLS 1.1, 1.2 denial of service

OpenSSL security team reports:

A flaw in the OpenSSL handling of CBC mode ciphersuites in TLS 1.1, 1.2 and DTLS can be exploited in a denial of service attack on both clients and servers.


Discovery 2012-05-10
Entry 2012-05-10
openssl
lt 1.0.1_2

CVE-2012-2333
http://www.openssl.org/news/secadv_20120510.txt
7184f92e-8bb8-11e1-8d7b-003067b2972cOpenSSL -- integer conversions result in memory corruption

OpenSSL security team reports:

A potentially exploitable vulnerability has been discovered in the OpenSSL function asn1_d2i_read_bio. Any application which uses BIO or FILE based functions to read untrusted DER format data is vulnerable. Affected functions are of the form d2i_*_bio or d2i_*_fp, for example d2i_X509_bio or d2i_PKCS12_fp.


Discovery 2012-04-19
Entry 2012-04-21
openssl
lt 1.0.1_1

CVE-2012-2110
http://marc.info/?l=full-disclosure&m=133483221408243
http://www.openssl.org/news/secadv_20120419.txt
7184f92e-8bb8-11e1-8d7b-003067b2972cOpenSSL -- integer conversions result in memory corruption

OpenSSL security team reports:

A potentially exploitable vulnerability has been discovered in the OpenSSL function asn1_d2i_read_bio. Any application which uses BIO or FILE based functions to read untrusted DER format data is vulnerable. Affected functions are of the form d2i_*_bio or d2i_*_fp, for example d2i_X509_bio or d2i_PKCS12_fp.


Discovery 2012-04-19
Entry 2012-04-21
openssl
lt 1.0.1_1

CVE-2012-2110
http://marc.info/?l=full-disclosure&m=133483221408243
http://www.openssl.org/news/secadv_20120419.txt
dba5d1c9-9f29-11e1-b511-003067c2616fOpenSSL -- DTLS and TLS 1.1, 1.2 denial of service

OpenSSL security team reports:

A flaw in the OpenSSL handling of CBC mode ciphersuites in TLS 1.1, 1.2 and DTLS can be exploited in a denial of service attack on both clients and servers.


Discovery 2012-05-10
Entry 2012-05-10
openssl
lt 1.0.1_2

CVE-2012-2333
http://www.openssl.org/news/secadv_20120510.txt