FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  374826
Date:      2014-12-16
Time:      22:06:31Z
Committer: cs

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
8aff07eb-1dbd-11e4-b6ba-3c970e169bc2OpenSSL -- multiple vulnerabilities

The OpenSSL Project reports:

A flaw in OBJ_obj2txt may cause pretty printing functions such as X509_name_oneline, X509_name_print_ex et al. to leak some information from the stack. [CVE-2014-3508]

The issue affects OpenSSL clients and allows a malicious server to crash the client with a null pointer dereference (read) by specifying an SRP ciphersuite even though it was not properly negotiated with the client. [CVE-2014-5139]

If a multithreaded client connects to a malicious server using a resumed session and the server sends an ec point format extension it could write up to 255 bytes to freed memory. [CVE-2014-3509]

An attacker can force an error condition which causes openssl to crash whilst processing DTLS packets due to memory being freed twice. This can be exploited through a Denial of Service attack. [CVE-2014-3505]

An attacker can force openssl to consume large amounts of memory whilst processing DTLS handshake messages. This can be exploited through a Denial of Service attack. [CVE-2014-3506]

By sending carefully crafted DTLS packets an attacker could cause openssl to leak memory. This can be exploited through a Denial of Service attack. [CVE-2014-3507]

OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject to a denial of service attack. A malicious server can crash the client with a null pointer dereference (read) by specifying an anonymous (EC)DH ciphersuite and sending carefully crafted handshake messages. [CVE-2014-3510]

A flaw in the OpenSSL SSL/TLS server code causes the server to negotiate TLS 1.0 instead of higher protocol versions when the ClientHello message is badly fragmented. This allows a man-in-the-middle attacker to force a downgrade to TLS 1.0 even if both the server and the client support a higher protocol version, by modifying the client's TLS records. [CVE-2014-3511]

A malicious client or server can send invalid SRP parameters and overrun an internal buffer. Only applications which are explicitly set up for SRP use are affected. [CVE-2014-3512]


Discovery 2014-08-06
Entry 2014-08-06
openssl
ge 1.0.1 lt 1.0.1_14

mingw32-openssl
ge 1.0.1 lt 1.0.1i

https://www.openssl.org/news/secadv_20140806.txt
CVE-2014-3505
CVE-2014-3506
CVE-2014-3507
CVE-2014-3508
CVE-2014-3509
CVE-2014-3510
CVE-2014-3511
CVE-2014-3512
CVE-2014-5139
5631ae98-be9e-11e3-b5e3-c80aa9043978OpenSSL -- Remote Information Disclosure

OpenSSL Reports:

A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or server.

Affected users should upgrade to OpenSSL 1.0.1g. Users unable to immediately upgrade can alternatively recompile OpenSSL with -DOPENSSL_NO_HEARTBEATS.

The bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop communications, steal data directly from the services and users and to impersonate services and users.

The code used to handle the Heartbeat Extension does not do sufficient boundary checks on record length, which allows reading beyond the actual payload.


Discovery 2014-04-07
Entry 2014-04-07
Modified 2014-04-11
openssl
ge 1.0.1 lt 1.0.1_10

mingw32-openssl
ge 1.0.1 lt 1.0.1g

CVE-2014-0160
FreeBSD-SA-14:06.openssl
https://www.openssl.org/news/secadv_20140407.txt
https://www.openssl.org/news/vulnerabilities.html#2014-0076
http://www.heartbleed.com
5ac53801-ec2e-11e3-9cf3-3c970e169bc2OpenSSL -- multiple vulnerabilities

The OpenSSL Project reports:

An attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. This can be exploited by a Man-in-the-middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server. [CVE-2014-0224]

By sending an invalid DTLS handshake to an OpenSSL DTLS client the code can be made to recurse eventually crashing in a DoS attack. [CVE-2014-0221]

A buffer overrun attack can be triggered by sending invalid DTLS fragments to an OpenSSL DTLS client or server. This is potentially exploitable to run arbitrary code on a vulnerable client or server. [CVE-2014-0195]

OpenSSL TLS clients enabling anonymous ECDH ciphersuites are subject to a denial of service attack. [CVE-2014-3470]


Discovery 2014-06-05
Entry 2014-06-05
openssl
ge 1.0.1 lt 1.0.1_13

mingw32-openssl
ge 1.0.1 lt 1.0.1h

CVE-2014-0195
CVE-2014-0221
CVE-2014-0224
CVE-2014-3470
http://www.freebsd.org/security/advisories/FreeBSD-SA-14:14.openssl.asc
http://www.openssl.org/news/secadv_20140605.txt
0b8d7194-ca88-11e3-9d8d-c80aa9043978OpenSSL -- Remote Data Injection / DoS

Applications that use SSL_MODE_RELEASE_BUFFERS, such as nginx, are prone to a race condition which may allow a remote attacker to inject random data into other connections.


Discovery 2010-02-09
Entry 2014-04-23
openssl
ge 1.0.1 lt 1.0.1_11

mingw32-openssl
ge 1.0.1 le 1.0.1g

https://rt.openssl.org/Ticket/Display.html?id=2167
http://www.tedunangst.com/flak/post/analysis-of-openssl-freelist-reuse
CVE-2010-5298
1959e847-d4f0-11e3-84b0-0018fe623f2bOpenSSL -- NULL pointer dereference / DoS

OpenBSD and David Ramos reports:

Applications that use SSL_MODE_RELEASE_BUFFERS, such as nginx/apache, are prone to a race condition which may allow a remote attacker to crash the current service.


Discovery 2014-05-02
Entry 2014-05-03
openssl
ge 1.0.1 lt 1.0.1_12

http://www.openwall.com/lists/oss-security/2014/05/02/5
https://rt.openssl.org/Ticket/Display.html?user=guest&pass=guest&id=3321
CVE-2014-0198
7ccd4def-c1be-11e3-9d09-000c2980a9f3OpenSSL -- Local Information Disclosure

OpenSSL reports:

A flaw in the implementation of Montgomery Ladder Approach would create a side-channel that leaks sensitive timing information.

A local attacker might be able to snoop a signing process and might recover the signing key from it.


Discovery 2014-04-07
Entry 2014-04-11
openssl
ge 1.0.1 lt 1.0.1_10

mingw32-openssl
ge 1.0.1 lt 1.0.1g

CVE-2014-0076
FreeBSD-SA-14:06.openssl
https://www.openssl.org/news/vulnerabilities.html#2014-0076