FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  517704
Date:      2019-11-15
Time:      22:46:16Z
Committer: naddy

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
01d729ca-1143-11e6-b55e-b499baebfeafOpenSSL -- multiple vulnerabilities

OpenSSL reports:

Memory corruption in the ASN.1 encoder

Padding oracle in AES-NI CBC MAC check

EVP_EncodeUpdate overflow

EVP_EncryptUpdate overflow

ASN.1 BIO excessive memory allocation

EBCDIC overread (OpenSSL only)


Discovery 2016-05-03
Entry 2016-05-03
Modified 2016-08-09
openssl
lt 1.0.2_11

linux-c6-openssl
lt 1.0.1e_8

libressl
ge 2.3.0 lt 2.3.4

lt 2.2.7

libressl-devel
lt 2.3.4

FreeBSD
ge 10.3 lt 10.3_2

ge 10.2 lt 10.2_16

ge 10.1 lt 10.1_33

ge 9.3 lt 9.3_41

https://www.openssl.org/news/secadv/20160503.txt
https://marc.info/?l=openbsd-tech&m=146228598730414
CVE-2016-2105
CVE-2016-2106
CVE-2016-2107
CVE-2016-2108
CVE-2016-2109
CVE-2016-2176
SA-16:17.openssl
0fcd3af0-a0fe-11e6-b1cf-14dae9d210b8FreeBSD -- OpenSSL Remote DoS vulnerability

Problem Description:

Due to improper handling of alert packets, OpenSSL would consume an excessive amount of CPU time processing undefined alert messages.

Impact:

A remote attacker who can initiate handshakes with an OpenSSL based server can cause the server to consume a lot of computation power with very little bandwidth usage, and may be able to use this technique in a leveraged Denial of Service attack.


Discovery 2016-11-02
Entry 2016-11-02
Modified 2017-02-22
FreeBSD
ge 10.3 lt 10.3_12

ge 10.2 lt 10.2_25

ge 10.1 lt 10.1_42

ge 9.3 lt 9.3_50

openssl
lt 1.0.2i,1

openssl-devel
lt 1.1.0a

linux-c6-openssl
lt 1.0.1e_13

linux-c7-openssl-libs
lt 1.0.1e_3

CVE-2016-8610
SA-16:35.openssl
http://seclists.org/oss-sec/2016/q4/224
9e0c6f7a-d46d-11e9-a1c7-b499baebfeafOpenSSL -- Multiple vulnerabilities

The OpenSSL project reports:

ECDSA remote timing attack (CVE-2019-1547) [Low]

Fork Protection (CVE-2019-1549) [Low]

(OpenSSL 1.1.1 only)


Discovery 2019-09-10
Entry 2019-09-11
openssl
lt 1.0.2t,1

openssl111
lt 1.1.1d

https://www.openssl.org/news/secadv/20190910.txt
CVE-2019-1547
CVE-2019-1549
3679fd10-c5d1-11e5-b85f-0018fe623f2bopenssl -- multiple vulnerabilities

OpenSSL project reports:

  1. Historically OpenSSL only ever generated DH parameters based on "safe" primes. More recently (in version 1.0.2) support was provided for generating X9.42 style parameter files such as those required for RFC 5114 support. The primes used in such files may not be "safe". Where an application is using DH configured with parameters based on primes that are not "safe" then an attacker could use this fact to find a peer's private DH exponent. This attack requires that the attacker complete multiple handshakes in which the peer uses the same private DH exponent. For example this could be used to discover a TLS server's private DH exponent if it's reusing the private DH exponent or it's using a static DH ciphersuite. OpenSSL provides the option SSL_OP_SINGLE_DH_USE for ephemeral DH (DHE) in TLS. It is not on by default. If the option is not set then the server reuses the same private DH exponent for the life of the server process and would be vulnerable to this attack. It is believed that many popular applications do set this option and would therefore not be at risk. (CVE-2016-0701)
  2. A malicious client can negotiate SSLv2 ciphers that have been disabled on the server and complete SSLv2 handshakes even if all SSLv2 ciphers have been disabled, provided that the SSLv2 protocol was not also disabled via SSL_OP_NO_SSLv2. (CVE-2015-3197)

Discovery 2016-01-22
Entry 2016-01-28
Modified 2016-08-09
openssl
lt 1.0.2_7

mingw32-openssl
ge 1.0.1 lt 1.0.2f

FreeBSD
ge 10.2 lt 10.2_12

ge 10.1 lt 10.1_29

ge 9.3 lt 9.3_36

SA-16:11.openssl
CVE-2016-0701
CVE-2015-3197
https://www.openssl.org/news/secadv/20160128.txt
c82ecac5-6e3f-11e8-8777-b499baebfeafOpenSSL -- Client DoS due to large DH parameter

The OpenSSL project reports:

During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack.


Discovery 2018-06-12
Entry 2018-06-12
Modified 2018-07-24
libressl
libressl-devel
lt 2.6.5

ge 2.7.0 lt 2.7.4

openssl
lt 1.0.2o_4,1

openssl-devel
lt 1.1.0h_2

https://www.openssl.org/news/secadv/20180612.txt
CVE-2018-0732
f40f07aa-c00f-11e7-ac58-b499baebfeafOpenSSL -- Multiple vulnerabilities

The OpenSSL project reports:

bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)

Severity: Moderate

There is a carry propagating bug in the x86_64 Montgomery squaring procedure. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline.

Malformed X.509 IPAddressFamily could cause OOB read (CVE-2017-3735)

Severity: Low

This issue was previously announced in security advisory https://www.openssl.org/news/secadv/20170828.txt, but the fix has not previously been included in a release due to its low severity.


Discovery 2017-11-02
Entry 2017-11-02
openssl
lt 1.0.2m,1

openssl-devel
lt 1.1.0g

https://www.openssl.org/news/secadv/20171102.txt
CVE-2017-3735
CVE-2017-3736
6f0529e2-2e82-11e6-b2ec-b499baebfeafOpenSSL -- vulnerability in DSA signing

The OpenSSL team reports:

Operations in the DSA signing algorithm should run in constant time in order to avoid side channel attacks. A flaw in the OpenSSL DSA implementation means that a non-constant time codepath is followed for certain operations. This has been demonstrated through a cache-timing attack to be sufficient for an attacker to recover the private DSA key.


Discovery 2016-06-09
Entry 2016-06-09
Modified 2016-12-20
openssl
lt 1.0.2_13

libressl
lt 2.2.9

ge 2.3.0 lt 2.3.6

libressl-devel
lt 2.4.1

https://git.openssl.org/?p=openssl.git;a=commit;h=399944622df7bd81af62e67ea967c470534090e2
CVE-2016-2178
b7cff5a9-31cc-11e8-8f07-b499baebfeafOpenSSL -- multiple vulnerabilities

The OpenSSL project reports:

  • Constructed ASN.1 types with a recursive definition could exceed the stack (CVE-2018-0739)

    Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe.
  • rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738)

    There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation).

Discovery 2018-03-27
Entry 2018-03-27
openssl
lt 1.0.2o,1

openssl-devel
lt 1.1.0h

https://www.openssl.org/news/secadv/20180327.txt
CVE-2018-0739
CVE-2017-3738
43eaa656-80bc-11e6-bf52-b499baebfeafOpenSSL -- multiple vulnerabilities

OpenSSL reports:

High: OCSP Status Request extension unbounded memory growth

SSL_peek() hang on empty record

SWEET32 Mitigation

OOB write in MDC2_Update()

Malformed SHA512 ticket DoS

OOB write in BN_bn2dec()

OOB read in TS_OBJ_print_bio()

Pointer arithmetic undefined behaviour

Constant time flag not preserved in DSA signing

DTLS buffered message DoS

DTLS replay protection DoS

Certificate message OOB reads

Excessive allocation of memory in tls_get_message_header()

Excessive allocation of memory in dtls1_preprocess_fragment()

NB: LibreSSL is only affected by CVE-2016-6304


Discovery 2016-09-22
Entry 2016-09-22
Modified 2016-10-11
openssl-devel
ge 1.1.0 lt 1.1.0_1

openssl
lt 1.0.2i,1

linux-c6-openssl
lt 1.0.1e_11

FreeBSD
ge 10.3 lt 10.3_8

ge 10.2 lt 10.2_21

ge 10.1 lt 10.1_38

ge 9.3 lt 9.3_46

https://www.openssl.org/news/secadv/20160922.txt
CVE-2016-6304
CVE-2016-6305
CVE-2016-2183
CVE-2016-6303
CVE-2016-6302
CVE-2016-2182
CVE-2016-2180
CVE-2016-2177
CVE-2016-2178
CVE-2016-2179
CVE-2016-2181
CVE-2016-6306
CVE-2016-6307
CVE-2016-6308
SA-16:26.openssl
4c8d1d72-9b38-11e5-aece-d050996490d0openssl -- multiple vulnerabilities

OpenSSL project reports:

  1. BN_mod_exp may produce incorrect results on x86_64 (CVE-2015-3193)
  2. Certificate verify crash with missing PSS parameter (CVE-2015-3194)
  3. X509_ATTRIBUTE memory leak (CVE-2015-3195)
  4. Race condition handling PSK identify hint (CVE-2015-3196)
  5. Anon DH ServerKeyExchange with 0 p parameter (CVE-2015-1794)

Discovery 2015-12-03
Entry 2015-12-05
Modified 2016-08-09
openssl
lt 1.0.2_5

mingw32-openssl
ge 1.0.1 lt 1.0.2e

linux-c6-openssl
lt 1.0.1e_7

FreeBSD
ge 10.2 lt 10.2_8

ge 10.1 lt 10.1_25

ge 9.3 lt 9.3_31

SA-15:26.openssl
CVE-2015-1794
CVE-2015-3193
CVE-2015-3194
CVE-2015-3195
CVE-2015-3196
https://www.openssl.org/news/secadv/20151203.txt
91a337d8-83ed-11e6-bf52-b499baebfeafOpenSSL -- multiple vulnerabilities

OpenSSL reports:

Critical vulnerability in OpenSSL 1.1.0a

Fix Use After Free for large message sizes (CVE-2016-6309)

Moderate vulnerability in OpenSSL 1.0.2i

Missing CRL sanity check (CVE-2016-7052)


Discovery 2016-09-26
Entry 2016-09-26
Modified 2016-10-10
openssl
lt 1.0.2j,1

openssl-devel
lt 1.1.0b

libressl
lt 2.4.3

libressl-devel
lt 2.4.3

FreeBSD
ge 11.0 lt 11.0_1

https://www.openssl.org/news/secadv/20160926.txt
CVE-2016-6309
CVE-2016-7052
SA-16:27.openssl
3bb451fc-db64-11e7-ac58-b499baebfeafOpenSSL -- multiple vulnerabilities

The OpenSSL project reports:

  • Read/write after SSL object in error state (CVE-2017-3737)

    OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer.
  • rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738)

    There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701.

Discovery 2017-12-07
Entry 2017-12-07
openssl
gt 1.0.2 lt 1.0.2n

https://www.openssl.org/news/secadv/20171207.txt
CVE-2017-3737
CVE-2017-3738
8f353420-4197-11e8-8777-b499baebfeafOpenSSL -- Cache timing vulnerability

The OpenSSL project reports:

The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key.


Discovery 2018-04-16
Entry 2018-04-16
openssl
lt 1.0.2o_2,1

openssl-devel
lt 1.1.0h_1

https://www.openssl.org/news/secadv/20180416.txt
CVE-2018-0737
7700061f-34f7-11e9-b95c-b499baebfeafOpenSSL -- Padding oracle vulnerability

The OpenSSL project reports:

0-byte record padding oracle (CVE-2019-1559) (Moderate)

If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data.


Discovery 2019-02-19
Entry 2019-02-20
Modified 2019-03-07
openssl
lt 1.0.2r,1

linux-c6-openssl
lt 1.0.1e_16

https://www.openssl.org/news/secadv/20190226.txt
CVE-2019-1559
d455708a-e3d3-11e6-9940-b499baebfeafOpenSSL -- multiple vulnerabilities

The OpenSSL project reports:

  • Truncated packet could crash via OOB read (CVE-2017-3731)
  • Bad (EC)DHE parameters cause a client crash (CVE-2017-3730)
  • BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732)
  • Montgomery multiplication may produce incorrect results (CVE-2016-7055)

Discovery 2017-01-26
Entry 2017-01-26
Modified 2017-05-26
openssl
lt 1.0.2k,1

openssl-devel
lt 1.1.0d

linux-c6-openssl
lt 1.0.1e_13

linux-c7-openssl-libs
lt 1.0.1e_3

FreeBSD
ge 11.0 lt 11.0_8

ge 10.3 lt 10.3_17

https://www.openssl.org/news/secadv/20170126.txt
CVE-2016-7055
CVE-2017-3730
CVE-2017-3731
CVE-2017-3732
SA-17:02.openssl
6f170cf2-e6b7-11e8-a9a8-b499baebfeafOpenSSL -- timing vulnerability

The OpenSSL project reports:

Microarchitecture timing vulnerability in ECC scalar multiplication. Severity: Low

OpenSSL ECC scalar multiplication, used in e.g. ECDSA and ECDH, has been shown to be vulnerable to a microarchitecture timing side channel attack. An attacker with sufficient access to mount local timing attacks during ECDSA signature generation could recover the private key.


Discovery 2018-11-12
Entry 2018-11-12
openssl
lt 1.0.2p_2

https://www.openssl.org/news/secadv/20181112.txt
CVE-2018-5407
0ca24682-3f03-11e6-b3c8-14dae9d210b8openssl -- denial of service

Mitre reports:

OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c.


Discovery 2016-06-01
Entry 2016-06-30
openssl
lt 1.0.2_14

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2177
ihttps://bugzilla.redhat.com/show_bug.cgi?id=1341705
https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/
CVE-2016-2177