FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-27 18:04:16 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
5d280761-6bcf-11e5-9909-002590263bf5mbedTLS/PolarSSL -- multiple vulnerabilities

ARM Limited reports:

Florian Weimar from Red Hat published on Lenstra's RSA-CRT attach for PKCS#1 v1.5 signatures. These releases include countermeasures against that attack.

Fabian Foerg of Gotham Digital Science found a possible client-side NULL pointer dereference, using the AFL Fuzzer. This dereference can only occur when misusing the API, although a fix has still been implemented.


Discovery 2015-09-18
Entry 2015-10-06
polarssl
ge 1.2.0 lt 1.2.16

polarssl13
ge 1.3.0 lt 1.3.13

mbedtls
< 2.1.1

https://tls.mbed.org/tech-updates/releases/mbedtls-2.1.1-and-1.3.13-and-polarssl-1.2.16-released
953aaa57-6bce-11e5-9909-002590263bf5mbedTLS/PolarSSL -- multiple vulnerabilities

ARM Limited reports:

In order to strengthen the minimum requirements for connections and to protect against the Logjam attack, the minimum size of Diffie-Hellman parameters accepted by the client has been increased to 1024 bits.

In addition the default size for the Diffie-Hellman parameters on the server are increased to 2048 bits. This can be changed with ssl_set_dh_params() in case this is necessary.


Discovery 2015-08-11
Entry 2015-10-06
polarssl
ge 1.2.0 lt 1.2.15

polarssl13
ge 1.3.0 lt 1.3.12

https://tls.mbed.org/tech-updates/releases/polarssl-1.2.15-and-mbedtls-1.3.12-released
07a1a76c-734b-11e5-ae81-14dae9d210b8mbedTLS/PolarSSL -- DoS and possible remote code execution

ARM Limited reports:

When the client creates its ClientHello message, due to insufficient bounds checking it can overflow the heap-based buffer containing the message while writing some extensions. Two extensions in particular could be used by a remote attacker to trigger the overflow: the session ticket extension and the server name indication (SNI) extension.


Discovery 2015-10-05
Entry 2015-10-15
polarssl
ge 1.2.0 lt 1.2.17

polarssl13
ge 1.3.0 lt 1.3.14

mbedtls
< 2.1.2

https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2015-01
CVE-2015-5291