FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
d455708a-e3d3-11e6-9940-b499baebfeafOpenSSL -- multiple vulnerabilities

The OpenSSL project reports:

  • Truncated packet could crash via OOB read (CVE-2017-3731)
  • Bad (EC)DHE parameters cause a client crash (CVE-2017-3730)
  • BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732)
  • Montgomery multiplication may produce incorrect results (CVE-2016-7055)

Discovery 2017-01-26
Entry 2017-01-26
Modified 2017-05-26
openssl
lt 1.0.2k,1

openssl-devel
lt 1.1.0d

linux-c6-openssl
lt 1.0.1e_13

linux-c7-openssl-libs
lt 1.0.1e_3

FreeBSD
ge 11.0 lt 11.0_8

ge 10.3 lt 10.3_17

https://www.openssl.org/news/secadv/20170126.txt
CVE-2016-7055
CVE-2017-3730
CVE-2017-3731
CVE-2017-3732
SA-17:02.openssl
0fcd3af0-a0fe-11e6-b1cf-14dae9d210b8FreeBSD -- OpenSSL Remote DoS vulnerability

Problem Description:

Due to improper handling of alert packets, OpenSSL would consume an excessive amount of CPU time processing undefined alert messages.

Impact:

A remote attacker who can initiate handshakes with an OpenSSL based server can cause the server to consume a lot of computation power with very little bandwidth usage, and may be able to use this technique in a leveraged Denial of Service attack.


Discovery 2016-11-02
Entry 2016-11-02
Modified 2017-02-22
FreeBSD
ge 10.3 lt 10.3_12

ge 10.2 lt 10.2_25

ge 10.1 lt 10.1_42

ge 9.3 lt 9.3_50

openssl
lt 1.0.2i,1

openssl-devel
lt 1.1.0a

linux-c6-openssl
lt 1.0.1e_13

linux-c7-openssl-libs
lt 1.0.1e_3

CVE-2016-8610
SA-16:35.openssl
http://seclists.org/oss-sec/2016/q4/224