CyberLeo.Net >> Repos - FreeBSD/releng/9.1.git/commit

Fix multiple OpenSSL vulnerabilities:

The receipt of a specifically crafted DTLS handshake message may cause OpenSSL
to consume large amounts of memory. [CVE-2014-3506]

The receipt of a specifically crafted DTLS packet could cause OpenSSL to leak
memory. [CVE-2014-3507]

A flaw in OBJ_obj2txt may cause pretty printing functions such as
X509_name_oneline, X509_name_print_ex et al. to leak some information from
the stack. [CVE-2014-3508]

OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject to
a denial of service attack. [CVE-2014-3510]

Security: CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3510
Security: FreeBSD-SA-14:18.openssl
Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/9.1@271305 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

author	delphij <delphij@ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f>
	Tue, 9 Sep 2014 10:13:46 +0000 (10:13 +0000)
committer	delphij <delphij@ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f>
	Tue, 9 Sep 2014 10:13:46 +0000 (10:13 +0000)
commit	4336be14876615f58f95af255006b37db516584f
tree	5ae52ce02e2747459443efc14f079ee6bb60ece9	tree \| snapshot
parent	a51f80e7b71b033501d44987b37f7c53893d30e2	commit \| diff

UPDATING		diff \| blob \| history
crypto/openssl/crypto/asn1/a_object.c		diff \| blob \| history
crypto/openssl/crypto/objects/obj_dat.c		diff \| blob \| history
crypto/openssl/ssl/d1_both.c		diff \| blob \| history
crypto/openssl/ssl/d1_clnt.c		diff \| blob \| history
crypto/openssl/ssl/s23_srvr.c		diff \| blob \| history
crypto/openssl/ssl/s3_clnt.c		diff \| blob \| history
sys/conf/newvers.sh		diff \| blob \| history