CyberLeo.Net >> Repos - FreeBSD/releng/9.2.git/commit

Fix multiple OpenSSL vulnerabilities:

The receipt of a specifically crafted DTLS handshake message may cause OpenSSL
to consume large amounts of memory. [CVE-2014-3506]

The receipt of a specifically crafted DTLS packet could cause OpenSSL to leak
memory. [CVE-2014-3507]

A flaw in OBJ_obj2txt may cause pretty printing functions such as
X509_name_oneline, X509_name_print_ex et al. to leak some information from
the stack. [CVE-2014-3508]

OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject to
a denial of service attack. [CVE-2014-3510]

Security: CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3510
Security: FreeBSD-SA-14:18.openssl
Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/9.2@271305 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

author	delphij <delphij@ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f>
	Tue, 9 Sep 2014 10:13:46 +0000 (10:13 +0000)
committer	delphij <delphij@ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f>
	Tue, 9 Sep 2014 10:13:46 +0000 (10:13 +0000)
commit	4ecdcb15efa82df6056693419481a99e1e70af5a
tree	209e6e9955f6f0f87f413e2e827f0220d0fe4b1d	tree \| snapshot
parent	0274d14a68595d1332654ea50d94c7f474202ddb	commit \| diff

UPDATING		diff \| blob \| history
crypto/openssl/crypto/asn1/a_object.c		diff \| blob \| history
crypto/openssl/crypto/objects/obj_dat.c		diff \| blob \| history
crypto/openssl/ssl/d1_both.c		diff \| blob \| history
crypto/openssl/ssl/d1_clnt.c		diff \| blob \| history
crypto/openssl/ssl/s23_srvr.c		diff \| blob \| history
crypto/openssl/ssl/s3_clnt.c		diff \| blob \| history
sys/conf/newvers.sh		diff \| blob \| history