CyberLeo.Net >> Repos - FreeBSD/releng/9.3.git/commit

Fix multiple OpenSSL vulnerabilities:

The receipt of a specifically crafted DTLS handshake message may cause OpenSSL
to consume large amounts of memory. [CVE-2014-3506]

The receipt of a specifically crafted DTLS packet could cause OpenSSL to leak
memory. [CVE-2014-3507]

A flaw in OBJ_obj2txt may cause pretty printing functions such as
X509_name_oneline, X509_name_print_ex et al. to leak some information from
the stack. [CVE-2014-3508]

OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject to
a denial of service attack. [CVE-2014-3510]

Security: CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3510
Security: FreeBSD-SA-14:18.openssl
Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/9.3@271305 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

author	delphij <delphij@ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f>
	Tue, 9 Sep 2014 10:13:46 +0000 (10:13 +0000)
committer	delphij <delphij@ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f>
	Tue, 9 Sep 2014 10:13:46 +0000 (10:13 +0000)
commit	4acafe9b6fad6d8cc05fb1fdc7b96992a11dd2df
tree	180a84e7d66b763b3bc78aa90abbf7254ac886ae	tree \| snapshot
parent	643ab234dc3aed19f789b018ca5485ec2d1093ce	commit \| diff

UPDATING		diff \| blob \| history
crypto/openssl/crypto/asn1/a_object.c		diff \| blob \| history
crypto/openssl/crypto/objects/obj_dat.c		diff \| blob \| history
crypto/openssl/ssl/d1_both.c		diff \| blob \| history
crypto/openssl/ssl/d1_clnt.c		diff \| blob \| history
crypto/openssl/ssl/s23_srvr.c		diff \| blob \| history
crypto/openssl/ssl/s3_clnt.c		diff \| blob \| history
sys/conf/newvers.sh		diff \| blob \| history