FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

OpenSSL -- multiple vulnerabilities

Affected packages
1.0.0 <= openssl < 1.0.0_6
0.9.8 <= openssl < 1.0.0
0.9.8 <= linux-f10-openssl < 0.9.8r

Details

VuXML ID 2ecb7b20-d97e-11e0-b2e2-00215c6a37bb
Discovery 2011-09-06
Entry 2011-09-07
Modified 2014-04-10

OpenSSL Team reports:

Two security flaws have been fixed in OpenSSL 1.0.0e

Under certain circumstances OpenSSL's internal certificate verification routines can incorrectly accept a CRL whose nextUpdate field is in the past. (CVE-2011-3207)

OpenSSL server code for ephemeral ECDH ciphersuites is not thread-safe, and furthermore can crash if a client violates the protocol by sending handshake messages in incorrect order. (CVE-2011-3210)

References

CVE Name CVE-2011-3207
CVE Name CVE-2011-3210
URL http://www.openssl.org/news/secadv_20110906.txt