FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

OpenSSL -- multiple vulnerabilities

Affected packages
1.1.0 <= openssl-devel < 1.1.0_1
openssl < 1.0.2i,1
linux-c6-openssl < 1.0.1e_11
10.3 <= FreeBSD < 10.3_8
10.2 <= FreeBSD < 10.2_21
10.1 <= FreeBSD < 10.1_38
9.3 <= FreeBSD < 9.3_46

Details

VuXML ID 43eaa656-80bc-11e6-bf52-b499baebfeaf
Discovery 2016-09-22
Entry 2016-09-22
Modified 2016-10-11

OpenSSL reports:

High: OCSP Status Request extension unbounded memory growth

SSL_peek() hang on empty record

SWEET32 Mitigation

OOB write in MDC2_Update()

Malformed SHA512 ticket DoS

OOB write in BN_bn2dec()

OOB read in TS_OBJ_print_bio()

Pointer arithmetic undefined behaviour

Constant time flag not preserved in DSA signing

DTLS buffered message DoS

DTLS replay protection DoS

Certificate message OOB reads

Excessive allocation of memory in tls_get_message_header()

Excessive allocation of memory in dtls1_preprocess_fragment()

NB: LibreSSL is only affected by CVE-2016-6304

References

CVE Name CVE-2016-2177
CVE Name CVE-2016-2178
CVE Name CVE-2016-2179
CVE Name CVE-2016-2180
CVE Name CVE-2016-2181
CVE Name CVE-2016-2182
CVE Name CVE-2016-2183
CVE Name CVE-2016-6302
CVE Name CVE-2016-6303
CVE Name CVE-2016-6304
CVE Name CVE-2016-6305
CVE Name CVE-2016-6306
CVE Name CVE-2016-6307
CVE Name CVE-2016-6308
FreeBSD Advisory SA-16:26.openssl
URL https://www.openssl.org/news/secadv/20160922.txt