FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

OpenSSL -- multiple vulnerabilities

Affected packages
1.0.1 <= openssl < 1.0.1_17
1.0.1 <= mingw32-openssl < 1.0.1k
linux-c6-openssl < 1.0.1e_3
10.1 <= FreeBSD < 10.1_4
10.0 <= FreeBSD < 10.0_16
9.3 <= FreeBSD < 9.3_8
8.4 <= FreeBSD < 8.4_22

Details

VuXML ID 4e536c14-9791-11e4-977d-d050992ecde8
Discovery 2015-01-08
Entry 2015-01-08
Modified 2016-08-09

OpenSSL project reports:

DTLS segmentation fault in dtls1_get_record (CVE-2014-3571)

DTLS memory leak in dtls1_buffer_record (CVE-2015-0206)

no-ssl3 configuration sets method to NULL (CVE-2014-3569)

ECDHE silently downgrades to ECDH [Client] (CVE-2014-3572)

RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204)

DH client certificates accepted without verification [Server] (CVE-2015-0205)

Certificate fingerprints can be modified (CVE-2014-8275)

Bignum squaring may produce incorrect results (CVE-2014-3570)

References

CVE Name CVE-2014-3569
CVE Name CVE-2014-3570
CVE Name CVE-2014-3571
CVE Name CVE-2014-3572
CVE Name CVE-2014-8275
CVE Name CVE-2015-0204
CVE Name CVE-2015-0205
CVE Name CVE-2015-0206
FreeBSD Advisory SA-15:01.openssl
URL https://www.openssl.org/news/secadv_20150108.txt