FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

OpenSSL -- multiple vulnerabilities

Affected packages
openssl < 1.0.2j,1
openssl-devel < 1.1.0b
libressl < 2.4.3
libressl-devel < 2.4.3
11.0 <= FreeBSD < 11.0_1

Details

VuXML ID 91a337d8-83ed-11e6-bf52-b499baebfeaf
Discovery 2016-09-26
Entry 2016-09-26
Modified 2016-10-10

OpenSSL reports:

Critical vulnerability in OpenSSL 1.1.0a
Fix Use After Free for large message sizes (CVE-2016-6309)

Moderate vulnerability in OpenSSL 1.0.2i
Missing CRL sanity check (CVE-2016-7052)

References

CVE Name CVE-2016-6309
CVE Name CVE-2016-7052
FreeBSD Advisory SA-16:27.openssl
URL https://www.openssl.org/news/secadv/20160926.txt