FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- OpenSSL multiple vulnerabilities

Affected packages
8.3 <= FreeBSD < 8.3_7
9.0 <= FreeBSD < 9.0_7
9.1 <= FreeBSD < 9.1_2

Details

VuXML ID 69bfc852-9bd0-11e2-a7be-8c705af55518
Discovery 2013-04-02
Entry 2013-04-02
Modified 2016-08-09

A flaw in the OpenSSL handling of OCSP response verification could be exploited to cause a denial of service attack.

OpenSSL has a weakness in the handling of CBC ciphersuites in SSL, TLS and DTLS. The weakness could reveal plaintext in a timing attack.

References

CVE Name CVE-2013-0166
CVE Name CVE-2013-0169
FreeBSD Advisory SA-13:03.openssl
URL http://www.openssl.org/news/secadv_20130205.txt