FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

OpenSSL -- multiple vulnerabilities

Affected packages
openssl < 1.0.0_8

Details

VuXML ID 78cc8a46-3e56-11e1-89b4-001ec9578670
Discovery 2012-01-04
Entry 2012-01-14

The OpenSSL Team reports:

6 security flaws have been fixed in OpenSSL 1.0.0f:

If X509_V_FLAG_POLICY_CHECK is set in OpenSSL 0.9.8, then a policy check failure can lead to a double-free.

OpenSSL prior to 1.0.0f and 0.9.8s failed to clear the bytes used as block cipher padding in SSL 3.0 records. As a result, in each record, up to 15 bytes of uninitialized memory may be sent, encrypted, to the SSL peer. This could include sensitive contents of previously freed memory.

RFC 3779 data can be included in certificates, and if it is malformed, may trigger an assertion failure. This could be used in a denial-of-service attack.

Support for handshake restarts for server gated cryptograpy (SGC) can be used in a denial-of-service attack.

A malicious TLS client can send an invalid set of GOST parameters which will cause the server to crash due to lack of error checking. This could be used in a denial-of-service attack.

References

CVE Name CVE-2011-4108
CVE Name CVE-2011-4109
CVE Name CVE-2011-4576
CVE Name CVE-2011-4577
CVE Name CVE-2011-4619
CVE Name CVE-2012-0027
URL http://openssl.org/news/secadv_20120104.txt