FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

openssl -- multiple vulnerabilities

Affected packages
openssl < 1.0.2_5
1.0.1 <= mingw32-openssl < 1.0.2e
linux-c6-openssl < 1.0.1e_7
10.2 <= FreeBSD < 10.2_8
10.1 <= FreeBSD < 10.1_25
9.3 <= FreeBSD < 9.3_31

Details

VuXML ID 4c8d1d72-9b38-11e5-aece-d050996490d0
Discovery 2015-12-03
Entry 2015-12-05
Modified 2016-08-09

OpenSSL project reports:

  1. BN_mod_exp may produce incorrect results on x86_64 (CVE-2015-3193)
  2. Certificate verify crash with missing PSS parameter (CVE-2015-3194)
  3. X509_ATTRIBUTE memory leak (CVE-2015-3195)
  4. Race condition handling PSK identify hint (CVE-2015-3196)
  5. Anon DH ServerKeyExchange with 0 p parameter (CVE-2015-1794)

References

CVE Name CVE-2015-1794
CVE Name CVE-2015-3193
CVE Name CVE-2015-3194
CVE Name CVE-2015-3195
CVE Name CVE-2015-3196
FreeBSD Advisory SA-15:26.openssl
URL https://www.openssl.org/news/secadv/20151203.txt