Revision
7194 -
Directory Listing
-
[select for diffs]
Modified
Wed Jul 29 00:35:21 2015 UTC
(8 years, 9 months ago)
by
laffer1
Original Path:
trunk/crypto
Diff to
previous 7186
Fix two OpenSSH security issues:
CVE-2014-2653 and CVE-2015-5600
Attackers can bypass MaxAuthTries and brute force passwords. Clients will
not properly validate DNS SSHFP records that offer a certificate. (rarely used)
Revision
6754 -
Directory Listing
-
[select for diffs]
Modified
Tue Sep 9 23:14:38 2014 UTC
(9 years, 7 months ago)
by
laffer1
Original Path:
trunk/crypto
Diff to
previous 6659
Security update for openssl.
The receipt of a specifically crafted DTLS handshake message may cause OpenSSL
to consume large amounts of memory. [CVE-2014-3506]
The receipt of a specifically crafted DTLS packet could cause OpenSSL to leak
memory. [CVE-2014-3507]
A flaw in OBJ_obj2txt may cause pretty printing functions such as
X509_name_oneline, X509_name_print_ex et al. to leak some information from
the stack. [CVE-2014-3508]
OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject to
a denial of service attack. [CVE-2014-3510]
Revision
4884 -
Directory Listing
-
[select for diffs]
Modified
Thu May 3 17:40:43 2012 UTC
(12 years ago)
by
laffer1
Original Path:
trunk/crypto
Diff to
previous 4464
OpenSSL failes to clear the bytes used as block cipher padding in SSL 3.0
records when operating as a client or a server that accept SSL 3.0
handshakes. As a result, in each record, up to 15 bytes of uninitialized
memory may be sent, encrypted, to the SSL peer. This could include
sensitive contents of previously freed memory. [CVE-2011-4576]
OpenSSL support for handshake restarts for server gated cryptograpy (SGC)
can be used in a denial-of-service attack. [CVE-2011-4619]
If an application uses OpenSSL's certificate policy checking when
verifying X509 certificates, by enabling the X509_V_FLAG_POLICY_CHECK
flag, a policy check failure can lead to a double-free. [CVE-2011-4109]
A weakness in the OpenSSL PKCS #7 code can be exploited using
Bleichenbacher's attack on PKCS #1 v1.5 RSA padding also known as the
million message attack (MMA). [CVE-2012-0884]
The asn1_d2i_read_bio() function, used by the d2i_*_bio and d2i_*_fp
functions, in OpenSSL contains multiple integer errors that can cause
memory corruption when parsing encoded ASN.1 data. This error can occur
on systems that parse untrusted ASN.1 data, such as X.509 certificates
or RSA public keys. [CVE-2012-2110]
Revision
3573 -
Directory Listing
-
[select for diffs]
Modified
Tue Nov 30 14:03:18 2010 UTC
(13 years, 5 months ago)
by
laffer1
Original Path:
trunk/crypto
Diff to
previous 3536
A double free exists in the SSL client ECDH handling code, when
processing specially crafted public keys with invalid prime
numbers. [CVE-2010-2939]
Revision
3532 -
Directory Listing
-
[select for diffs]
Modified
Fri Oct 8 16:37:52 2010 UTC
(13 years, 6 months ago)
by
laffer1
Original Path:
trunk/crypto
Diff to
previous 3204
Enable the new GLOB_LIMIT flag to fix a security vulnerability that is remotely exploitable with sftp daemon.
This enables the patch to libc/gen/glob.c
Revision
3204 -
Directory Listing
-
[select for diffs]
Modified
Sat Dec 5 15:29:50 2009 UTC
(14 years, 5 months ago)
by
laffer1
Original Path:
trunk/crypto
Diff to
previous 3182
The SSL version 3 and TLS protocols support session renegotiation without
cryptographically tying the new session parameters to the old parameters.
Disable renegotiation of session parameters. This can break some software
packages, but it's rarely used.
Revision
3026 -
Directory Listing
-
[select for diffs]
Modified
Thu Jun 11 03:50:29 2009 UTC
(14 years, 10 months ago)
by
laffer1
Original Path:
trunk/crypto
Diff to
previous 3003
Fix the illegal instructions with libcrytpo stuff linking to openssl. (sendmail, dovecot, or anything else...)
This is a "feature" of gcc4 that adds illegal instructions to discourage casting certain ways. How nice.
Revision
2841 -
Directory Listing
-
[select for diffs]
Modified
Wed Apr 22 18:06:36 2009 UTC
(15 years ago)
by
laffer1
Original Path:
trunk/crypto
Diff to
previous 2511
The function ASN1_STRING_print_ex does not properly validate the lengths
of BMPString or UniversalString objects before attempting to print them.
Remotely exploitable bug in openssl
Revision
1267 -
Directory Listing
-
[select for diffs]
Modified
Wed Oct 3 23:57:10 2007 UTC
(16 years, 7 months ago)
by
laffer1
Original Path:
trunk/crypto
Diff to
previous 1108
Fix a security issue with openssl.
For applications using the SSL_get_shared_ciphers() function, the
buffer overflow could allow an attacker to crash or potentially
execute arbitrary code with the permissions of the user running the
application. (freebsd advisory text).
Revision
6 -
Directory Listing
-
[select for diffs]
Modified
Sat Feb 25 02:38:42 2006 UTC
(18 years, 2 months ago)
by
laffer1
Original Path:
trunk/crypto
Diff to
previous 3
This commit was generated by cvs2svn to compensate for changes in r5, which
included commits to RCS files with non-trunk default branches.
Revision
3 -
Directory Listing
-
[select for diffs]
Modified
Sat Feb 25 02:29:52 2006 UTC
(18 years, 2 months ago)
by
laffer1
Original Path:
trunk/crypto
Diff to
previous 2
This commit was generated by cvs2svn to compensate for changes in r2, which
included commits to RCS files with non-trunk default branches.