ViewVC Help
View Directory | Revision Log | View Changeset | Root Listing
root/src/stable
r6877
File Last Change
 ../
0.1/ 6071 (10 years ago) by laffer1: Move RELENG_0_1 to stable/0.1
0.2/ 6070 (10 years ago) by laffer1: Move RELENG_0_2 to stable/0.2
0.3/ 6069 (10 years ago) by laffer1: Move RELENG_0_3 to stable/0.3
0.4/ 6769 (9 years ago) by laffer1: 0.4-RELEASE-p15 20140916: Fix a security issue with TCP SYN. When a segment with the SYN flag for an already existing connection arrives, the TCP stack tears down the connection, bypassing a check that the sequence number in the segment is in the expected window.
0.5/ 6877 (9 years ago) by laffer1: A flaw in the DTLS SRTP extension parsing code allows an attacker, who sends a carefully crafted handshake message, to cause OpenSSL to fail to free up to 64k of memory causing a memory leak. [CVE-2014-3513]. When an OpenSSL SSL/TLS/DTLS server receives a session ticket the integrity of that ticket is first verified. In the event of a session ticket integrity check failing, OpenSSL will fail to free memory causing a memory leak. [CVE-2014-3567]. The SSL protocol 3.0, as supported in OpenSSL and other products, supports CBC mode encryption where it could not adequately check the integrity of padding, because of the use of non-deterministic CBC padding. This protocol weakness makes it possible for an attacker to obtain clear text data through a padding-oracle attack. Some client applications (such as browsers) will reconnect using a downgraded protocol to work around interoperability bugs in older servers. This could be exploited by an active man-in-the-middle to downgrade connections to SSL 3.0 even if both sides of the connection support higher protocols. SSL 3.0 contains a number of weaknesses including POODLE [CVE-2014-3566]. OpenSSL has added support for TLS_FALLBACK_SCSV to allow applications to block the ability for a MITM attacker to force a protocol downgrade. When OpenSSL is configured with "no-ssl3" as a build option, servers could accept and complete a SSL 3.0 handshake, and clients could be configured to send them. [CVE-2014-3568]. Obtained from: OpenSSL, FreeBSD
5 directories and 0 files shown