| 1 |
|
Updating Information for MidnightBSD users. |
| 2 |
|
|
| 3 |
+ |
20160505: |
| 4 |
+ |
OpenSSL security patch |
| 5 |
+ |
|
| 6 |
+ |
The padding check in AES-NI CBC MAC was rewritten to be in constant time |
| 7 |
+ |
by making sure that always the same bytes are read and compared against |
| 8 |
+ |
either the MAC or padding bytes. But it no longer checked that there was |
| 9 |
+ |
enough data to have both the MAC and padding bytes. [CVE-2016-2107] |
| 10 |
+ |
|
| 11 |
+ |
An overflow can occur in the EVP_EncodeUpdate() function which is used for |
| 12 |
+ |
Base64 encoding of binary data. [CVE-2016-2105] |
| 13 |
+ |
|
| 14 |
+ |
An overflow can occur in the EVP_EncryptUpdate() function, however it is |
| 15 |
+ |
believed that there can be no overflows in internal code due to this problem. |
| 16 |
+ |
[CVE-2016-2106] |
| 17 |
+ |
|
| 18 |
+ |
When ASN.1 data is read from a BIO using functions such as d2i_CMS_bio() |
| 19 |
+ |
a short invalid encoding can casuse allocation of large amounts of memory |
| 20 |
+ |
potentially consuming excessive resources or exhausting memory. |
| 21 |
+ |
[CVE-2016-2109] |
| 22 |
+ |
|
| 23 |
|
20160412: |
| 24 |
|
0.8 stable branch created. Continue development as 0.9. |
| 25 |
|
|
