Revision
7462 -
Directory Listing
-
[select for diffs]
Modified
Thu Mar 10 14:08:20 2016 UTC
(8 years, 1 month ago)
by
laffer1
Diff to
previous 7182
Security patch OpenSSL for DROWN
A cross-protocol attack was discovered that could lead to decryption of TLS
sessions by using a server supporting SSLv2 and EXPORT cipher suites as a
Bleichenbacher RSA padding oracle. Note that traffic between clients and
non-vulnerable servers can be decrypted provided another server supporting
SSLv2 and EXPORT ciphers (even with a different protocol such as SMTP, IMAP
or POP3) shares the RSA keys of the non-vulnerable server. This vulnerability
is known as DROWN. [CVE-2016-0800]
A double free bug was discovered when OpenSSL parses malformed DSA private
keys and could lead to a DoS attack or memory corruption for applications that
receive DSA private keys from untrusted sources. This scenario is considered
rare. [CVE-2016-0705]
The SRP user database lookup method SRP_VBASE_get_by_user had confusing memory
management semantics; the returned pointer was sometimes newly allocated, and
sometimes owned by the callee. The calling code has no way of distinguishing
these two cases. [CVE-2016-0798]
In the BN_hex2bn function, the number of hex digits is calculated using an int
value |i|. Later |bn_expand| is called with a value of |i * 4|. For large
values of |i| this can result in |bn_expand| not allocating any memory because
|i * 4| is negative. This can leave the internal BIGNUM data field as NULL
leading to a subsequent NULL pointer dereference. For very large values of
|i|, the calculation |i * 4| could be a positive value smaller than |i|. In
this case memory is allocated to the internal BIGNUM data field, but it is
insufficiently sized leading to heap corruption. A similar issue exists in
BN_dec2bn. This could have security consequences if BN_hex2bn/BN_dec2bn is
ever called by user applications with very large untrusted hex/dec data. This
is anticipated to be a rare occurrence. [CVE-2016-0797]
The internal |fmtstr| function used in processing a "%s" formatted string in
the BIO_*printf functions could overflow while calculating the length of
a string and cause an out-of-bounds read when printing very long strings.
[CVE-2016-0799]
A side-channel attack was found which makes use of cache-bank conflicts on the
Intel Sandy-Bridge microarchitecture which could lead to the recovery of RSA
keys. [CVE-2016-0702]
s2_srvr.c did not enforce that clear-key-length is 0 for non-export ciphers.
If clear-key bytes are present for these ciphers, they displace encrypted-key
bytes. [CVE-2016-0703]
s2_srvr.c overwrites the wrong bytes in the master key when applying
Bleichenbacher protection for export cipher suites. [CVE-2016-0704]
Obtained from: OpenSSL & FreeBSD
Revision
3707 -
Directory Listing
-
[select for diffs]
Modified
Sat Feb 5 14:25:54 2011 UTC
(13 years, 3 months ago)
by
laffer1
Diff to
previous 3680
Update makefiles for openssh 5.7p1.
ssh-vulnkey is no longer included. I would hope most debian keys have been replaced at this point.
Revision
3006 -
Directory Listing
-
[select for diffs]
Modified
Sun Jun 7 23:59:51 2009 UTC
(14 years, 11 months ago)
by
laffer1
Diff to
previous 3005
Add netpgp makefile. This is intentionally not connected to the build yet as there are a few outstanding issues. It does compile and run if libnetpgp is installed. (tested i386 current)
Revision
3005 -
Directory Listing
-
[select for diffs]
Modified
Sun Jun 7 23:50:18 2009 UTC
(14 years, 11 months ago)
by
laffer1
Diff to
previous 2871
Start of netpgp library from NetBSD current. This is based on the openpgpsdk, but cleaned up a lot. We can verify and sign using a gpg compatible lib but with a bsd license
Revision
1455 -
Directory Listing
-
[select for diffs]
Modified
Sun Apr 6 06:34:28 2008 UTC
(16 years, 1 month ago)
by
laffer1
Diff to
previous 1454
OpenSSH 4.9 introduced an inline sftp-server option in addition to forking a process to handle connections. We're going to need to link in some of that sftp code.
Revision
3 -
Directory Listing
-
[select for diffs]
Added
Sat Feb 25 02:29:52 2006 UTC
(18 years, 2 months ago)
by
laffer1
This commit was generated by cvs2svn to compensate for changes in r2, which
included commits to RCS files with non-trunk default branches.