Pop-Up Thingie
Sidebar
>>> Magnum BBS <<<
Home
Forum
Files
Dark
Log in
Username
Password
Sidebar
Forum
Usenet
COMP.UNIX.BSD.OPENBSD.ANN
libcrypto errata
From
Ted Unangst
@21:1/5 to
All
on Tue May 3 16:50:02 2016
OpenSSL announced several issues today that also affect LibreSSL.
- Memory corruption in the ASN.1 encoder (CVE-2016-2108)
- Padding oracle in AES-NI CBC MAC check (CVE-2016-2107)
- EVP_EncodeUpdate overflow (CVE-2016-2105)
- EVP_EncryptUpdate overflow (CVE-2016-2106)
- ASN.1 BIO excessive memory allocation (CVE-2016-2109)
Thanks to OpenSSL for providing information and patches.
Refer to
https://www.openssl.org/news/secadv/20160503.txt
Patches for OpenBSD are available:
http://ftp.openbsd.org/pub/OpenBSD/patches/5.9/common/005_crypto.patch.sig
http://ftp.openbsd.org/pub/OpenBSD/patches/5.8/common/013_crypto.patch.sig
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)
Who's Online
Recent Visitors
Smithy
Fri Apr 19 18:53:54 2024
from
Plymouth
via
Telnet
Bob Worm
Fri Apr 19 14:04:19 2024
from
Wales, Uk
via
Telnet
Richard
Fri Apr 19 12:43:01 2024
from
Leeds, Uk
via
SSH
Daniel Garrod
Sat Apr 20 11:50:15 2024
from
Cambridge, Uk
via
Telnet
System Info
Sysop:
Keyop
Location:
Huddersfield, West Yorkshire, UK
Users:
293
Nodes:
16 (
2
/
14
)
Uptime:
242:53:02
Calls:
6,625
Calls today:
1
Files:
12,175
Messages:
5,320,203