FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

OpenSSL -- multiple vulnerabilities

Affected packages
openssl < 1.0.2_11
linux-c6-openssl < 1.0.1e_8
2.3.0 <= libressl < 2.3.4
libressl < 2.2.7
libressl-devel < 2.3.4
10.3 <= FreeBSD < 10.3_2
10.2 <= FreeBSD < 10.2_16
10.1 <= FreeBSD < 10.1_33
9.3 <= FreeBSD < 9.3_41

Details

VuXML ID 01d729ca-1143-11e6-b55e-b499baebfeaf
Discovery 2016-05-03
Entry 2016-05-03
Modified 2016-08-09

OpenSSL reports:

Memory corruption in the ASN.1 encoder

Padding oracle in AES-NI CBC MAC check

EVP_EncodeUpdate overflow

EVP_EncryptUpdate overflow

ASN.1 BIO excessive memory allocation

EBCDIC overread (OpenSSL only)

References

CVE Name CVE-2016-2105
CVE Name CVE-2016-2106
CVE Name CVE-2016-2107
CVE Name CVE-2016-2108
CVE Name CVE-2016-2109
CVE Name CVE-2016-2176
FreeBSD Advisory SA-16:17.openssl
URL https://marc.info/?l=openbsd-tech&m=146228598730414
URL https://www.openssl.org/news/secadv/20160503.txt