LibreSSL errata

11 June, 2015 by doug@acyclic.org | openbsd

Patches are now available to fix a few issues in LibreSSL's libcrypto. CVE-2015-1788 - Malformed ECParameters causes infinite loop CVE-2015-1789 - Exploitable out-of-bounds read in X509_cmp_time CVE-2015-1792 - CMS verify infinite loop with unknown hash function Note that CMS was already disabled in LibreSSL. Several other issues did not apply or were already fixed and one low severity issue is under review. For more information, see https://www.openssl.org/news/secadv_20150611.txt Thanks to the OpenSSL team for providing patches. 5.7 patch: http://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/009_openssl.patch.sig http://www.openbsd.org/errata57.html 5.6 patch: http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/026_openssl.patch.sig http://www.openbsd.org/errata56.html

Please enable JavaScript to view the comments powered by Disqus.