Contributed by phessler on from the it-must-be-tuesday dept.
OpenSSL announced several issues today that also affect LibreSSL. - Memory corruption in the ASN.1 encoder (CVE-2016-2108) - Padding oracle in AES-NI CBC MAC check (CVE-2016-2107) - EVP_EncodeUpdate overflow (CVE-2016-2105) - EVP_EncryptUpdate overflow (CVE-2016-2106) - ASN.1 BIO excessive memory allocation (CVE-2016-2109) Thanks to OpenSSL for providing information and patches. Refer to https://www.openssl.org/news/secadv/20160503.txt Patches for OpenBSD are available: http://ftp.openbsd.org/pub/OpenBSD/patches/5.9/common/005_crypto.patch.sig http://ftp.openbsd.org/pub/OpenBSD/patches/5.8/common/013_crypto.patch.sig
(Comments are closed)