libcrypto errata - May 2016

by
from OpenBSD Journal on (#1CNAY)
Ted Unangst just sent an announcement of LibreSSL patches

OpenSSL announced several issues today that also affect LibreSSL.- Memory corruption in the ASN.1 encoder (CVE-2016-2108)- Padding oracle in AES-NI CBC MAC check (CVE-2016-2107)- EVP_EncodeUpdate overflow (CVE-2016-2105)- EVP_EncryptUpdate overflow (CVE-2016-2106)- ASN.1 BIO excessive memory allocation (CVE-2016-2109)Thanks to OpenSSL for providing information and patches.Refer to https://www.openssl.org/news/secadv/20160503.txtPatches for OpenBSD are available:http://ftp.openbsd.org/pub/OpenBSD/patches/5.9/common/005_crypto.patch.sighttp://ftp.openbsd.org/pub/OpenBSD/patches/5.8/common/013_crypto.patch.sig
External Content
Source RSS or Atom Feed
Feed Location http://undeadly.org/cgi?action=rss
Feed Title OpenBSD Journal
Feed Link http://undeadly.org/
Reply 0 comments