aboutsummaryrefslogtreecommitdiff
path: root/share/security/advisories/FreeBSD-SA-06:23.openssl.asc
diff options
context:
space:
mode:
Diffstat (limited to 'share/security/advisories/FreeBSD-SA-06:23.openssl.asc')
-rw-r--r--share/security/advisories/FreeBSD-SA-06:23.openssl.asc287
1 files changed, 0 insertions, 287 deletions
diff --git a/share/security/advisories/FreeBSD-SA-06:23.openssl.asc b/share/security/advisories/FreeBSD-SA-06:23.openssl.asc
deleted file mode 100644
index c0997813bf..0000000000
--- a/share/security/advisories/FreeBSD-SA-06:23.openssl.asc
+++ /dev/null
@@ -1,287 +0,0 @@
------BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA1
-
-=============================================================================
-FreeBSD-SA-06:23.openssl Security Advisory
- The FreeBSD Project
-
-Topic: Multiple problems in crypto(3)
-
-Category: contrib
-Module: openssl
-Announced: 2006-09-28
-Credits: Dr S N Henson, Tavis Ormandy, Will Drewry
- Stephen Kiernan (Juniper SIRT)
-Affects: All FreeBSD releases.
-Corrected: 2006-09-29 13:44:03 UTC (RELENG_6, 6.2-PRERELEASE)
- 2006-09-29 13:44:31 UTC (RELENG_6_1, 6.1-RELEASE-p9)
- 2006-09-29 13:44:45 UTC (RELENG_6_0, 6.0-RELEASE-p14)
- 2006-09-29 13:45:01 UTC (RELENG_5, 5.5-STABLE)
- 2006-09-29 13:45:43 UTC (RELENG_5_5, 5.5-RELEASE-p7)
- 2006-09-29 13:45:59 UTC (RELENG_5_4, 5.4-RELEASE-p21)
- 2006-09-29 13:46:10 UTC (RELENG_5_3, 5.3-RELEASE-p36)
- 2006-09-29 13:46:23 UTC (RELENG_4, 4.11-STABLE)
- 2006-09-29 13:46:41 UTC (RELENG_4_11, 4.11-RELEASE-p24)
-CVE Name: CVE-2006-2937, CVE-2006-2940, CVE-2006-3738, CVE-2006-4343
-
-For general information regarding FreeBSD Security Advisories,
-including descriptions of the fields above, security branches, and the
-following sections, please visit <URL:http://security.FreeBSD.org/>.
-
-0. Revision History
-
-v1.0 2006-09-28 Initial release.
-v1.1 2006-09-29 Corrected patch.
-
-I. Background
-
-FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is
-a collaborative effort to develop a robust, commercial-grade, full-featured,
-and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)
-and Transport Layer Security (TLS v1) protocols as well as a full-strength
-general purpose cryptography library.
-
-II. Problem Description
-
-Several problems have been found in OpenSSL:
-
-1. During the parsing of certain invalid ASN1 structures an error condition
-is mishandled, possibly resulting in an infinite loop. [CVE-2006-2937]
-
-2. A buffer overflow exists in the SSL_get_shared_ciphers function.
-[CVE-2006-3738]
-
-3. A NULL pointer may be dereferenced in the SSL version 2 client code.
-[CVE-2006-4343]
-
-In addition, many applications using OpenSSL do not perform any validation
-of the lengths of public keys being used. [CVE-2006-2940]
-
-III. Impact
-
-Servers which parse ASN1 data from untrusted sources may be vulnerable to
-a denial of service attack. [CVE-2006-2937]
-
-An attacker accessing a server which uses SSL version 2 may be able to
-execute arbitrary code with the privileges of that server. [CVE-2006-3738]
-
-A malicious SSL server can cause clients connecting using SSL version 2 to
-crash. [CVE-2006-4343]
-
-Applications which perform public key operations using untrusted keys may
-be vulnerable to a denial of service attack. [CVE-2006-2940]
-
-IV. Workaround
-
-No workaround is available, but not all of the vulnerabilities mentioned
-affect all applications.
-
-V. Solution
-
-Perform one of the following:
-
-1) Upgrade your vulnerable system to 4-STABLE, 5-STABLE, or 6-STABLE,
-or to the RELENG_6_1, RELENG_6_0, RELENG_5_5, RELENG_5_4, RELENG_5_3,
-or RELENG_4_11 security branch dated after the correction date.
-
-2) To patch your present system:
-
-The following patch has been verified to apply to FreeBSD 4.11, 5.3,
-5.4, 5.5, 6.0, and 6.1 systems.
-
-a) Download the patch from the location below, and verify the detached
-PGP signature using your PGP utility.
-
-# fetch http://security.FreeBSD.org/patches/SA-06:23/openssl.patch
-# fetch http://security.FreeBSD.org/patches/SA-06:23/openssl.patch.asc
-
-NOTE: The patch distributed at the time of the original advisory was
-incorrect. Systems to which the original patch was applied should be
-patched with the following corrective patch, which contains only the
-changes between the original and updated patch:
-
-# fetch http://security.FreeBSD.org/patches/SA-06:23/openssl-correction.patch
-# fetch http://security.FreeBSD.org/patches/SA-06:23/openssl-correction.patch.asc
-
-b) Execute the following commands as root:
-
-# cd /usr/src
-# patch < /path/to/patch
-
-c) Recompile the operating system as described in
-<URL: http://www.freebsd.org/handbook/makeworld.html> and reboot the
-system.
-
-NOTE: Any third-party applications, including those installed from the
-FreeBSD ports collection, which are statically linked to libcrypto(3)
-should be recompiled in order to use the corrected code.
-
-NOTE ALSO: The above patch reduces the functionality of libcrypto(3) by
-prohibiting the use of exceptionally large public keys. It is believed
-that no existing applications legitimately use such key lengths as would
-be affected by this change.
-
-VI. Correction details
-
-The following list contains the revision numbers of each file that was
-corrected in FreeBSD.
-
-Branch Revision
- Path
-- -------------------------------------------------------------------------
-RELENG_4
- src/crypto/openssl/crypto/asn1/tasn_dec.c 1.1.1.1.2.3
- src/crypto/openssl/crypto/dh/dh.h 1.1.1.1.2.5
- src/crypto/openssl/crypto/dh/dh_err.c 1.1.1.1.2.4
- src/crypto/openssl/crypto/dh/dh_key.c 1.1.1.1.2.9
- src/crypto/openssl/crypto/dsa/dsa.h 1.1.1.1.2.5
- src/crypto/openssl/crypto/dsa/dsa_err.c 1.1.1.1.2.4
- src/crypto/openssl/crypto/dsa/dsa_ossl.c 1.1.1.1.2.8
- src/crypto/openssl/crypto/rsa/rsa.h 1.2.2.9
- src/crypto/openssl/crypto/rsa/rsa_eay.c 1.2.4.9
- src/crypto/openssl/crypto/rsa/rsa_err.c 1.1.1.1.2.4
- src/crypto/openssl/ssl/s2_clnt.c 1.2.2.9
- src/crypto/openssl/ssl/s3_srvr.c 1.1.1.1.2.10
- src/crypto/openssl/ssl/ssl_lib.c 1.1.1.1.2.9
-RELENG_4_11
- src/UPDATING 1.73.2.91.2.25
- src/sys/conf/newvers.sh 1.44.2.39.2.28
- src/crypto/openssl/crypto/asn1/tasn_dec.c 1.1.1.1.2.2.6.1
- src/crypto/openssl/crypto/dh/dh.h 1.1.1.1.2.4.8.1
- src/crypto/openssl/crypto/dh/dh_err.c 1.1.1.1.2.3.8.1
- src/crypto/openssl/crypto/dh/dh_key.c 1.1.1.1.2.7.6.2
- src/crypto/openssl/crypto/dsa/dsa.h 1.1.1.1.2.4.8.1
- src/crypto/openssl/crypto/dsa/dsa_err.c 1.1.1.1.2.3.8.1
- src/crypto/openssl/crypto/dsa/dsa_ossl.c 1.1.1.1.2.7.6.1
- src/crypto/openssl/crypto/rsa/rsa.h 1.2.2.8.4.1
- src/crypto/openssl/crypto/rsa/rsa_eay.c 1.2.4.8.4.1
- src/crypto/openssl/crypto/rsa/rsa_err.c 1.1.1.1.2.3.8.1
- src/crypto/openssl/ssl/s2_clnt.c 1.2.2.8.4.1
- src/crypto/openssl/ssl/s3_srvr.c 1.1.1.1.2.9.4.1
- src/crypto/openssl/ssl/ssl_lib.c 1.1.1.1.2.8.4.1
-RELENG_5
- src/crypto/openssl/crypto/asn1/tasn_dec.c 1.1.1.2.4.1
- src/crypto/openssl/crypto/dh/dh.h 1.1.1.6.6.1
- src/crypto/openssl/crypto/dh/dh_err.c 1.1.1.4.6.2
- src/crypto/openssl/crypto/dh/dh_key.c 1.1.1.8.4.3
- src/crypto/openssl/crypto/dsa/dsa.h 1.1.1.6.6.2
- src/crypto/openssl/crypto/dsa/dsa_err.c 1.1.1.4.6.1
- src/crypto/openssl/crypto/dsa/dsa_ossl.c 1.1.1.7.4.2
- src/crypto/openssl/crypto/rsa/rsa.h 1.10.4.2
- src/crypto/openssl/crypto/rsa/rsa_eay.c 1.12.4.2
- src/crypto/openssl/crypto/rsa/rsa_err.c 1.1.1.4.6.1
- src/crypto/openssl/ssl/s2_clnt.c 1.12.2.2
- src/crypto/openssl/ssl/s3_srvr.c 1.1.1.13.2.2
- src/crypto/openssl/ssl/ssl_lib.c 1.1.1.11.2.2
-RELENG_5_5
- src/UPDATING 1.342.2.35.2.7
- src/sys/conf/newvers.sh 1.62.2.21.2.9
- src/crypto/openssl/crypto/asn1/tasn_dec.c 1.1.1.2.16.1
- src/crypto/openssl/crypto/dh/dh.h 1.1.1.6.18.1
- src/crypto/openssl/crypto/dh/dh_err.c 1.1.1.4.6.1.4.1
- src/crypto/openssl/crypto/dh/dh_key.c 1.1.1.8.4.1.4.2
- src/crypto/openssl/crypto/dsa/dsa.h 1.1.1.6.6.1.4.1
- src/crypto/openssl/crypto/dsa/dsa_err.c 1.1.1.4.18.1
- src/crypto/openssl/crypto/dsa/dsa_ossl.c 1.1.1.7.4.1.4.1
- src/crypto/openssl/crypto/rsa/rsa.h 1.10.4.1.4.1
- src/crypto/openssl/crypto/rsa/rsa_eay.c 1.12.4.1.4.1
- src/crypto/openssl/crypto/rsa/rsa_err.c 1.1.1.4.18.1
- src/crypto/openssl/ssl/s2_clnt.c 1.12.2.1.4.1
- src/crypto/openssl/ssl/s3_srvr.c 1.1.1.13.2.1.4.1
- src/crypto/openssl/ssl/ssl_lib.c 1.1.1.11.2.1.4.1
-RELENG_5_4
- src/UPDATING 1.342.2.24.2.30
- src/sys/conf/newvers.sh 1.62.2.18.2.26
- src/crypto/openssl/crypto/asn1/tasn_dec.c 1.1.1.2.8.1
- src/crypto/openssl/crypto/dh/dh.h 1.1.1.6.10.1
- src/crypto/openssl/crypto/dh/dh_err.c 1.1.1.4.6.1.2.1
- src/crypto/openssl/crypto/dh/dh_key.c 1.1.1.8.4.1.2.2
- src/crypto/openssl/crypto/dsa/dsa.h 1.1.1.6.6.1.2.1
- src/crypto/openssl/crypto/dsa/dsa_err.c 1.1.1.4.10.1
- src/crypto/openssl/crypto/dsa/dsa_ossl.c 1.1.1.7.4.1.2.1
- src/crypto/openssl/crypto/rsa/rsa.h 1.10.4.1.2.1
- src/crypto/openssl/crypto/rsa/rsa_eay.c 1.12.4.1.2.1
- src/crypto/openssl/crypto/rsa/rsa_err.c 1.1.1.4.10.1
- src/crypto/openssl/ssl/s2_clnt.c 1.12.2.1.2.1
- src/crypto/openssl/ssl/s3_srvr.c 1.1.1.13.2.1.2.1
- src/crypto/openssl/ssl/ssl_lib.c 1.1.1.11.2.1.2.1
-RELENG_5_3
- src/UPDATING 1.342.2.13.2.39
- src/sys/conf/newvers.sh 1.62.2.15.2.41
- src/crypto/openssl/crypto/asn1/tasn_dec.c 1.1.1.2.6.1
- src/crypto/openssl/crypto/dh/dh.h 1.1.1.6.8.1
- src/crypto/openssl/crypto/dh/dh_err.c 1.1.1.4.8.1
- src/crypto/openssl/crypto/dh/dh_key.c 1.1.1.8.6.2
- src/crypto/openssl/crypto/dsa/dsa.h 1.1.1.6.8.1
- src/crypto/openssl/crypto/dsa/dsa_err.c 1.1.1.4.8.1
- src/crypto/openssl/crypto/dsa/dsa_ossl.c 1.1.1.7.6.1
- src/crypto/openssl/crypto/rsa/rsa.h 1.10.6.1
- src/crypto/openssl/crypto/rsa/rsa_eay.c 1.12.6.1
- src/crypto/openssl/crypto/rsa/rsa_err.c 1.1.1.4.8.1
- src/crypto/openssl/ssl/s2_clnt.c 1.12.4.1
- src/crypto/openssl/ssl/s3_srvr.c 1.1.1.13.4.1
- src/crypto/openssl/ssl/ssl_lib.c 1.1.1.11.4.1
-RELENG_6
- src/crypto/openssl/crypto/asn1/tasn_dec.c 1.1.1.2.10.1
- src/crypto/openssl/crypto/dh/dh.h 1.1.1.6.12.1
- src/crypto/openssl/crypto/dh/dh_err.c 1.1.1.5.2.1
- src/crypto/openssl/crypto/dh/dh_key.c 1.1.1.9.2.2
- src/crypto/openssl/crypto/dsa/dsa.h 1.1.1.7.2.1
- src/crypto/openssl/crypto/dsa/dsa_err.c 1.1.1.4.12.1
- src/crypto/openssl/crypto/dsa/dsa_ossl.c 1.1.1.8.2.1
- src/crypto/openssl/crypto/rsa/rsa.h 1.11.2.1
- src/crypto/openssl/crypto/rsa/rsa_eay.c 1.13.2.1
- src/crypto/openssl/crypto/rsa/rsa_err.c 1.1.1.4.12.1
- src/crypto/openssl/ssl/s2_clnt.c 1.13.2.1
- src/crypto/openssl/ssl/s3_srvr.c 1.1.1.14.2.1
- src/crypto/openssl/ssl/ssl_lib.c 1.1.1.12.2.1
-RELENG_6_1
- src/UPDATING 1.416.2.22.2.11
- src/sys/conf/newvers.sh 1.69.2.11.2.11
- src/crypto/openssl/crypto/asn1/tasn_dec.c 1.1.1.2.14.1
- src/crypto/openssl/crypto/dh/dh.h 1.1.1.6.16.1
- src/crypto/openssl/crypto/dh/dh_err.c 1.1.1.5.6.1
- src/crypto/openssl/crypto/dh/dh_key.c 1.1.1.9.6.2
- src/crypto/openssl/crypto/dsa/dsa.h 1.1.1.7.6.1
- src/crypto/openssl/crypto/dsa/dsa_err.c 1.1.1.4.16.1
- src/crypto/openssl/crypto/dsa/dsa_ossl.c 1.1.1.8.6.1
- src/crypto/openssl/crypto/rsa/rsa.h 1.11.6.1
- src/crypto/openssl/crypto/rsa/rsa_eay.c 1.13.6.1
- src/crypto/openssl/crypto/rsa/rsa_err.c 1.1.1.4.16.1
- src/crypto/openssl/ssl/s2_clnt.c 1.13.6.1
- src/crypto/openssl/ssl/s3_srvr.c 1.1.1.14.6.1
- src/crypto/openssl/ssl/ssl_lib.c 1.1.1.12.6.1
-RELENG_6_0
- src/UPDATING 1.416.2.3.2.19
- src/sys/conf/newvers.sh 1.69.2.8.2.15
- src/crypto/openssl/crypto/asn1/tasn_dec.c 1.1.1.2.12.1
- src/crypto/openssl/crypto/dh/dh.h 1.1.1.6.14.1
- src/crypto/openssl/crypto/dh/dh_err.c 1.1.1.5.4.1
- src/crypto/openssl/crypto/dh/dh_key.c 1.1.1.9.4.2
- src/crypto/openssl/crypto/dsa/dsa.h 1.1.1.7.4.1
- src/crypto/openssl/crypto/dsa/dsa_err.c 1.1.1.4.14.1
- src/crypto/openssl/crypto/dsa/dsa_ossl.c 1.1.1.8.4.1
- src/crypto/openssl/crypto/rsa/rsa.h 1.11.4.1
- src/crypto/openssl/crypto/rsa/rsa_eay.c 1.13.4.1
- src/crypto/openssl/crypto/rsa/rsa_err.c 1.1.1.4.14.1
- src/crypto/openssl/ssl/s2_clnt.c 1.13.4.1
- src/crypto/openssl/ssl/s3_srvr.c 1.1.1.14.4.1
- src/crypto/openssl/ssl/ssl_lib.c 1.1.1.12.4.1
-- -------------------------------------------------------------------------
-
-VII. References
-
-http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937
-http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940
-http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738
-http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343
-
-The latest revision of this advisory is available at
-http://security.FreeBSD.org/advisories/FreeBSD-SA-06:23.openssl.asc
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.4.3 (FreeBSD)
-
-iD8DBQFFHSVwFdaIBMps37IRApTZAJ9YY6pldJ52FwtYHbMxsW5363NUgwCgl4tb
-3jFuSkTKR6xVJ6ui4POBjkI=
-=Bn+e
------END PGP SIGNATURE-----
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-24 23:53:40 +0000