diff options
Diffstat (limited to 'share/security/advisories/FreeBSD-SA-16:35.openssl.asc')
-rw-r--r-- | share/security/advisories/FreeBSD-SA-16:35.openssl.asc | 148 |
1 files changed, 0 insertions, 148 deletions
diff --git a/share/security/advisories/FreeBSD-SA-16:35.openssl.asc b/share/security/advisories/FreeBSD-SA-16:35.openssl.asc deleted file mode 100644 index a2c00c8ca7..0000000000 --- a/share/security/advisories/FreeBSD-SA-16:35.openssl.asc +++ /dev/null @@ -1,148 +0,0 @@ ------BEGIN PGP SIGNED MESSAGE----- -Hash: SHA512 - -============================================================================= -FreeBSD-SA-16:35.openssl Security Advisory - The FreeBSD Project - -Topic: OpenSSL Remote DoS vulnerability - -Category: contrib -Module: openssl -Announced: 2016-11-02 -Affects: FreeBSD 9.x and FreeBSD 10.x. -Corrected: 2016-11-02 07:09:31 UTC (stable/10, 10.3-STABLE) - 2016-11-02 07:23:36 UTC (releng/10.3, 10.3-RELEASE-p12) - 2016-11-02 07:24:14 UTC (releng/10.2, 10.2-RELEASE-p25) - 2016-11-02 07:24:14 UTC (releng/10.1, 10.1-RELEASE-p42) - 2016-11-02 07:09:31 UTC (stable/9, 9.3-STABLE) - 2016-11-02 07:24:34 UTC (releng/9.3, 9.3-RELEASE-p50) -CVE Name: CVE-2016-8610 - -For general information regarding FreeBSD Security Advisories, -including descriptions of the fields above, security branches, and the -following sections, please visit <URL:https://security.FreeBSD.org/>. - -I. Background - -FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is -a collaborative effort to develop a robust, commercial-grade, full-featured -Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) -and Transport Layer Security (TLS v1) protocols as well as a full-strength -general purpose cryptography library. - -The SSL alert protocol is a way to communicate problems within a SSL/TLS session. - -II. Problem Description - -Due to improper handling of alert packets, OpenSSL would consume an excessive -amount of CPU time processing undefined alert messages. - -III. Impact - -A remote attacker who can initiate handshakes with an OpenSSL based server -can cause the server to consume a lot of computation power with very little -bandwidth usage, and may be able to use this technique in a leveraged Denial -of Service attack. - -IV. Workaround - -No workaround is available. - -V. Solution - -Perform one of the following: - -1) Upgrade your vulnerable system to a supported FreeBSD stable or -release / security branch (releng) dated after the correction date. - -Restart all daemons that use the library, or reboot the system. - -2) To update your vulnerable system via a binary patch: - -Systems running a RELEASE version of FreeBSD on the i386 or amd64 -platforms can be updated via the freebsd-update(8) utility: - -# freebsd-update fetch -# freebsd-update install - -Restart all daemons that use the library, or reboot the system. - -3) To update your vulnerable system via a source code patch: - -The following patches have been verified to apply to the applicable -FreeBSD release branches. - -a) Download the relevant patch from the location below, and verify the -detached PGP signature using your PGP utility. - -[FreeBSD 10.x] -# fetch https://security.FreeBSD.org/patches/SA-16:35/openssl-10.patch -# fetch https://security.FreeBSD.org/patches/SA-16:35/openssl-10.patch.asc -# gpg --verify openssl-10.patch.asc - -[FreeBSD 9.3] -# fetch https://security.FreeBSD.org/patches/SA-16:35/openssl-9.patch -# fetch https://security.FreeBSD.org/patches/SA-16:35/openssl-9.patch.asc -# gpg --verify openssl-9.patch.asc - -b) Apply the patch. Execute the following commands as root: - -# cd /usr/src -# patch < /path/to/patch - -c) Recompile the operating system using buildworld and installworld as -described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. - -Restart all daemons that use the library, or reboot the system. - -VI. Correction details - -The following list contains the correction revision numbers for each -affected branch. - -Branch/path Revision -- ------------------------------------------------------------------------- -stable/9/ r308200 -releng/9.3/ r308205 -stable/10/ r308200 -releng/10.1/ r308204 -releng/10.2/ r308204 -releng/10.3/ r308203 -- ------------------------------------------------------------------------- - -To see which files were modified by a particular revision, run the -following command, replacing NNNNNN with the revision number, on a -machine with Subversion installed: - -# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base - -Or visit the following URL, replacing NNNNNN with the revision number: - -<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> - -VII. References - -<URL:http://seclists.org/oss-sec/2016/q4/224> - -<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8610> - -The latest revision of this advisory is available at -<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-16:35.openssl.asc> ------BEGIN PGP SIGNATURE----- -Version: GnuPG v2.1.15 (FreeBSD) - -iQIcBAEBCgAGBQJYGZhkAAoJEO1n7NZdz2rnwbMQAOiGWegkYQodqBzNboK9U+6M -8Jt6HNrYDWAyzp+mZmWxgPWZMkGaNAsBEFXwZlHgs65RCbRczxr/kUWZx2/XHbM3 -kGx5eNIq46BFIrTDPvUgNciorl/ncJGeO4SYEFBYImceDNwIQVtpfz1IUAve+LNW -RYYICakWn8HPuqzmIFjQydMkoyEaHMwsmkv3nVNVX46sVIQ1umZ3RZsKtlPOQqNs -sAa0HuOOQbeU2eJhhtcYcDEPNF7Do9WvSMnYrJQ/lE2SuatXq2tdbvZLV8ieiPoj -3AMf9p2yPpeqqO9yy19CayTSPmDiKMVQq8jikVomX5XkVqNKLrQoQfrvpwR0DWOW -fwIDjZ1H9IXoqjVVZwp5GLfHhAURNjbsszF4B1lXQHI1D/p4bXyOOrcuM1JxHXRK -UGvagbs30DWH+4Baph/UVOsFUhPU0sguPtpPa0XFxSIxB6qZJJGjdOh7el6aBYJu -VxQuw1wWQvJPm9CsIIZrX4WYBcwS8ro82wsfNWO+ZC0j5UbMwh2joFgrbEdWNM3f -MWVYuH5czzoJO85Nu7uGB+qa9GYqKkdwGRDnFshnvPhHHnpmGL/tLHM+Kqg7uDeu -8RsNaZ4PYChZh8YHVooOraDl0Nz0Ln/kok8GdsZUpNfuiXm3U9fLUCAFAdNUOlr6 -PJuvkUEQRMlhG8tX3+11 -=1gO7 ------END PGP SIGNATURE----- |