197 matches found
LibreSSL -- Memory leak and buffer overflow
Qualys reports: During the code review of OpenSMTPD a memory leak and buffer overflow an off-by-one, usually stack-based were discovered in LibreSSL's OBJobj2txt function. This function is called automatically during a TLS handshake both client-side, unless an anonymous mode is used, and...
openSUSE: Security Advisory for libressl (openSUSE-SU-2015:1277-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE Security Update : libressl (openSUSE-2015-507) (Logjam)
libressl was updated to version 2.2.1 to fix 16 security issues. LibreSSL is a fork of OpenSSL. Because of that CVEs affecting OpenSSL often also affect LibreSSL. These security issues were fixed : - CVE-2014-3570: The BNsqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1...
Security update for libressl (important)
libressl was updated to version 2.2.1 to fix 16 security issues. LibreSSL is a fork of OpenSSL. Because of that CVEs affecting OpenSSL often also affect LibreSSL. These security issues were fixed: - CVE-2014-3570: The BNsqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1...
FreeBSD : LibreSSL -- DTLS vulnerability (f9c388c5-a256-11e4-992a-7b2a515a1247)
OpenSSL Security Advisory : A memory leak can occur in the dtls1bufferrecord function under certain conditions. In particular this could occur if an attacker sent repeated DTLS records with the same sequence number but for the next epoch. The memory leak could be exploited by an attacker in a...
LibreSSL -- DTLS vulnerability
OpenSSL Security Advisory: A memory leak can occur in the dtls1bufferrecord function under certain conditions. In particular this could occur if an attacker sent repeated DTLS records with the same sequence number but for the next epoch. The memory leak could be exploited by an attacker in a Deni...
LibreSSL Double Release Vulnerability
LibreSSL is a fork of the OpenSSL cryptographic software library developed by the OpenBSD project and an open source implementation of the Secure Sockets Layer SSL and Transport Layer Security TLS protocols. A double-release vulnerability exists in the 'sslparseclienthellousesrtpext' function in...
CVE-2014-9424
Double free vulnerability in the sslparseclienthellousesrtpext function in d1srtp.c in LibreSSL before 2.1.2 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a certain length-verification error during processing of a DTLS handshake...
CVE-2014-9424
CVE-2014-9424 affects LibreSSL prior to 2.1.2. The vulnerability is a double-free in ssl_parse_clienthello_use_srtp_ext() within d1_srtp.c, which can trigger a length-verification error during DTLS handshake and may cause a denial of service (or unspecified impact). The issue is fixed by upgradin...
Vulnerability in OpenSSL - SRTP Memory Leak
A flaw in the DTLS SRTP extension parsing code allows an attacker, who sends a carefully crafted handshake message, to cause OpenSSL to fail to free up to 64k of memory causing a memory leak. This could be exploited in a Denial Of Service attack. This issue affects OpenSSL 1.0.1 server...
Design/Logic Flaw
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-5139. Reason: This candidate is a duplicate of CVE-2014-5139, and has also been used to refer to an unrelated topic that is currently outside the scope of CVE. This unrelated topic is a LibreSSL code change adding functionali...
LibreSSL PRNG Vulnerability Patched
The OpenBSD project late last night rushed out a patch for a vulnerability in the LibreSSL pseudo random number generator PRNG. The flaw was disclosed two days ago by the founder of secure backup company Opsmate, Andrew Ayer, who said the vulnerability was a “catastrophic failure of the PRNG.”...
Early Review of LibreSSL Finds Problematic PRNG
When the OpenBSD foundation sent LibreSSL out the door last weekend, it was with the full intention of getting some feedback and scrutiny in return, all in the name of making the crypto library stable and secure. What they likely didn’t expect were claims surfacing that LibreSSL shared some of th...
LibreSSL Portable Fork Of OpenSSL Released
After months of code cleanup and rewriting, the OpenBSD Foundation this weekend sent LibreSSL out the door. The slimmed down OpenSSL fork works on a number of platforms beyond OpenBSD, including several Linux flavors, Solaris, Mac OS X and Free BSD. “I firmly believe that LibreSSL is in a better...
Google Announces its BoringSSL OpenSSL Fork
In the year-plus since surveillance, privacy and Snowden became part of the daily security conversation, technologies that safeguard online communication and commerce have become Job 1 for experts anxious to plug gaping flaws and shore up other usability deficiencies. OpenSSL is probably at the t...
Google Unveils BoringSSL, Another Flavor of OpenSSL
The open source encryption protocol, OpenSSL, which is used by several social networks, search engines, banks and other websites to enable secure connections while transmitting data, came to everybody's attention following the Heartbleed vulnerability, a critical bug in the OpenSSL's implementati...
OpenBSD Initiates Fork of OpenSSL, LibreSSL
Heartbleed may have been the final straw, but the movement to create a fork of OpenSSL called LibreSSL had its roots in another issue that made the crypto libraries untenable for folks at OpenBSD. LibreSSL is an initiative spurred on by OpenBSD founder Theo de Raadt to split off and develop a...