BSDSec

deadsimple BSD Security Advisories and Announcements

LibreSSL errata

11 June, 2015 by doug@acyclic.org | openbsd 

Patches are now available to fix a few issues in LibreSSL's libcrypto.

CVE-2015-1788 - Malformed ECParameters causes infinite loop
CVE-2015-1789 - Exploitable out-of-bounds read in X509_cmp_time
CVE-2015-1792 - CMS verify infinite loop with unknown hash function

Note that CMS was already disabled in LibreSSL.

Several other issues did not apply or were already fixed and one low
severity issue is under review.  For more information, see
https://www.openssl.org/news/secadv_20150611.txt

Thanks to the OpenSSL team for providing patches.

5.7 patch:
http://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/009_openssl.patch.sig
http://www.openbsd.org/errata57.html

5.6 patch:
http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/026_openssl.patch.sig
http://www.openbsd.org/errata56.html