BSDSec

deadsimple BSD Security Advisories and Announcements

OpenBSD Errata: May 8th, 2017 (libssl)

8 May, 2017 by tj@openbsd.org | openbsd 

Errata patches for libssl have been released for OpenBSD 6.1 and 6.0.

Incorrect DTLS cookie handling can result in a NULL pointer dereference.

Binary updates for the amd64 and i386 platforms are available via the
syspatch utility. Source code patches can be found on the respective
errata pages:

  https://www.openbsd.org/errata60.html
  https://www.openbsd.org/errata61.html

If none of your server-side applications use DTLS, this issue does not
affect you.