Bug #17787
OpenSSL Fix Use After Free for large message sizes (CVE-2016-6309)
Needs Merging:
Yes
Needs Automation:
No
Support Suite Ticket:
n/a
Hardware Configuration:
ChangeLog Required:
No
Description
It appears FreeNAS 9.10.1 may be affected by this CVE. Suggest that OpenSSL is updated ASAP.
Build: FreeNAS-9.10.1 (d989edd)
[root@tardis] ~# openssl version OpenSSL 1.0.1t-freebsd 3 May 2016
Associated revisions
Fix multiple OpenSSL vulnerabilitites.
Approved by: so
Security: FreeBSD-SA-16:26.openssl
(cherry picked from commit eaf14f8188deb08bcb1fa48ab854b3a3ab8bf939)
Ticket: #17787
Fix multiple OpenSSL vulnerabilitites.
Approved by: so
Security: FreeBSD-SA-16:26.openssl
(cherry picked from commit eaf14f8188deb08bcb1fa48ab854b3a3ab8bf939)
Ticket: #17787
Apply upstream revision 3612ff6fcec0e3d1f2a598135fe12177c0419582:
Fix overflow check in BN_bn2dec()
Fix an off by one error in the overflow check added by 07bed46
("Check for errors in BN_bn2dec()").
This fixes a regression introduced in SA-16:26.openssl.
Submitted by: jkim
PR: 212921
Approved by: so
(cherry picked from commit 732e3790c641745d1af66fb12949ce9727cc2923)
Ticket: #17787
Apply upstream revision 3612ff6fcec0e3d1f2a598135fe12177c0419582:
Fix overflow check in BN_bn2dec()
Fix an off by one error in the overflow check added by 07bed46
("Check for errors in BN_bn2dec()").
This fixes a regression introduced in SA-16:26.openssl.
Submitted by: jkim
PR: 212921
Approved by: so
(cherry picked from commit 732e3790c641745d1af66fb12949ce9727cc2923)
Ticket: #17787
Fix multiple OpenSSL vulnerabilitites.
Approved by: so
Security: FreeBSD-SA-16:26.openssl
(cherry picked from commit eaf14f8188deb08bcb1fa48ab854b3a3ab8bf939)
Ticket: #17787
(cherry picked from commit dae4b7be3e6887d93a88383daf300badecaf6b00)
Fix multiple OpenSSL vulnerabilitites.
Approved by: so
Security: FreeBSD-SA-16:26.openssl
(cherry picked from commit eaf14f8188deb08bcb1fa48ab854b3a3ab8bf939)
Ticket: #17787
(cherry picked from commit dae4b7be3e6887d93a88383daf300badecaf6b00)
Apply upstream revision 3612ff6fcec0e3d1f2a598135fe12177c0419582:
Fix overflow check in BN_bn2dec()
Fix an off by one error in the overflow check added by 07bed46
("Check for errors in BN_bn2dec()").
This fixes a regression introduced in SA-16:26.openssl.
Submitted by: jkim
PR: 212921
Approved by: so
(cherry picked from commit 732e3790c641745d1af66fb12949ce9727cc2923)
Ticket: #17787
(cherry picked from commit 169b4e8b12df747c5ae6431eec246173f687c9a6)
Apply upstream revision 3612ff6fcec0e3d1f2a598135fe12177c0419582:
Fix overflow check in BN_bn2dec()
Fix an off by one error in the overflow check added by 07bed46
("Check for errors in BN_bn2dec()").
This fixes a regression introduced in SA-16:26.openssl.
Submitted by: jkim
PR: 212921
Approved by: so
(cherry picked from commit 732e3790c641745d1af66fb12949ce9727cc2923)
Ticket: #17787
(cherry picked from commit 169b4e8b12df747c5ae6431eec246173f687c9a6)
History
#1
Updated by Heather Ownby over 4 years ago
- Assignee set to Kris Moore
#2
Updated by Dave F over 4 years ago
- Subject changed from OpenSSL Memory corruption in the ASN.1 encoder (CVE-2016-2108) to OpenSSL Fix Use After Free for large message sizes (CVE-2016-6309)
Whoops! Wrong CVE, here's the correct one: https://www.openssl.org/news/secadv/20160926.txt
#3
Updated by Josh Paetzel over 4 years ago
- Status changed from Unscreened to Fix In Progress
- Assignee changed from Kris Moore to Josh Paetzel
- Priority changed from No priority to Important
- Target version set to 9.10.1-U2
#4
Updated by Josh Paetzel over 4 years ago
- Status changed from Fix In Progress to Needs Developer Review
os FIX-17787
#5
Updated by Josh Paetzel over 4 years ago
- Priority changed from Important to Expected
#6
Updated by Vaibhav Chauhan over 4 years ago
- Assignee changed from Josh Paetzel to Sean Fagan
can you please review the changes ?
#7
Updated by Vaibhav Chauhan over 4 years ago
- Status changed from Needs Developer Review to Reviewed
Reviewed by sasha.
#8
Updated by Vaibhav Chauhan over 4 years ago
- Status changed from Reviewed to Ready For Release
#9
Updated by Vaibhav Chauhan over 4 years ago
- Status changed from Ready For Release to Resolved