diff options
author | Dirk Meyer <dinoex@FreeBSD.org> | 2010-11-17 11:09:34 +0000 |
---|---|---|
committer | Dirk Meyer <dinoex@FreeBSD.org> | 2010-11-17 11:09:34 +0000 |
commit | 95520228fbd271ff6040e943256f6dbb750b733b (patch) | |
tree | 340128bd7a01264a799a1a65e1926865a47ea27f /security/vuxml/vuln.xml | |
parent | 1ce56c6c8825a280e6d687510549bf01b531da10 (diff) | |
download | ports-95520228fbd271ff6040e943256f6dbb750b733b.tar.gz ports-95520228fbd271ff6040e943256f6dbb750b733b.zip |
Notes
Diffstat (limited to 'security/vuxml/vuln.xml')
-rw-r--r-- | security/vuxml/vuln.xml | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index c84198e0c1b1..bccfbdf3d82b 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,41 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="3042c33a-f237-11df-9d02-0018fe623f2b"> + <topic>openssl -- TLS extension parsing race condition</topic> + <affects> + <package> + <name>openssl</name> + <range><lt>1.0.0_2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>OpenSSL Team reports:</p> + <blockquote cite="http://openssl.org/news/secadv_20101116.txt"> + <p>Rob Hulswit has found a flaw in the OpenSSL TLS server extension + code parsing which on affected servers can be exploited in a buffer + overrun attack.</p> + <p>Any OpenSSL based TLS server is vulnerable if it is multi-threaded + and uses OpenSSL's internal caching mechanism. Servers that are + multi-process and/or disable internal session caching are NOT + affected.</p> + <p>In particular the Apache HTTP server (which never uses OpenSSL + internal caching) and Stunnel (which includes its own workaround) + are NOT affected.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2010-3864</cvename> + <url>http://openssl.org/news/secadv_20101116.txt</url> + </references> + <dates> + <discovery>2010-10-08</discovery> + <entry>2010-11-17</entry> + </dates> + </vuln> + <vuln vid="76b597e4-e9c6-11df-9e10-001b2134ef46"> <topic>linux-flashplugin -- multiple vulnerabilities</topic> <affects> |