diff options
-rw-r--r-- | UPDATING | 4 | ||||
-rw-r--r-- | crypto/openssl/crypto/evp/e_rc4_hmac_md5.c | 2 | ||||
-rw-r--r-- | sys/conf/newvers.sh | 2 |
3 files changed, 7 insertions, 1 deletions
@@ -16,6 +16,10 @@ from older versions of FreeBSD, try WITHOUT_CLANG to bootstrap to the tip of stable/10, and then rebuild without this option. The bootstrap process from older version of current is a bit fragile. +20170223 p17 FreeBSD-SA-17:02.openssl + + Fix OpenSSL RC4_MD5 cipher vulnerability. + 20170111 p16 FreeBSD-SA-17:01.openssh Fix multiple vulnerabilities of OpenSSH. diff --git a/crypto/openssl/crypto/evp/e_rc4_hmac_md5.c b/crypto/openssl/crypto/evp/e_rc4_hmac_md5.c index 2da1117..ca53913 100644 --- a/crypto/openssl/crypto/evp/e_rc4_hmac_md5.c +++ b/crypto/openssl/crypto/evp/e_rc4_hmac_md5.c @@ -267,6 +267,8 @@ static int rc4_hmac_md5_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, len = p[arg - 2] << 8 | p[arg - 1]; if (!ctx->encrypt) { + if (len < MD5_DIGEST_LENGTH) + return -1; len -= MD5_DIGEST_LENGTH; p[arg - 2] = len >> 8; p[arg - 1] = len; diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh index 581ada0..0cf9277 100644 --- a/sys/conf/newvers.sh +++ b/sys/conf/newvers.sh @@ -32,7 +32,7 @@ TYPE="FreeBSD" REVISION="10.3" -BRANCH="RELEASE-p16" +BRANCH="RELEASE-p17" if [ "X${BRANCH_OVERRIDE}" != "X" ]; then BRANCH=${BRANCH_OVERRIDE} fi |