freebsd security - Oct 2007 - [simon@FreeBSD.org: cvs commit: src/crypto/openssl/ssl d1_both.c dtls1.h ssl.h ssl_err.c]

Hey,

RELENG_7 isn't -STABLE yet, so the issue mention in the commit mail
beolow will not get a Security Advisory.  This only affects
applications using DTLS, and I doubt there are many of those, but
users should still upgrade to get this fix, just in case.

See the OpenSSL advisory for some more details:
http://www.openssl.org/news/secadv_20071012.txt

If anybody were wondering, and hadn't checked the OpenSSL advisory:
older versions of FreeBSD aren't affected as they have OpenSSL 0.9.7
which isn't affected (it doesn't have DTLS support).

----- Forwarded message from "Simon L. Nielsen"
<simon@FreeBSD.org> -----

From: "Simon L. Nielsen" <simon@FreeBSD.org>
Date: Thu, 18 Oct 2007 22:20:04 +0000 (UTC)
To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org
Subject: cvs commit: src/crypto/openssl/ssl d1_both.c dtls1.h ssl.h
	ssl_err.c

simon       2007-10-18 22:20:04 UTC

  FreeBSD src repository

  Modified files:        (Branch: RELENG_7)
    crypto/openssl/ssl   d1_both.c dtls1.h ssl.h ssl_err.c 
  Log:
  MFC: Import DTLS security fix from upstream OpenSSL_0_9_8-stable branch.
  
  Security:       CVE-2007-4995
  Security:       http://www.openssl.org/news/secadv_20071012.txt
  Approved by:    re (kensmith)
  
  Revision      Changes    Path
  1.1.1.1.2.1   +533 -605  src/crypto/openssl/ssl/d1_both.c
  1.1.1.1.2.1   +3 -4      src/crypto/openssl/ssl/dtls1.h
  1.1.1.16.2.1  +1 -0      src/crypto/openssl/ssl/ssl.h
  1.1.1.11.2.1  +1 -0      src/crypto/openssl/ssl/ssl_err.c


----- End forwarded message -----

-- 
Simon L. Nielsen
FreeBSD Deputy Security Officer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url :
http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20071018/16c77582/attachment.pgp

Simon L. Nielsen wrote:
 > RELENG_7 isn't -STABLE yet

Uhm, are you sure?  In the past, whenever a new RELENG
branch was created, it was implicitly the next -stable
branch, because -current moved on to the next version
number.  Did that policy change?

If it did change, I'm curious to know what the version
7 branch is called right now (6 being -stable and 8
being -current)?  I assume we do not have two -current
branches at the same time, do we?

Best regards
   Oliver

PS:  I do agree that the DTLS security fix doesn't need
a FreeBSD Security Advisory, for the reason that it
doesn't seem to affect any _released_ FreeBSD version.

-- 
Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M.
Handelsregister: Registergericht Muenchen, HRA 74606,  Gesch?ftsfuehrung:
secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht M?n-
chen, HRB 125758,  Gesch?ftsf?hrer: Maik Bachmann, Olaf Erb, Ralf Gebhart

FreeBSD-Dienstleistungen, -Produkte und mehr:  http://www.secnetix.de/bsd

"With sufficient thrust, pigs fly just fine.  However, this
is not necessarily a good idea.  It is hard to be sure where
they are going to land, and it could be dangerous sitting
under them as they fly overhead." -- RFC 1925