Hacker News new | past | comments | ask | show | jobs | submit login

What's the status of this bug for LibreSSL? (LibreSSL is used in OS X 10.11+)



    OpenSSL announced several issues today that also affect LibreSSL.

    - Memory corruption in the ASN.1 encoder (CVE-2016-2108)
    - Padding oracle in AES-NI CBC MAC check (CVE-2016-2107)
    - EVP_EncodeUpdate overflow (CVE-2016-2105)
    - EVP_EncryptUpdate overflow (CVE-2016-2106)
    - ASN.1 BIO excessive memory allocation (CVE-2016-2109)

    Thanks to OpenSSL for providing information and patches.
http://marc.info/?l=openbsd-announce&m=146228598930416&w=2

https://twitter.com/bob_beck/status/727478594591543296


Saw a tweet from one of the OpenBSD folks saying LibreSSL was also affected by these issues and fixes would be available today. Sorry, not on my laptop at the moment so I can't post a link.

ETA: Source code [0] and binary [1] patches (via M-Tier) are available for OpenBSD.

[0]: https://marc.info/?l=openbsd-tech&m=146228598730414&w=2

[1]: https://stable.mtier.org/




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: