Original post: https://www.freebsd.org/security/advisories/FreeBSD-SA-15:06.openssl.asc
-----BEGIN PGP SIGNED MESSAGE-----
FreeBSD-SA-15:06.openssl Security Advisory
The FreeBSD Project
Topic: Multiple OpenSSL vulnerabilities
Announced: 2015-03-19; Last revised on 2015-03-20.
Affects: All supported versions of FreeBSD.
Corrected: 2015-03-20 07:11:20 UTC (stable/10, 10.1-STABLE)
2015-03-20 07:12:02 UTC (releng/10.1, 10.1-RELEASE-p8)
2015-03-20 07:11:20 UTC (stable/9, 9.3-STABLE)
2015-03-20 07:12:02 UTC (releng/9.3, 9.3-RELEASE-p12)
2015-03-20 07:11:20 UTC (stable/8, 8.4-STABLE)
2015-03-20 07:12:02 UTC (releng/8.4, 8.4-RELEASE-p26)
CVE Name: CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288,
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:https://security.FreeBSD.org/>.
0. Revision history
v1.0 2015-03-19 Initial release.
v1.1 2015-03-20 Reverted a portion of change that should not belong to the
advisory and did not end up in the final OpenSSL release.
The patch is also revised to include fixes for
CVE-2015-0209 and CVE-2015-0288.
FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is
a collaborative effort to develop a robust, commercial-grade, full-featured
Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols as well as a full-strength
general purpose cryptography library.
Abstract Syntax Notation One (ASN.1) is a standard and notation that
describes rules and structures for representing, encoding, transmitting,
and decoding data in telecommunications and computer networking, which
enables representation of objects that are independent of machine-specific
II. Problem Description