|
Message-Id: <20160819134816.658D36C568E@smtpvmsrv1.mitre.org> Date: Fri, 19 Aug 2016 09:48:16 -0400 (EDT) From: cve-assign@...re.org To: oss-security@...ts.openwall.com Cc: cve-assign@...re.org Subject: Re: CVE request: MatrixSSL lack of RSA-CRT hardening -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 >> Date: Wed, 29 Jun 2016 09:08:49 +0200 > https://github.com/matrixssl/matrixssl/blob/master/CHANGES.md >> Version 3.8.3 April 2016 >> >> BUG FIXES > ##Side Channel Vulnerability on RSA Cipher Suites > A Bleichenbacher variant attack, where certain information is leaked > from the results of a RSA private key operation has been reported by a > security researcher. The code has been updated to error without > providing any information on the premaster contents. Use CVE-2016-6883. > ##Access Violation on Malicious TLS Record > TLS cipher suites with CBC mode in TLS 1.1 and 1.2 could have an access > violation (read beyond memory) with a maliciously crafted message. Use CVE-2016-6884. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJXtwzzAAoJEHb/MwWLVhi2xmgP/iD9XBpR+o52Gs61DvmXISo6 dD2oDK7BZLV4VDNgQxYVE+s1cr4vjInh6F5AFp0DfV/ThhplpblJzyMC9V/8R5x7 ifZmpJACnrBvsoObFy2gu/4AxNgN6CBT+x5HBehZLsp/v+IPEQoo+QSagRtpnqye XHg6epkDcGJELzyfr+QLKU7bXEZJ5NLCoMMudFqE9iPOOPVluybsk/r5jLCwzp5y R82f/C040qjIZtkrwvKukoWFR6cpuhNYTqxYPNK5HIk1XDsXik1DmXfUnklV5u8h /yzd1QHQiS1ajFQz49qlYpWK7qz6JNwjnX07Oqg4MUT1rVTB0GpZwIPllcgcLMfU f6wtY2KfarJLpI/+XuwPSCqAO1yblyHr21Z0EEOa/QwpOnXQEDbv4wPKNBU+QjDj /F88xB7HE5DFsWi/TDqTG3H0RKqauVPBiExwimNwvsG1c3v7iCBOmvCK2h5OWBOq SVUBXhoce+4/QSorL1Q3qsxRWdtjUV0MYmts/r/sJj8aR6pBe2vDEtg79aimaxSd cQS7Lgnul2zMb1cGm/AzoS5YSjwn16V9iOMbKCHy9jXh/qc+Rp5ZtdsM9ZkgO/Gb NcqjLyLM72SgdX2ewCbFgP7g7YfwWKyz3tUjKi/hQjr5bM/uUoZInQKuEF/B+vB7 HShanqXyyZFlrLWiy6+R =jgkP -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.