[SA-0003] [SS-2403] OpenSSL vulnerability in FreeBSD 10.3-RELEASE-p17, and 11.0-STABLE
Phillip Ma
started a topic
over 6 years ago
Dear valued Sippy Customer,
A security vulnerability was reported through the FreeBSD Project. If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. Additional details for this security vulnerability can be found here:
The updated patched versions have been tested with Sippy Softswitch and approved for deployment since March 23rd, 2017.
Phillip Ma
Dear valued Sippy Customer,
A security vulnerability was reported through the FreeBSD Project. If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. Additional details for this security vulnerability can be found here:
The updated patched versions have been tested with Sippy Softswitch and approved for deployment since March 23rd, 2017.
Sincerely
Phillip Ma
Product Manager
Sippy Software