FreeBSD-SA-23:03.openssl

—–BEGIN PGP SIGNED MESSAGE—– Hash: SHA512 ============================================================================= FreeBSD-SA-23:03.openssl Security Advisory The FreeBSD Project Topic: Multiple vulnerabilities in OpenSSL Category: contrib Module: openssl Announced: 2023-02-16 Credits: See referenced OpenSSL advisory. Affects: All supported versions of FreeBSD. Corrected: 2023-02-07 22:38:40 UTC (stable/13, 13.1-STABLE) 2023-02-16 17:58:13 UTC (releng/13.1, 13.1-RELEASE-p7) 2023-02-07 23:09:41 UTC (stable/12, 12.4-STABLE) 2023-02-16 18:04:12 UTC (releng/12.4, 12.4-RELEASE-p2) 2023-02-16 18:03:37 UTC (releng/12.3, 12.3-RELEASE-p12) CVE Name: CVE-2023-0286, CVE-2023-0215, CVE-2022-4450, CVE-2022-4304 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured Open Source toolkit for the Transport Layer Security (TLS) protocol. It is also a general-purpose cryptography library. II. Problem Description * X.400 address type confusion in X.509 GeneralName (CVE-2023-0286) There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the…Read More