HomeFreeBSD

Update to OpenSSL 3.0.14

Description

Update to OpenSSL 3.0.14

This release resolves 3 upstream found CVEs:

  • Fixed potential use after free after SSL_free_buffers() is called (CVE-2024-4741)
  • Fixed an issue where checking excessively long DSA keys or parameters may be very slow (CVE-2024-4603)
  • Fixed unbounded memory growth with session handling in TLSv1.3 (CVE-2024-2511)

MFC after: 3 days
Merge commit '1070e7dca8223387baf5155524b28f62bfe7da3c'

Details

Provenance
ngieAuthored on Jun 26 2024, 11:50 PM
Parents
rG8c5c57212566: LinuxKPI: Add DEFINE_DEBUGFS_ATTRIBUTE_SIGNED to linux/debugfs.h
rG1070e7dca822: Import OpenSSL 3.0.14
Branches
Unknown
Tags
Unknown