BSDSec

deadsimple BSD Security Advisories and Announcements

FreeBSD Security Advisory FreeBSD-SA-14:18.openssl

<br/><br/>-----BEGIN PGP SIGNED MESSAGE-----<br/>Hash: SHA512<br/><br/>=============================================================================<br/>FreeBSD-SA-14:18.openssl                                    Security<br/>Advisory<br/>                                                          The FreeBSD<br/>Project<br/><br/>Topic:          OpenSSL multiple vulnerabilities<br/><br/>Category:       contrib<br/>Module:         openssl<br/>Announced:      2014-09-09<br/>Affects:        All supported versions of FreeBSD.<br/>Corrected:      2014-08-07 21:04:42 UTC (stable/10, 10.0-STABLE)<br/>                2014-09-09 10:09:46 UTC (releng/10.0, 10.0-RELEASE-p8)<br/>                2014-08-07 21:06:34 UTC (stable/9, 9.3-STABLE)<br/>                2014-09-09 10:13:46 UTC (releng/9.3, 9.3-RELEASE-p1)<br/>                2014-09-09 10:13:46 UTC (releng/9.2, 9.2-RELEASE-p11)<br/>                2014-09-09 10:13:46 UTC (releng/9.1, 9.1-RELEASE-p18)<br/>                2014-08-07 21:06:34 UTC (stable/8, 8.4-STABLE)<br/>                2014-09-09 10:13:46 UTC (releng/8.4, 8.4-RELEASE-p15)<br/>CVE Name:       CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3510,<br/>                CVE-2014-3509, CVE-2014-3511, CVE-2014-3512, CVE-2014-5139<br/><br/>For general information regarding FreeBSD Security Advisories,<br/>including descriptions of the fields above, security branches, and the<br/>following sections, please visit <URL:http://security.FreeBSD.org/>.<br/><br/>I.   Background<br/><br/>FreeBSD includes software from the OpenSSL Project.  The OpenSSL Project is<br/>a collaborative effort to develop a robust, commercial-grade, full-featured<br/>Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)<br/>and Transport Layer Security (TLS v1) protocols as well as a full-strength<br/>general purpose cryptography library.<br/><br/>II.  Problem Description<br/><br/>The receipt of a specifically crafted DTLS handshake message may cause<br/>OpenSSL<br/>to consume large amounts of memory. [CVE-2014-3506]<br/><br/>The receipt of a specifically crafted DTLS packet could cause OpenSSL to<br/>leak<br/>memory. [CVE-2014-3507]<br/><br/>A flaw in OBJ_obj2txt may cause pretty printing functions such as<br/>X509_name_oneline, X509_name_print_ex et al. to leak some information from<br/>the stack. [CVE-2014-3508]<br/><br/>OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject to<br/>a denial of service attack. [CVE-2014-3510]<br/><br/>The following problems affect FreeBSD 10.0-RELEASE and later:<br/><br/>If a multithreaded client connects to a malicious server using a resumed<br/>session and the server sends an ec point format extension it could write<br/>up to 255 bytes to freed memory. [CVE-2014-3509]<br/><br/>A flaw in the OpenSSL SSL/TLS server code causes the server to negotiate<br/>TLS 1.0 instead of higher protocol versions when the ClientHello message<br/>is badly fragmented. [CVE-2014-3511]<br/><br/>A malicious client or server can send invalid SRP parameters and overrun<br/>an internal buffer. [CVE-2014-3512]<br/><br/>A malicious server can crash the client with a NULL pointer dereference by<br/>specifying a SRP ciphersuite even though it was not properly negotiated<br/>with the client. [CVE-2014-5139]<br/><br/>III. Impact<br/><br/>A remote attacker may be able to cause a denial of service (application<br/>crash, large memory consumption), obtain additional information,<br/>cause protocol downgrade.  Additionally, a remote attacker may be able<br/>to run arbitrary code on a vulnerable system if the application has been<br/>set up for SRP.<br/><br/>IV.  Workaround<br/><br/>No workaround is available.<br/><br/>V.   Solution<br/><br/>Perform one of the following:<br/><br/>1) Upgrade your vulnerable system to a supported FreeBSD stable or<br/>release / security branch (releng) dated after the correction date.<br/><br/>2) To update your vulnerable system via a source code patch:<br/><br/>The following patches have been verified to apply to the applicable<br/>FreeBSD release branches.<br/><br/>a) Download the relevant patch from the location below, and verify the<br/>detached PGP signature using your PGP utility.<br/><br/>[FreeBSD 10.0]<br/># fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-10.0.patch<br/># fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-10.0.patch.asc<br/># gpg --verify openssl-10.0.patch.asc<br/><br/>[FreeBSD 9.3]<br/># fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-9.3.patch<br/># fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-9.3.patch.asc<br/># gpg --verify openssl-9.3.patch.asc<br/><br/>[FreeBSD 9.2, 9.1, 8.4]<br/># fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-9.patch<br/># fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-9.patch.asc<br/># gpg --verify openssl-9.patch.asc<br/><br/>b) Apply the patch.  Execute the following commands as root:<br/><br/># cd /usr/src<br/># patch < /path/to/patch<br/><br/>c) Recompile the operating system using buildworld and installworld as<br/>described in <URL:http://www.FreeBSD.org/handbook/makeworld.html>.<br/><br/>Restart all deamons using the library, or reboot the system.<br/><br/>3) To update your vulnerable system via a binary patch:<br/><br/>Systems running a RELEASE version of FreeBSD on the i386 or amd64<br/>platforms can be updated via the freebsd-update(8) utility:<br/><br/># freebsd-update fetch<br/># freebsd-update install<br/><br/>VI.  Correction details<br/><br/>The following list contains the correction revision numbers for each<br/>affected branch.<br/><br/>Branch/path                                                      Revision<br/>- -------------------------------------------------------------------------<br/>stable/8/                                                         r269687<br/>releng/8.4/                                                       r271305<br/>stable/9/                                                         r269687<br/>releng/9.1/                                                       r271305<br/>releng/9.2/                                                       r271305<br/>releng/9.3/                                                       r271305<br/>stable/10/                                                        r269686<br/>releng/10.0/                                                      r271304<br/>- -------------------------------------------------------------------------<br/><br/>To see which files were modified by a particular revision, run the<br/>following command, replacing NNNNNN with the revision number, on a<br/>machine with Subversion installed:<br/><br/># svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base<br/><br/>Or visit the following URL, replacing NNNNNN with the revision number:<br/><br/><URL:http://svnweb.freebsd.org/base?view=revision&revision=NNNNNN><br/><br/>VII. References<br/><br/><URL:https://www.openssl.org/news/secadv_20140806.txt><br/><br/><URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3506><br/><br/><URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3507><br/><br/><URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3508><br/><br/><URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3509><br/><br/><URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3510><br/><br/><URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3511><br/><br/><URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3512><br/><br/><URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5139><br/><br/>The latest revision of this advisory is available at<br/><URL:http://security.FreeBSD.org/advisories/FreeBSD-SA-14:18.openssl.asc><br/>-----BEGIN PGP SIGNATURE-----<br/><br/>iQIcBAEBCgAGBQJUDtUBAAoJEO1n7NZdz2rnOUoP/jNoEEPVt1RoVPQoOQc6vno5<br/>2HXcCDsu0ql3kCNIIZ7E6TddfduzV04EMzBrIgulg7eXft+Lnx6HlEgJOo7QLImc<br/>aWLWxjcbyby6wrbYOc+FLK11yx9/uZJF0VCdSeyzhy0EFD3tOZPsDMXKZmG7FRkg<br/>6A7ENJU25Mx8V1myzHw/VfDwAHCtXHliFVVE0CUku55pYnlhMeetu/wuB6KYbmgV<br/>1WUamiHEGl4Dh4Up7nGHYYm32kqZLaE+cf1Ovc2VGT98ZyXmCgDB4+8kkA/HZxxp<br/>DRgQlojeQhahee5MmzD+wMJXlq6dekoo+JVf22+Nb+oNmlKT6/UxtUhCwW11MLUV<br/>rnOMr3u1JCNvBc+3KroSmtFeEtqh7jx3Ag4w8lS5mJO+wX1/lilbsFxSS/9G65fy<br/>LqHUQSxkuDJ1bNzPfKreBPyUmQlG5t/3DonIDCF9r3sefDN+kxqe1+RwjdNRM0ov<br/>V7OH/AW1NBQtV/F/h0tKCcskvcJo9Q+inAohheLPnWkFj7F2tLNt5TAxsGy7WvFZ<br/>MuQSAXpZkdh7OkhAhBM3Xk+EOv7Qk7zZL5HJ1Lpm6kfJ8wSb4etoUV7oELaDMBz8<br/>+9r+Vr9GtjSsec2a4tjNIixZKV9bzEhgKP5gsWD/JewhAzF+0bYNa9snOWxzpAYb<br/>j+eW9IT7pEAJK9DtIsDd<br/>=f4To<br/>-----END PGP SIGNATURE-----<br/>_______________________________________________<br/>freebsd-announce@freebsd.org mailing list<br/>http://lists.freebsd.org/mailman/listinfo/freebsd-announce<br/>To unsubscribe, send any mail to \"freebsd-announce-unsubscribe@freebsd.org\"<br/><br/>--20cf303ea8b095f12d0502a07ed9<br/>Content-Type: text/html; charset=UTF-8<br/>Content-Transfer-Encoding: quoted-printable<br/><br/><div dir=3D\"ltr\">-----BEGIN PGP SIGNED MESSAGE-----<br><div class=3D\"gmail_=<br/>quote\"><br/>Hash: SHA512<br><br/><br><br/>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=<br/>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=<br/>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=<br/>=3D=3D<br><br/>FreeBSD-SA-14:18.openssl=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =<br/>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=<br/>=A0 Security Advisory<br><br/>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=<br/>=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =<br/>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 The FreeBSD Project=<br/><br><br/><br><br/>Topic:=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 OpenSSL multiple vulnerabilities<b=<br/>r><br/><br><br/>Category:=C2=A0 =C2=A0 =C2=A0 =C2=A0contrib<br><br/>Module:=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0openssl<br><br/>Announced:=C2=A0 =C2=A0 =C2=A0 2014-09-09<br><br/>Affects:=C2=A0 =C2=A0 =C2=A0 =C2=A0 All supported versions of FreeBSD.<br><br/>Corrected:=C2=A0 =C2=A0 =C2=A0 2014-08-07 21:04:42 UTC (stable/10, 10.0-STA=<br/>BLE)<br><br/>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 2014-09-09 10:09:46=<br/> UTC (releng/10.0, 10.0-RELEASE-p8)<br><br/>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 2014-08-07 21:06:34=<br/> UTC (stable/9, 9.3-STABLE)<br><br/>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 2014-09-09 10:13:46=<br/> UTC (releng/9.3, 9.3-RELEASE-p1)<br><br/>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 2014-09-09 10:13:46=<br/> UTC (releng/9.2, 9.2-RELEASE-p11)<br><br/>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 2014-09-09 10:13:46=<br/> UTC (releng/9.1, 9.1-RELEASE-p18)<br><br/>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 2014-08-07 21:06:34=<br/> UTC (stable/8, 8.4-STABLE)<br><br/>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 2014-09-09 10:13:46=<br/> UTC (releng/8.4, 8.4-RELEASE-p15)<br><br/>CVE Name:=C2=A0 =C2=A0 =C2=A0 =C2=A0CVE-2014-3506, CVE-2014-3507, CVE-2014-=<br/>3508, CVE-2014-3510,<br><br/>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 CVE-2014-3509, CVE-=<br/>2014-3511, CVE-2014-3512, CVE-2014-5139<br><br/><br><br/>For general information regarding FreeBSD Security Advisories,<br><br/>including descriptions of the fields above, security branches, and the<br><br/>following sections, please visit &lt;URL:<a href=3D\"http://security.FreeBSD=<br/>.org/\" target=3D\"_blank\">http://security.FreeBSD.org/</a>&gt;.<br><br/><br><br/>I.=C2=A0 =C2=A0Background<br><br/><br><br/>FreeBSD includes software from the OpenSSL Project.=C2=A0 The OpenSSL Proje=<br/>ct is<br><br/>a collaborative effort to develop a robust, commercial-grade, full-featured=<br/><br><br/>Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)<br><br/>and Transport Layer Security (TLS v1) protocols as well as a full-strength<=<br/>br><br/>general purpose cryptography library.<br><br/><br><br/>II.=C2=A0 Problem Description<br><br/><br><br/>The receipt of a specifically crafted DTLS handshake message may cause Open=<br/>SSL<br><br/>to consume large amounts of memory. [CVE-2014-3506]<br><br/><br><br/>The receipt of a specifically crafted DTLS packet could cause OpenSSL to le=<br/>ak<br><br/>memory. [CVE-2014-3507]<br><br/><br><br/>A flaw in OBJ_obj2txt may cause pretty printing functions such as<br><br/>X509_name_oneline, X509_name_print_ex et al. to leak some information from<=<br/>br><br/>the stack. [CVE-2014-3508]<br><br/><br><br/>OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject to<=<br/>br><br/>a denial of service attack. [CVE-2014-3510]<br><br/><br><br/>The following problems affect FreeBSD 10.0-RELEASE and later:<br><br/><br><br/>If a multithreaded client connects to a malicious server using a resumed<br=<br/>><br/>session and the server sends an ec point format extension it could write<br=<br/>><br/>up to 255 bytes to freed memory. [CVE-2014-3509]<br><br/><br><br/>A flaw in the OpenSSL SSL/TLS server code causes the server to negotiate<br=<br/>><br/>TLS 1.0 instead of higher protocol versions when the ClientHello message<br=<br/>><br/>is badly fragmented. [CVE-2014-3511]<br><br/><br><br/>A malicious client or server can send invalid SRP parameters and overrun<br=<br/>><br/>an internal buffer. [CVE-2014-3512]<br><br/><br><br/>A malicious server can crash the client with a NULL pointer dereference by<=<br/>br><br/>specifying a SRP ciphersuite even though it was not properly negotiated<br><br/>with the client. [CVE-2014-5139]<br><br/><br><br/>III. Impact<br><br/><br><br/>A remote attacker may be able to cause a denial of service (application<br><br/>crash, large memory consumption), obtain additional information,<br><br/>cause protocol downgrade.=C2=A0 Additionally, a remote attacker may be able=<br/><br><br/>to run arbitrary code on a vulnerable system if the application has been<br=<br/>><br/>set up for SRP.<br><br/><br><br/>IV.=C2=A0 Workaround<br><br/><br><br/>No workaround is available.<br><br/><br><br/>V.=C2=A0 =C2=A0Solution<br><br/><br><br/>Perform one of the following:<br><br/><br><br/>1) Upgrade your vulnerable system to a supported FreeBSD stable or<br><br/>release / security branch (releng) dated after the correction date.<br><br/><br><br/>2) To update your vulnerable system via a source code patch:<br><br/><br><br/>The following patches have been verified to apply to the applicable<br><br/>FreeBSD release branches.<br><br/><br><br/>a) Download the relevant patch from the location below, and verify the<br><br/>detached PGP signature using your PGP utility.<br><br/><br><br/>[FreeBSD 10.0]<br><br/># fetch <a href=3D\"http://security.FreeBSD.org/patches/SA-14:18/openssl-10.=<br/>0.patch\" target=3D\"_blank\">http://security.FreeBSD.org/patches/SA-14:18/ope=<br/>nssl-10.0.patch</a><br><br/># fetch <a href=3D\"http://security.FreeBSD.org/patches/SA-14:18/openssl-10.=<br/>0.patch.asc\" target=3D\"_blank\">http://security.FreeBSD.org/patches/SA-14:18=<br/>/openssl-10.0.patch.asc</a><br><br/># gpg --verify openssl-10.0.patch.asc<br><br/><br><br/>[FreeBSD 9.3]<br><br/># fetch <a href=3D\"http://security.FreeBSD.org/patches/SA-14:18/openssl-9.3=<br/>.patch\" target=3D\"_blank\">http://security.FreeBSD.org/patches/SA-14:18/open=<br/>ssl-9.3.patch</a><br><br/># fetch <a href=3D\"http://security.FreeBSD.org/patches/SA-14:18/openssl-9.3=<br/>.patch.asc\" target=3D\"_blank\">http://security.FreeBSD.org/patches/SA-14:18/=<br/>openssl-9.3.patch.asc</a><br><br/># gpg --verify openssl-9.3.patch.asc<br><br/><br><br/>[FreeBSD 9.2, 9.1, 8.4]<br><br/># fetch <a href=3D\"http://security.FreeBSD.org/patches/SA-14:18/openssl-9.p=<br/>atch\" target=3D\"_blank\">http://security.FreeBSD.org/patches/SA-14:18/openss=<br/>l-9.patch</a><br><br/># fetch <a href=3D\"http://security.FreeBSD.org/patches/SA-14:18/openssl-9.p=<br/>atch.asc\" target=3D\"_blank\">http://security.FreeBSD.org/patches/SA-14:18/op=<br/>enssl-9.patch.asc</a><br><br/># gpg --verify openssl-9.patch.asc<br><br/><br><br/>b) Apply the patch.=C2=A0 Execute the following commands as root:<br><br/><br><br/># cd /usr/src<br><br/># patch &lt; /path/to/patch<br><br/><br><br/>c) Recompile the operating system using buildworld and installworld as<br><br/>described in &lt;URL:<a href=3D\"http://www.FreeBSD.org/handbook/makeworld.h=<br/>tml\" target=3D\"_blank\">http://www.FreeBSD.org/handbook/makeworld.html</a>&g=<br/>t;.<br><br/><br><br/>Restart all deamons using the library, or reboot the system.<br><br/><br><br/>3) To update your vulnerable system via a binary patch:<br><br/><br><br/>Systems running a RELEASE version of FreeBSD on the i386 or amd64<br><br/>platforms can be updated via the freebsd-update(8) utility:<br><br/><br><br/># freebsd-update fetch<br><br/># freebsd-update install<br><br/><br><br/>VI.=C2=A0 Correction details<br><br/><br><br/>The following list contains the correction revision numbers for each<br><br/>affected branch.<br><br/><br><br/>Branch/path=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =<br/>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=<br/>=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 Revision<br><br/>- -------------------------------------------------------------------------=<br/><br><br/>stable/8/=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=<br/>=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =<br/>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0r269687<br><br/>releng/8.4/=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =<br/>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=<br/>=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0r271305<br><br/>stable/9/=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=<br/>=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =<br/>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0r269687<br><br/>releng/9.1/=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =<br/>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=<br/>=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0r271305<br><br/>releng/9.2/=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =<br/>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=<br/>=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0r271305<br><br/>releng/9.3/=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =<br/>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=<br/>=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0r271305<br><br/>stable/10/=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =<br/>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=<br/>=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 r269686<br><br/>releng/10.0/=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =<br/>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=<br/>=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 r271304<br><br/>- -------------------------------------------------------------------------=<br/><br><br/><br><br/>To see which files were modified by a particular revision, run the<br><br/>following command, replacing NNNNNN with the revision number, on a<br><br/>machine with Subversion installed:<br><br/><br><br/># svn diff -cNNNNNN --summarize svn://<a href=3D\"http://svn.freebsd.org/bas=<br/>e\" target=3D\"_blank\">svn.freebsd.org/base</a><br><br/><br><br/>Or visit the following URL, replacing NNNNNN with the revision number:<br><br/><br><br/>&lt;URL:<a href=3D\"http://svnweb.freebsd.org/base?view=3Drevision&amp;revis=<br/>ion=3DNNNNNN\" target=3D\"_blank\">http://svnweb.freebsd.org/base?view=3Drevis=<br/>ion&amp;revision=3DNNNNNN</a>&gt;<br><br/><br><br/>VII. References<br><br/><br><br/>&lt;URL:<a href=3D\"https://www.openssl.org/news/secadv_20140806.txt\" target=<br/>=3D\"_blank\">https://www.openssl.org/news/secadv_20140806.txt</a>&gt;<br><br/><br><br/>&lt;URL:<a href=3D\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2014=<br/>-3506\" target=3D\"_blank\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCV=<br/>E-2014-3506</a>&gt;<br><br/><br><br/>&lt;URL:<a href=3D\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2014=<br/>-3507\" target=3D\"_blank\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCV=<br/>E-2014-3507</a>&gt;<br><br/><br><br/>&lt;URL:<a href=3D\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2014=<br/>-3508\" target=3D\"_blank\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCV=<br/>E-2014-3508</a>&gt;<br><br/><br><br/>&lt;URL:<a href=3D\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2014=<br/>-3509\" target=3D\"_blank\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCV=<br/>E-2014-3509</a>&gt;<br><br/><br><br/>&lt;URL:<a href=3D\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2014=<br/>-3510\" target=3D\"_blank\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCV=<br/>E-2014-3510</a>&gt;<br><br/><br><br/>&lt;URL:<a href=3D\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2014=<br/>-3511\" target=3D\"_blank\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCV=<br/>E-2014-3511</a>&gt;<br><br/><br><br/>&lt;URL:<a href=3D\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2014=<br/>-3512\" target=3D\"_blank\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCV=<br/>E-2014-3512</a>&gt;<br><br/><br><br/>&lt;URL:<a href=3D\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2014=<br/>-5139\" target=3D\"_blank\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCV=<br/>E-2014-5139</a>&gt;<br><br/><br><br/>