Sunday, September 10, 2006

OpenBSD 3.9 Errata 011

OpenBSDThe OpenBSD team has released another patch for OpenBSD 3.9:

Due to incorrect PKCS#1 v1.5 padding validation in OpenSSL, it is possible for an attacker to construct an invalid signature which OpenSSL would accept as a valid PKCS#1 v1.5 signature. CVE-2006-4339

As always, I've created a binpatch.