wolfssl -- leakage of private key information 3.6.8

Florian Weimer of Redhat discovered that an optimization in RSA signature validation can result in disclosure of the server's private key under certain fault conditions.

 https://www.wolfssl.com/wolfSSL/Blog/Entries/2015/9/17_Two_Vulnerabilities_Recently_Found%2C_An_Attack_on_RSA_using_CRT_and_DoS_Vulnerability_With_DTLS.html https://securityblog.redhat.com/2015/09/02/factoring-rsa-keys-with-tls-perfect-forward-secrecy/ CVE-2015-7744 2015-09-17 2016-01-05 wolfssl -- DDoS amplification in DTLS wolfssl 3.6.8

Sebastian Ramacher identified an error in wolfSSL's implementation of the server side of the DTLS handshake, which could be abused for DDoS amplification or a DoS on the DTLS server itself.

 https://www.wolfssl.com/wolfSSL/Blog/Entries/2015/9/17_Two_Vulnerabilities_Recently_Found%2C_An_Attack_on_RSA_using_CRT_and_DoS_Vulnerability_With_DTLS.html https://github.com/IAIK/wolfSSL-DoS CVE-2015-6925 2015-09-18 2016-01-05