Updates CHANGES and NEWS for new release
Reviewed-by: Richard Levitte <levitte@openssl.org>
This commit is contained in:
Matt Caswell
parent
44f206aa9d
commit
3133c2d306
2 changed files with 21 additions and 0 deletions
17
CHANGES
17
CHANGES
|
|
@ -11,6 +11,23 @@
|
|||
https://www.akkadia.org/drepper/SHA-crypt.txt
|
||||
[Richard Levitte]
|
||||
|
||||
Changes between 1.1.0a and 1.1.0b [26 Sep 2016]
|
||||
|
||||
*) Fix Use After Free for large message sizes
|
||||
|
||||
The patch applied to address CVE-2016-6307 resulted in an issue where if a
|
||||
message larger than approx 16k is received then the underlying buffer to
|
||||
store the incoming message is reallocated and moved. Unfortunately a
|
||||
dangling pointer to the old location is left which results in an attempt to
|
||||
write to the previously freed location. This is likely to result in a
|
||||
crash, however it could potentially lead to execution of arbitrary code.
|
||||
|
||||
This issue only affects OpenSSL 1.1.0a.
|
||||
|
||||
This issue was reported to OpenSSL by Robert Święcki.
|
||||
(CVE-2016-6309)
|
||||
[Matt Caswell]
|
||||
|
||||
Changes between 1.1.0 and 1.1.0a [22 Sep 2016]
|
||||
|
||||
*) OCSP Status Request extension unbounded memory growth
|
||||
|
|
|
|||
4
NEWS
4
NEWS
|
|
@ -9,6 +9,10 @@
|
|||
|
||||
o
|
||||
|
||||
Major changes between OpenSSL 1.1.0a and OpenSSL 1.1.0b [26 Sep 2016]
|
||||
|
||||
o Fix Use After Free for large message sizes (CVE-2016-6309)
|
||||
|
||||
Major changes between OpenSSL 1.1.0 and OpenSSL 1.1.0a [22 Sep 2016]
|
||||
|
||||
o OCSP Status Request extension unbounded memory growth (CVE-2016-6304)
|
||||
|
|
|
|||
Loading…
Reference in a new issue