Update CHANGES and NEWS
Updates to CHANGES and NEWS to take account of the latest security fixes. Reviewed-by: Rich Salz <rsalz@openssl.org>
This commit is contained in:
parent
7bc2aee4f1
commit
ab17f6b746
2 changed files with 71 additions and 1 deletions
66
CHANGES
66
CHANGES
|
@ -4,6 +4,72 @@
|
|||
|
||||
Changes between 1.0.2a and 1.0.2b [xx XXX xxxx]
|
||||
|
||||
*) Malformed ECParameters causes infinite loop
|
||||
|
||||
When processing an ECParameters structure OpenSSL enters an infinite loop
|
||||
if the curve specified is over a specially malformed binary polynomial
|
||||
field.
|
||||
|
||||
This can be used to perform denial of service against any
|
||||
system which processes public keys, certificate requests or
|
||||
certificates. This includes TLS clients and TLS servers with
|
||||
client authentication enabled.
|
||||
|
||||
This issue was reported to OpenSSL by Joseph Barr-Pixton.
|
||||
(CVE-2015-1788)
|
||||
[Andy Polyakov]
|
||||
|
||||
*) Exploitable out-of-bounds read in X509_cmp_time
|
||||
|
||||
X509_cmp_time does not properly check the length of the ASN1_TIME
|
||||
string and can read a few bytes out of bounds. In addition,
|
||||
X509_cmp_time accepts an arbitrary number of fractional seconds in the
|
||||
time string.
|
||||
|
||||
An attacker can use this to craft malformed certificates and CRLs of
|
||||
various sizes and potentially cause a segmentation fault, resulting in
|
||||
a DoS on applications that verify certificates or CRLs. TLS clients
|
||||
that verify CRLs are affected. TLS clients and servers with client
|
||||
authentication enabled may be affected if they use custom verification
|
||||
callbacks.
|
||||
|
||||
This issue was reported to OpenSSL by Robert Swiecki (Google), and
|
||||
independently by Hanno Böck.
|
||||
(CVE-2015-1789)
|
||||
[Emilia Käsper]
|
||||
|
||||
*) PKCS7 crash with missing EnvelopedContent
|
||||
|
||||
The PKCS#7 parsing code does not handle missing inner EncryptedContent
|
||||
correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs
|
||||
with missing content and trigger a NULL pointer dereference on parsing.
|
||||
|
||||
Applications that decrypt PKCS#7 data or otherwise parse PKCS#7
|
||||
structures from untrusted sources are affected. OpenSSL clients and
|
||||
servers are not affected.
|
||||
|
||||
This issue was reported to OpenSSL by Michal Zalewski (Google).
|
||||
(CVE-2015-1790)
|
||||
[Emilia Käsper]
|
||||
|
||||
*) CMS verify infinite loop with unknown hash function
|
||||
|
||||
When verifying a signedData message the CMS code can enter an infinite loop
|
||||
if presented with an unknown hash function OID. This can be used to perform
|
||||
denial of service against any system which verifies signedData messages using
|
||||
the CMS code.
|
||||
This issue was reported to OpenSSL by Johannes Bauer.
|
||||
(CVE-2015-1792)
|
||||
[Stephen Henson]
|
||||
|
||||
*) Race condition handling NewSessionTicket
|
||||
|
||||
If a NewSessionTicket is received by a multi-threaded client when attempting to
|
||||
reuse a previous ticket then a race condition can occur potentially leading to
|
||||
a double free of the ticket data.
|
||||
(CVE-2015-1791)
|
||||
[Matt Caswell]
|
||||
|
||||
*) Removed support for the two export grade static DH ciphersuites
|
||||
EXP-DH-RSA-DES-CBC-SHA and EXP-DH-DSS-DES-CBC-SHA. These two ciphersuites
|
||||
were newly added (along with a number of other static DH ciphersuites) to
|
||||
|
|
6
NEWS
6
NEWS
|
@ -7,7 +7,11 @@
|
|||
|
||||
Major changes between OpenSSL 1.0.2a and OpenSSL 1.0.2b [under development]
|
||||
|
||||
o
|
||||
o Malformed ECParameters causes infinite loop (CVE-2015-1788)
|
||||
o Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789)
|
||||
o PKCS7 crash with missing EnvelopedContent (CVE-2015-1790)
|
||||
o CMS verify infinite loop with unknown hash function (CVE-2015-1792)
|
||||
o Race condition handling NewSessionTicket (CVE-2015-1791)
|
||||
|
||||
Major changes between OpenSSL 1.0.2 and OpenSSL 1.0.2a [19 Mar 2015]
|
||||
|
||||
|
|
Loading…
Reference in a new issue