diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2012-04-19 11:36:09 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2012-04-19 11:36:09 +0000 |
commit | 556e27b14f652fa39daa1148035e22b62525df15 (patch) | |
tree | 48b7d7f9173deef46edd5d1d53e62ccc04e52972 /CHANGES | |
parent | af0c009d70ff28f6e90cc37da4b2987d5cbbbadb (diff) |
Check for potentially exploitable overflows in asn1_d2i_read_bio
BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer
in CRYPTO_realloc_clean.
Thanks to Tavis Ormandy, Google Security Team, for discovering this
issue and to Adam Langley <agl@chromium.org> for fixing it. (CVE-2012-2110)
Diffstat (limited to 'CHANGES')
-rw-r--r-- | CHANGES | 9 |
1 files changed, 8 insertions, 1 deletions
@@ -4,7 +4,14 @@ Changes between 0.9.8u and 0.9.8v [xx XXX xxxx] - *) + *) Check for potentially exploitable overflows in asn1_d2i_read_bio + BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer + in CRYPTO_realloc_clean. + + Thanks to Tavis Ormandy, Google Security Team, for discovering this + issue and to Adam Langley <agl@chromium.org> for fixing it. + (CVE-2012-2110) + [Adam Langley (Google), Tavis Ormandy, Google Security Team] Changes between 0.9.8t and 0.9.8u [12 Mar 2012] |