diff options
author | Matt Caswell <matt@openssl.org> | 2017-01-24 16:34:40 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2017-01-26 11:01:36 +0000 |
commit | 09272c56f14bcce1ae15bd902ab395a8fc71deee (patch) | |
tree | 9fab7f37b3b583970a514fab8b1491cf7ab71b97 /CHANGES | |
parent | a59b90bf491410f1f2bc4540cc21f1980fd14c5b (diff) |
Update CHANGES and NEWS for new release
Reviewed-by: Richard Levitte <levitte@openssl.org>
Diffstat (limited to 'CHANGES')
-rw-r--r-- | CHANGES | 41 |
1 files changed, 40 insertions, 1 deletions
@@ -4,7 +4,46 @@ Changes between 1.1.0c and 1.1.0d [xx XXX xxxx] - *) + *) Truncated packet could crash via OOB read + + If one side of an SSL/TLS path is running on a 32-bit host and a specific + cipher is being used, then a truncated packet can cause that host to + perform an out-of-bounds read, usually resulting in a crash. + + This issue was reported to OpenSSL by Robert Święcki of Google. + (CVE-2017-3731) + [Andy Polyakov] + + *) Bad (EC)DHE parameters cause a client crash + + If a malicious server supplies bad parameters for a DHE or ECDHE key + exchange then this can result in the client attempting to dereference a + NULL pointer leading to a client crash. This could be exploited in a Denial + of Service attack. + + This issue was reported to OpenSSL by Guido Vranken. + (CVE-2017-3730) + [Matt Caswell] + + *) BN_mod_exp may produce incorrect results on x86_64 + + There is a carry propagating bug in the x86_64 Montgomery squaring + procedure. No EC algorithms are affected. Analysis suggests that attacks + against RSA and DSA as a result of this defect would be very difficult to + perform and are not believed likely. Attacks against DH are considered just + feasible (although very difficult) because most of the work necessary to + deduce information about a private key may be performed offline. The amount + of resources required for such an attack would be very significant and + likely only accessible to a limited number of attackers. An attacker would + additionally need online access to an unpatched system using the target + private key in a scenario with persistent DH parameters and a private + key that is shared between multiple clients. For example this can occur by + default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very + similar to CVE-2015-3193 but must be treated as a separate problem. + + This issue was reported to OpenSSL by the OSS-Fuzz project. + (CVE-2017-3732) + [Andy Polyakov] Changes between 1.1.0b and 1.1.0c [10 Nov 2016] |