diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2012-04-19 12:13:59 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2012-04-19 12:13:59 +0000 |
commit | 8d5505d099973a06781b7e0e5b65861859a7d994 (patch) | |
tree | 58ae378a68521b231c4195d734f5cefe49785da5 /CHANGES | |
parent | d36e0ee460f41d6b64015455c4f5414a319865c3 (diff) |
Check for potentially exploitable overflows in asn1_d2i_read_bio
BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer
in CRYPTO_realloc_clean.
Thanks to Tavis Ormandy, Google Security Team, for discovering this
issue and to Adam Langley <agl@chromium.org> for fixing it. (CVE-2012-2110)
Diffstat (limited to 'CHANGES')
-rw-r--r-- | CHANGES | 9 |
1 files changed, 9 insertions, 0 deletions
@@ -4,6 +4,15 @@ Changes between 1.0.1 and 1.0.1a [xx XXX xxxx] + *) Check for potentially exploitable overflows in asn1_d2i_read_bio + BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer + in CRYPTO_realloc_clean. + + Thanks to Tavis Ormandy, Google Security Team, for discovering this + issue and to Adam Langley <agl@chromium.org> for fixing it. + (CVE-2012-2110) + [Adam Langley (Google), Tavis Ormandy, Google Security Team] + *) Don't allow TLS 1.2 SHA-256 ciphersuites in TLS 1.0, 1.1 connections. [Adam Langley] |