diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2013-02-04 20:34:26 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2013-02-04 20:37:46 +0000 |
commit | f1ca56a69f0d1fea7de8e2d141e327e6b4319d32 (patch) | |
tree | 11234d30b1be78b97e92926576535faaf6d1f59a /CHANGES | |
parent | 529d27ea472fc2c7ba9190a15a58cb84012d4ec6 (diff) |
Add CHANGES entries.
Diffstat (limited to 'CHANGES')
-rw-r--r-- | CHANGES | 21 |
1 files changed, 21 insertions, 0 deletions
@@ -4,6 +4,27 @@ Changes between 1.0.1c and 1.0.1d [xx XXX xxxx] + *) Makes the decoding of SSLv3, TLS and DTLS CBC records constant time. + + This addresses the flaw in CBC record processing discovered by + Nadhem Alfardan and Kenny Paterson. Details of this attack can be found + at: http://www.isg.rhul.ac.uk/tls/ + + Thanks go to Nadhem Alfardan and Kenny Paterson of the Information + Security Group at Royal Holloway, University of London + (www.isg.rhul.ac.uk) for discovering this flaw and Adam Langley and + Emilia Käsper for the initial patch. + (CVE-2013-0169) + [Emilia Käsper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson] + + *) Fix flaw in AESNI handling of TLS 1.2 and 1.1 records for CBC mode + ciphersuites which can be exploited in a denial of service attack. + Thankd go to and to Adam Langley <agl@chromium.org> for discovering + and detecting this bug and to Wolfgang Ettlinger + <wolfgang.ettlinger@gmail.com> for independently discovering this issue. + (CVE-2012-2686) + [Adam Langley] + *) Return an error when checking OCSP signatures when key is NULL. This fixes a DoS attack. (CVE-2013-0166) [Steve Henson] |