diff options
author | Matt Caswell <matt@openssl.org> | 2017-01-24 16:44:30 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2017-01-26 11:00:28 +0000 |
commit | 536454e53bd8ae6a9025e47a7706fa42d9dbfc2f (patch) | |
tree | 9ed06b0860eec5eac2a0cc82d29682c2791b5dc6 /CHANGES | |
parent | 3f4bcf5bb664b47ed369a70b99fac4e0ad141bb3 (diff) |
Update CHANGES and NEWS for new release
Reviewed-by: Richard Levitte <levitte@openssl.org>
Diffstat (limited to 'CHANGES')
-rw-r--r-- | CHANGES | 45 |
1 files changed, 44 insertions, 1 deletions
@@ -21,7 +21,50 @@ *) Support for SSL_OP_NO_ENCRYPT_THEN_MAC in SSL_CONF_cmd. [Emilia Käsper] - Changes between 1.1.0b and 1.1.0c [xx XXX xxxx] + Changes between 1.1.0c and 1.1.0d [26 Jan 2017] + + *) Truncated packet could crash via OOB read + + If one side of an SSL/TLS path is running on a 32-bit host and a specific + cipher is being used, then a truncated packet can cause that host to + perform an out-of-bounds read, usually resulting in a crash. + + This issue was reported to OpenSSL by Robert Święcki of Google. + (CVE-2017-3731) + [Andy Polyakov] + + *) Bad (EC)DHE parameters cause a client crash + + If a malicious server supplies bad parameters for a DHE or ECDHE key + exchange then this can result in the client attempting to dereference a + NULL pointer leading to a client crash. This could be exploited in a Denial + of Service attack. + + This issue was reported to OpenSSL by Guido Vranken. + (CVE-2017-3730) + [Matt Caswell] + + *) BN_mod_exp may produce incorrect results on x86_64 + + There is a carry propagating bug in the x86_64 Montgomery squaring + procedure. No EC algorithms are affected. Analysis suggests that attacks + against RSA and DSA as a result of this defect would be very difficult to + perform and are not believed likely. Attacks against DH are considered just + feasible (although very difficult) because most of the work necessary to + deduce information about a private key may be performed offline. The amount + of resources required for such an attack would be very significant and + likely only accessible to a limited number of attackers. An attacker would + additionally need online access to an unpatched system using the target + private key in a scenario with persistent DH parameters and a private + key that is shared between multiple clients. For example this can occur by + default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very + similar to CVE-2015-3193 but must be treated as a separate problem. + + This issue was reported to OpenSSL by the OSS-Fuzz project. + (CVE-2017-3732) + [Andy Polyakov] + + Changes between 1.1.0b and 1.1.0c [10 Nov 2016] *) ChaCha20/Poly1305 heap-buffer-overflow |