Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>, Michael Tuexen <tuexen@fh-muenster.de>

Reviewed by: steve Fix for DTLS plaintext recovery attack discovered by Nadhem Alfardan and Kenny Paterson.
author: Dr. Stephen Henson <steve@openssl.org> 2012-01-04 23:52:26 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2012-01-04 23:52:26 +0000
commit: e7455724938818eac8bef43f535d148dd4670d06 (patch)
tree: 6a3651bc4496c46030a2128d8aff3009a9b3647f /CHANGES
parent: 27dfffd5b75ee1db114e32f6dc73e266513889c5 (diff)
1 files changed, 14 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index 176b649453..6fd53f3240 100644
--- a/CHANGES
+++ b/CHANGES
@@ -523,6 +523,20 @@
 
  Changes between 1.0.0e and 1.0.0f [xx XXX xxxx]
 
+  *) Nadhem Alfardan and Kenny Paterson have discovered an extension
+     of the Vaudenay padding oracle attack on CBC mode encryption
+     which enables an efficient plaintext recovery attack against
+     the OpenSSL implementation of DTLS. Their attack exploits timing
+     differences arising during decryption processing. A research
+     paper describing this attack can be found at:
+                  http://www.isg.rhul.ac.uk/~kp/dtls.pdf
+     Thanks go to Nadhem Alfardan and Kenny Paterson of the Information
+     Security Group at Royal Holloway, University of London
+     (www.isg.rhul.ac.uk) for discovering this flaw and to Robin Seggelmann
+     <seggelmann@fh-muenster.de> and Michael Tuexen <tuexen@fh-muenster.de>
+     for preparing the fix. (CVE-2011-4108)
+     [Robin Seggelmann, Michael Tuexen]
+
   *) Clear bytes used for block padding of SSL 3.0 records.
      (CVE-2011-4576)
      [Adam Langley (Google)]
author	Dr. Stephen Henson <steve@openssl.org>	2012-01-04 23:52:26 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2012-01-04 23:52:26 +0000
commit	e7455724938818eac8bef43f535d148dd4670d06 (patch)
tree	6a3651bc4496c46030a2128d8aff3009a9b3647f /CHANGES
parent	27dfffd5b75ee1db114e32f6dc73e266513889c5 (diff)