summaryrefslogtreecommitdiffstats
path: root/CHANGES
diff options
context:
space:
mode:
authorDr. Stephen Henson <steve@openssl.org>2010-03-24 13:16:42 +0000
committerDr. Stephen Henson <steve@openssl.org>2010-03-24 13:16:42 +0000
commit354f92d66ad9b0aa83bb0eb6e6faf6c9bbab13d0 (patch)
treedb110b03b021a0646be5410817c6bc4c6f6018eb /CHANGES
parentc3484e0268cfa7b7c6db81e01fc0f837bf375e52 (diff)
Submitted by: Bodo Moeller and Adam Langley (Google).
Fix for "Record of death" vulnerability CVE-2010-0740.
Diffstat (limited to 'CHANGES')
-rw-r--r--CHANGES11
1 files changed, 10 insertions, 1 deletions
diff --git a/CHANGES b/CHANGES
index ce053771e3..b350da79f6 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2,7 +2,16 @@
OpenSSL CHANGES
_______________
- Changes between 0.9.8m and 0.9.8n [xx XXX xxxx]
+ Changes between 0.9.8m and 0.9.8n [24 Mar 2010]
+
+ *) When rejecting SSL/TLS records due to an incorrect version number, never
+ update s->server with a new major version number. As of
+ - OpenSSL 0.9.8m if 'short' is a 16-bit type,
+ - OpenSSL 0.9.8f if 'short' is longer than 16 bits,
+ the previous behavior could result in a read attempt at NULL when
+ receiving specific incorrect SSL/TLS records once record payload
+ protection is active. (CVE-2010-0740)
+ [Bodo Moeller, Adam Langley <agl@chromium.org>]
*) Fix for CVE-2010-0433 where some kerberos enabled versions of OpenSSL
could be crashed if the relevant tables were not present (e.g. chrooted).
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-20 23:34:00 +0000