diff options
| author | Mark J. Cox <mark@openssl.org> | 2006-09-28 11:29:03 +0000 |
|---|---|---|
| committer | Mark J. Cox <mark@openssl.org> | 2006-09-28 11:29:03 +0000 |
| commit | 951dfbb13a79bff82cef8096d2c93bc2d65a7525 (patch) | |
| tree | abc7f989e18378c7c06a5eecf6f23257fb42f53a /CHANGES | |
| parent | 81780a3b6290836f3ef64eafe7143e892e7fa5cc (diff) | |
Introduce limits to prevent malicious keys being able to
cause a denial of service. (CVE-2006-2940)
[Steve Henson, Bodo Moeller]
Fix ASN.1 parsing of certain invalid structures that can result
in a denial of service. (CVE-2006-2937) [Steve Henson]
Fix buffer overflow in SSL_get_shared_ciphers() function.
(CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]
Fix SSL client code which could crash if connecting to a
malicious SSLv2 server. (CVE-2006-4343)
[Tavis Ormandy and Will Drewry, Google Security Team]
Diffstat (limited to 'CHANGES')
| -rw-r--r-- | CHANGES | 14 |
1 files changed, 14 insertions, 0 deletions
@@ -4,6 +4,20 @@ Changes between 0.9.8c and 0.9.8d [xx XXX xxxx] + *) Introduce limits to prevent malicious keys being able to + cause a denial of service. (CVE-2006-2940) + [Steve Henson, Bodo Moeller] + + *) Fix ASN.1 parsing of certain invalid structures that can result + in a denial of service. (CVE-2006-2937) [Steve Henson] + + *) Fix buffer overflow in SSL_get_shared_ciphers() function. + (CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team] + + *) Fix SSL client code which could crash if connecting to a + malicious SSLv2 server. (CVE-2006-4343) + [Tavis Ormandy and Will Drewry, Google Security Team] + *) Since 0.9.8b, ciphersuite strings naming explicit ciphersuites match only those. Before that, "AES256-SHA" would be interpreted as a pattern and match "AES128-SHA" too (since AES128-SHA got |