diff options
author | Mark J. Cox <mark@openssl.org> | 2006-09-28 11:29:03 +0000 |
---|---|---|
committer | Mark J. Cox <mark@openssl.org> | 2006-09-28 11:29:03 +0000 |
commit | 951dfbb13a79bff82cef8096d2c93bc2d65a7525 (patch) | |
tree | abc7f989e18378c7c06a5eecf6f23257fb42f53a /NEWS | |
parent | 81780a3b6290836f3ef64eafe7143e892e7fa5cc (diff) |
Introduce limits to prevent malicious keys being able to
cause a denial of service. (CVE-2006-2940)
[Steve Henson, Bodo Moeller]
Fix ASN.1 parsing of certain invalid structures that can result
in a denial of service. (CVE-2006-2937) [Steve Henson]
Fix buffer overflow in SSL_get_shared_ciphers() function.
(CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]
Fix SSL client code which could crash if connecting to a
malicious SSLv2 server. (CVE-2006-4343)
[Tavis Ormandy and Will Drewry, Google Security Team]
Diffstat (limited to 'NEWS')
-rw-r--r-- | NEWS | 6 |
1 files changed, 6 insertions, 0 deletions
@@ -5,6 +5,12 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. + Major changes between OpenSSL 0.9.7c and OpenSSL 0.9.8d: + + o Introduce limits to prevent malicious key DoS (CVE-2006-2940) + o Fix security issues (CVE-2006-2937, CVE-2006-3737, CVE-2006-4343) + o Changes to ciphersuite selection algorithm + Major changes between OpenSSL 0.9.8b and OpenSSL 0.9.8c: o Fix Daniel Bleichenbacher forged signature attack, CVE-2006-4339 |