diff options
| -rw-r--r-- | CHANGES | 56 | ||||
| -rw-r--r-- | NEWS | 8 |
2 files changed, 63 insertions, 1 deletions
@@ -4,6 +4,52 @@ Changes between 1.0.2d and 1.0.2e [xx XXX xxxx] + *) BN_mod_exp may produce incorrect results on x86_64 + + There is a carry propagating bug in the x86_64 Montgomery squaring + procedure. No EC algorithms are affected. Analysis suggests that attacks + against RSA and DSA as a result of this defect would be very difficult to + perform and are not believed likely. Attacks against DH are considered just + feasible (although very difficult) because most of the work necessary to + deduce information about a private key may be performed offline. The amount + of resources required for such an attack would be very significant and + likely only accessible to a limited number of attackers. An attacker would + additionally need online access to an unpatched system using the target + private key in a scenario with persistent DH parameters and a private + key that is shared between multiple clients. For example this can occur by + default in OpenSSL DHE based SSL/TLS ciphersuites. + + This issue was reported to OpenSSL by Hanno Böck. + (CVE-2015-3193) + [Andy Polyakov] + + *) Certificate verify crash with missing PSS parameter + + The signature verification routines will crash with a NULL pointer + dereference if presented with an ASN.1 signature using the RSA PSS + algorithm and absent mask generation function parameter. Since these + routines are used to verify certificate signature algorithms this can be + used to crash any certificate verification operation and exploited in a + DoS attack. Any application which performs certificate verification is + vulnerable including OpenSSL clients and servers which enable client + authentication. + + This issue was reported to OpenSSL by Loïc Jonas Etienne (Qnective AG). + (CVE-2015-3194) + [Stephen Henson] + + *) X509_ATTRIBUTE memory leak + + When presented with a malformed X509_ATTRIBUTE structure OpenSSL will leak + memory. This structure is used by the PKCS#7 and CMS routines so any + application which reads PKCS#7 or CMS data from untrusted sources is + affected. SSL/TLS is not affected. + + This issue was reported to OpenSSL by Adam Langley (Google/BoringSSL) using + libFuzzer. + (CVE-2015-3195) + [Stephen Henson] + *) Rewrite EVP_DecodeUpdate (base64 decoding) to fix several bugs. This changes the decoding behaviour for some invalid messages, though the change is mostly in the more lenient direction, and @@ -27,8 +73,18 @@ This issue was reported to OpenSSL by Adam Langley/David Benjamin (Google/BoringSSL). + (CVE-2015-1793) [Matt Caswell] + *) Race condition handling PSK identify hint + + If PSK identity hints are received by a multi-threaded client then + the values are wrongly updated in the parent SSL_CTX structure. This can + result in a race condition potentially leading to a double free of the + identify hint data. + (CVE-2015-3196) + [Stephen Henson] + Changes between 1.0.2b and 1.0.2c [12 Jun 2015] *) Fix HMAC ABI incompatibility. The previous version introduced an ABI @@ -7,11 +7,17 @@ Major changes between OpenSSL 1.0.2d and OpenSSL 1.0.2e [under development] - o + o BN_mod_exp may produce incorrect results on x86_64 (CVE-2015-3193) + o Certificate verify crash with missing PSS parameter (CVE-2015-3194) + o X509_ATTRIBUTE memory leak (CVE-2015-3195) + o Rewrite EVP_DecodeUpdate (base64 decoding) to fix several bugs + o In DSA_generate_parameters_ex, if the provided seed is too short, + return an error Major changes between OpenSSL 1.0.2c and OpenSSL 1.0.2d [9 Jul 2015] o Alternate chains certificate forgery (CVE-2015-1793) + o Race condition handling PSK identify hint (CVE-2015-3196) Major changes between OpenSSL 1.0.2b and OpenSSL 1.0.2c [12 Jun 2015] |