diff options
Diffstat (limited to 'CHANGES.md')
-rw-r--r-- | CHANGES.md | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/CHANGES.md b/CHANGES.md index b5bea316f6..0cdb480dcb 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -30,6 +30,26 @@ breaking changes, and mappings for the large list of deprecated functions. ### Changes between 3.0.12 and 3.0.13 [xx XXX xxxx] + * The POLY1305 MAC (message authentication code) implementation in OpenSSL + for PowerPC CPUs saves the contents of vector registers in different + order than they are restored. Thus the contents of some of these vector + registers is corrupted when returning to the caller. The vulnerable code is + used only on newer PowerPC processors supporting the PowerISA 2.07 + instructions. + + The consequences of this kind of internal application state corruption can + be various - from no consequences, if the calling application does not + depend on the contents of non-volatile XMM registers at all, to the worst + consequences, where the attacker could get complete control of the + application process. However unless the compiler uses the vector registers + for storing pointers, the most likely consequence, if any, would be an + incorrect result of some application dependent calculations or a crash + leading to a denial of service. + + ([CVE-2023-6129]) + + *Rohan McLure* + * Fix excessive time spent in DH check / generation with large Q parameter value. @@ -19756,6 +19776,7 @@ ndif <!-- Links --> +[CVE-2023-6129]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6129 [CVE-2023-5678]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5678 [CVE-2023-5363]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363 [CVE-2023-4807]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-4807 |