generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add CHANGES entries.

Browse Source
This commit is contained in:
Dr. Stephen Henson 2013-02-04 20:34:26 +00:00
parent 529d27ea47
commit f1ca56a69f
1 changed files with 21 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
CHANGES
View File

@ -4,6 +4,27 @@
Changes between 1.0.1c and 1.0.1d [xx XXX xxxx] Changes between 1.0.1c and 1.0.1d [xx XXX xxxx]
*) Makes the decoding of SSLv3, TLS and DTLS CBC records constant time.
This addresses the flaw in CBC record processing discovered by
Nadhem Alfardan and Kenny Paterson. Details of this attack can be found
at: http://www.isg.rhul.ac.uk/tls/
Thanks go to Nadhem Alfardan and Kenny Paterson of the Information
Security Group at Royal Holloway, University of London
(www.isg.rhul.ac.uk) for discovering this flaw and Adam Langley and
Emilia Käsper for the initial patch.
(CVE-2013-0169)
[Emilia Käsper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson]
*) Fix flaw in AESNI handling of TLS 1.2 and 1.1 records for CBC mode
ciphersuites which can be exploited in a denial of service attack.
Thankd go to and to Adam Langley <agl@chromium.org> for discovering
and detecting this bug and to Wolfgang Ettlinger
<wolfgang.ettlinger@gmail.com> for independently discovering this issue.
(CVE-2012-2686)
[Adam Langley]
*) Return an error when checking OCSP signatures when key is NULL. *) Return an error when checking OCSP signatures when key is NULL.
This fixes a DoS attack. (CVE-2013-0166) This fixes a DoS attack. (CVE-2013-0166)
[Steve Henson] [Steve Henson]