Update CHANGES for release
Update CHANGES fiel with all the latest fixes ready for the release. Reviewed-by: Richard Levitte <levitte@openssl.org>
This commit is contained in:
parent
82123b5e94
commit
ffc69bd942
72
CHANGES
72
CHANGES
@ -4,6 +4,78 @@
|
||||
|
||||
Changes between 1.0.1l and 1.0.1m [xx XXX xxxx]
|
||||
|
||||
*) Segmentation fault in ASN1_TYPE_cmp fix
|
||||
|
||||
The function ASN1_TYPE_cmp will crash with an invalid read if an attempt is
|
||||
made to compare ASN.1 boolean types. Since ASN1_TYPE_cmp is used to check
|
||||
certificate signature algorithm consistency this can be used to crash any
|
||||
certificate verification operation and exploited in a DoS attack. Any
|
||||
application which performs certificate verification is vulnerable including
|
||||
OpenSSL clients and servers which enable client authentication.
|
||||
(CVE-2015-0286)
|
||||
[Stephen Henson]
|
||||
|
||||
*) ASN.1 structure reuse memory corruption fix
|
||||
|
||||
Reusing a structure in ASN.1 parsing may allow an attacker to cause
|
||||
memory corruption via an invalid write. Such reuse is and has been
|
||||
strongly discouraged and is believed to be rare.
|
||||
|
||||
Applications that parse structures containing CHOICE or ANY DEFINED BY
|
||||
components may be affected. Certificate parsing (d2i_X509 and related
|
||||
functions) are however not affected. OpenSSL clients and servers are
|
||||
not affected.
|
||||
(CVE-2015-0287)
|
||||
[Stephen Henson]
|
||||
|
||||
*) PKCS7 NULL pointer dereferences fix
|
||||
|
||||
The PKCS#7 parsing code does not handle missing outer ContentInfo
|
||||
correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs with
|
||||
missing content and trigger a NULL pointer dereference on parsing.
|
||||
|
||||
Applications that verify PKCS#7 signatures, decrypt PKCS#7 data or
|
||||
otherwise parse PKCS#7 structures from untrusted sources are
|
||||
affected. OpenSSL clients and servers are not affected.
|
||||
|
||||
This issue was reported to OpenSSL by Michal Zalewski (Google).
|
||||
(CVE-2015-0289)
|
||||
[Emilia Käsper]
|
||||
|
||||
*) DoS via reachable assert in SSLv2 servers fix
|
||||
|
||||
A malicious client can trigger an OPENSSL_assert (i.e., an abort) in
|
||||
servers that both support SSLv2 and enable export cipher suites by sending
|
||||
a specially crafted SSLv2 CLIENT-MASTER-KEY message.
|
||||
|
||||
This issue was discovered by Sean Burford (Google) and Emilia Käsper
|
||||
(OpenSSL development team).
|
||||
(CVE-2015-0293)
|
||||
[Emilia Käsper]
|
||||
|
||||
*) Use After Free following d2i_ECPrivatekey error fix
|
||||
|
||||
A malformed EC private key file consumed via the d2i_ECPrivateKey function
|
||||
could cause a use after free condition. This, in turn, could cause a double
|
||||
free in several private key parsing functions (such as d2i_PrivateKey
|
||||
or EVP_PKCS82PKEY) and could lead to a DoS attack or memory corruption
|
||||
for applications that receive EC private keys from untrusted
|
||||
sources. This scenario is considered rare.
|
||||
|
||||
This issue was discovered by the BoringSSL project and fixed in their
|
||||
commit 517073cd4b.
|
||||
(CVE-2015-0209)
|
||||
[Matt Caswell]
|
||||
|
||||
*) X509_to_X509_REQ NULL pointer deref fix
|
||||
|
||||
The function X509_to_X509_REQ will crash with a NULL pointer dereference if
|
||||
the certificate key is invalid. This function is rarely used in practice.
|
||||
|
||||
This issue was discovered by Brian Carpenter.
|
||||
(CVE-2015-0288)
|
||||
[Stephen Henson]
|
||||
|
||||
*) Removed the export ciphers from the DEFAULT ciphers
|
||||
[Kurt Roeckx]
|
||||
|
||||
|
Loading…
x
Reference in New Issue
Block a user