X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;ds=sidebyside;f=CHANGES;h=1c5c288af8df709bef4a5d6a68414c9136ed3814;hb=c4bfccfff85cea4dd16d701868e0efa9d80384cc;hp=15c927720c51e42dab9fd990fcddc1abb8af2923;hpb=19e1de548eff0b08ba2878b3258aaceead32977b;p=oweals%2Fopenssl.git diff --git a/CHANGES b/CHANGES index 15c927720c..1c5c288af8 100644 --- a/CHANGES +++ b/CHANGES @@ -2,7 +2,41 @@ OpenSSL CHANGES _______________ - Changes between 1.0.2j and 1.0.2k [xx XXX xxxx] + Changes between 1.0.2k and 1.0.2l [xx XXX xxxx] + + *) + + Changes between 1.0.2j and 1.0.2k [26 Jan 2017] + + *) Truncated packet could crash via OOB read + + If one side of an SSL/TLS path is running on a 32-bit host and a specific + cipher is being used, then a truncated packet can cause that host to + perform an out-of-bounds read, usually resulting in a crash. + + This issue was reported to OpenSSL by Robert Święcki of Google. + (CVE-2017-3731) + [Andy Polyakov] + + *) BN_mod_exp may produce incorrect results on x86_64 + + There is a carry propagating bug in the x86_64 Montgomery squaring + procedure. No EC algorithms are affected. Analysis suggests that attacks + against RSA and DSA as a result of this defect would be very difficult to + perform and are not believed likely. Attacks against DH are considered just + feasible (although very difficult) because most of the work necessary to + deduce information about a private key may be performed offline. The amount + of resources required for such an attack would be very significant and + likely only accessible to a limited number of attackers. An attacker would + additionally need online access to an unpatched system using the target + private key in a scenario with persistent DH parameters and a private + key that is shared between multiple clients. For example this can occur by + default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very + similar to CVE-2015-3193 but must be treated as a separate problem. + + This issue was reported to OpenSSL by the OSS-Fuzz project. + (CVE-2017-3732) + [Andy Polyakov] *) Montgomery multiplication may produce incorrect results