X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=CHANGES;h=0740ac9b43e9a9d24466c4bc03d51a1c1ffc9ab0;hb=0c37aed3f327782645d68964cd7a714df6b8880d;hp=99aeefb4c235e733fb6884297b0fea4d37ffc0cf;hpb=4b7a4ba29cafa432fc4266fe6e59e60bc1c96332;p=oweals%2Fopenssl.git diff --git a/CHANGES b/CHANGES index 99aeefb4c2..0740ac9b43 100644 --- a/CHANGES +++ b/CHANGES @@ -2,7 +2,67 @@ OpenSSL CHANGES _______________ - Changes between 1.0.1f and 1.0.1g [xx XXX xxxx] + Changes between 1.0.1h and 1.0.1i [xx XXX xxxx] + + *) Fix ec_GFp_simple_points_make_affine (thus, EC_POINTs_mul etc.) + for corner cases. (Certain input points at infinity could lead to + bogus results, with non-infinity inputs mapped to infinity too.) + [Bodo Moeller] + + Changes between 1.0.1g and 1.0.1h [5 Jun 2014] + + *) Fix for SSL/TLS MITM flaw. An attacker using a carefully crafted + handshake can force the use of weak keying material in OpenSSL + SSL/TLS clients and servers. + + Thanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for discovering and + researching this issue. (CVE-2014-0224) + [KIKUCHI Masashi, Steve Henson] + + *) Fix DTLS recursion flaw. By sending an invalid DTLS handshake to an + OpenSSL DTLS client the code can be made to recurse eventually crashing + in a DoS attack. + + Thanks to Imre Rad (Search-Lab Ltd.) for discovering this issue. + (CVE-2014-0221) + [Imre Rad, Steve Henson] + + *) Fix DTLS invalid fragment vulnerability. A buffer overrun attack can + be triggered by sending invalid DTLS fragments to an OpenSSL DTLS + client or server. This is potentially exploitable to run arbitrary + code on a vulnerable client or server. + + Thanks to Jüri Aedla for reporting this issue. (CVE-2014-0195) + [Jüri Aedla, Steve Henson] + + *) Fix bug in TLS code where clients enable anonymous ECDH ciphersuites + are subject to a denial of service attack. + + Thanks to Felix Gröbert and Ivan Fratric at Google for discovering + this issue. (CVE-2014-3470) + [Felix Gröbert, Ivan Fratric, Steve Henson] + + *) Harmonize version and its documentation. -f flag is used to display + compilation flags. + [mancha ] + + *) Fix eckey_priv_encode so it immediately returns an error upon a failure + in i2d_ECPrivateKey. + [mancha ] + + *) Fix some double frees. These are not thought to be exploitable. + [mancha ] + + Changes between 1.0.1f and 1.0.1g [7 Apr 2014] + + *) A missing bounds check in the handling of the TLS heartbeat extension + can be used to reveal up to 64k of memory to a connected client or + server. + + Thanks for Neel Mehta of Google Security for discovering this bug and to + Adam Langley and Bodo Moeller for + preparing the fix (CVE-2014-0160) + [Adam Langley, Bodo Moeller] *) Fix for the attack described in the paper "Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack" @@ -13,23 +73,13 @@ flaw and to Yuval Yarom for supplying a fix (CVE-2014-0076) [Yuval Yarom and Naomi Benger] - *) TLS pad extension: draft-agl-tls-padding-02 + *) TLS pad extension: draft-agl-tls-padding-03 Workaround for the "TLS hang bug" (see FAQ and PR#2771): if the TLS client Hello record length value would otherwise be > 255 and less that 512 pad with a dummy extension containing zeroes so it is at least 512 bytes long. - To enable it use an unused extension number (for example chrome uses - 35655) using: - - e.g. -DTLSEXT_TYPE_padding=35655 - - Since the extension is ignored the actual number doesn't matter as long - as it doesn't clash with any existing extension. - - This will be updated when the extension gets an official number. - [Adam Langley, Steve Henson] Changes between 1.0.1e and 1.0.1f [6 Jan 2014]