Update CHANGES and NEWS for release of 1.1.1g

author Matt Caswell <matt@openssl.org>

Tue, 21 Apr 2020 09:33:43 +0000 (10:33 +0100)

committer Matt Caswell <matt@openssl.org>

Tue, 21 Apr 2020 10:20:39 +0000 (11:20 +0100)
author Matt Caswell <matt@openssl.org>
Tue, 21 Apr 2020 09:33:43 +0000 (10:33 +0100)
committer Matt Caswell <matt@openssl.org>
Tue, 21 Apr 2020 10:20:39 +0000 (11:20 +0100)
diff --git a/CHANGES b/CHANGES

index 6239fa41390a844f3686fafbae78a7cac37e1582..d655eb0654b36c5bfaf100c7c5623251b4a2cb2c 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -9,6 +9,16 @@
  
   Changes between 1.1.1f and 1.1.1g [xx XXX xxxx]
  
+  *) Fixed segmentation fault in SSL_check_chain()
+     Server or client applications that call the SSL_check_chain() function
+     during or after a TLS 1.3 handshake may crash due to a NULL pointer
+     dereference as a result of incorrect handling of the
+     "signature_algorithms_cert" TLS extension. The crash occurs if an invalid
+     or unrecognised signature algorithm is received from the peer. This could
+     be exploited by a malicious peer in a Denial of Service attack.
+     (CVE-2020-1967)
+     [Benjamin Kaduk]
+
    *) Added AES consttime code for no-asm configurations
       an optional constant time support for AES was added
       when building openssl for no-asm.
diff --git a/NEWS b/NEWS

index 79202c3af2606ebc499c8171bed7af1cbf82808a..55eed4d8744b5259821006eab6b8ab08b2515a4e 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -7,7 +7,7 @@
  
    Major changes between OpenSSL 1.1.1f and OpenSSL 1.1.1g [under development]
  
-      o
+      o Fixed segmentation fault in SSL_check_chain() (CVE-2020-1967)
  
    Major changes between OpenSSL 1.1.1e and OpenSSL 1.1.1f [31 Mar 2020]
author	Matt Caswell <matt@openssl.org>
	Tue, 21 Apr 2020 09:33:43 +0000 (10:33 +0100)
committer	Matt Caswell <matt@openssl.org>
	Tue, 21 Apr 2020 10:20:39 +0000 (11:20 +0100)