From: Matt Caswell Date: Tue, 24 Jan 2017 16:34:40 +0000 (+0000) Subject: Update CHANGES and NEWS for new release X-Git-Tag: OpenSSL_1_0_2k~1 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=06f87e9685bb2faa033f682aa66b70059e398f71;p=oweals%2Fopenssl.git Update CHANGES and NEWS for new release Reviewed-by: Richard Levitte --- diff --git a/CHANGES b/CHANGES index 15c927720c..17a84726b8 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,36 @@ Changes between 1.0.2j and 1.0.2k [xx XXX xxxx] + *) Truncated packet could crash via OOB read + + If one side of an SSL/TLS path is running on a 32-bit host and a specific + cipher is being used, then a truncated packet can cause that host to + perform an out-of-bounds read, usually resulting in a crash. + + This issue was reported to OpenSSL by Robert Święcki of Google. + (CVE-2017-3731) + [Andy Polyakov] + + *) BN_mod_exp may produce incorrect results on x86_64 + + There is a carry propagating bug in the x86_64 Montgomery squaring + procedure. No EC algorithms are affected. Analysis suggests that attacks + against RSA and DSA as a result of this defect would be very difficult to + perform and are not believed likely. Attacks against DH are considered just + feasible (although very difficult) because most of the work necessary to + deduce information about a private key may be performed offline. The amount + of resources required for such an attack would be very significant and + likely only accessible to a limited number of attackers. An attacker would + additionally need online access to an unpatched system using the target + private key in a scenario with persistent DH parameters and a private + key that is shared between multiple clients. For example this can occur by + default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very + similar to CVE-2015-3193 but must be treated as a separate problem. + + This issue was reported to OpenSSL by the OSS-Fuzz project. + (CVE-2017-3732) + [Andy Polyakov] + *) Montgomery multiplication may produce incorrect results There is a carry propagating bug in the Broadwell-specific Montgomery diff --git a/NEWS b/NEWS index efd2dbf0bd..23db08e481 100644 --- a/NEWS +++ b/NEWS @@ -7,6 +7,8 @@ Major changes between OpenSSL 1.0.2j and OpenSSL 1.0.2k [under development] + o Truncated packet could crash via OOB read (CVE-2017-3731) + o BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732) o Montgomery multiplication may produce incorrect results (CVE-2016-7055) Major changes between OpenSSL 1.0.2i and OpenSSL 1.0.2j [26 Sep 2016]