From: Matt Caswell Date: Mon, 26 Sep 2016 08:43:45 +0000 (+0100) Subject: Updates CHANGES and NEWS for new release X-Git-Tag: OpenSSL_1_1_0b~1 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=87cd6f9253580866b13729d33fdd45205485b675;p=oweals%2Fopenssl.git Updates CHANGES and NEWS for new release Reviewed-by: Richard Levitte --- diff --git a/CHANGES b/CHANGES index 76b4974145..9b34c3a0af 100644 --- a/CHANGES +++ b/CHANGES @@ -4,7 +4,20 @@ Changes between 1.1.0a and 1.1.0b [xx XXX xxxx] - *) + *) Fix Use After Free for large message sizes + + The patch applied to address CVE-2016-6307 resulted in an issue where if a + message larger than approx 16k is received then the underlying buffer to + store the incoming message is reallocated and moved. Unfortunately a + dangling pointer to the old location is left which results in an attempt to + write to the previously freed location. This is likely to result in a + crash, however it could potentially lead to execution of arbitrary code. + + This issue only affects OpenSSL 1.1.0a. + + This issue was reported to OpenSSL by Robert Święcki. + (CVE-2016-6309) + [Matt Caswell] Changes between 1.1.0 and 1.1.0a [22 Sep 2016] diff --git a/NEWS b/NEWS index 66bade1e1e..fb26f42dfa 100644 --- a/NEWS +++ b/NEWS @@ -7,7 +7,7 @@ Major changes between OpenSSL 1.1.0a and OpenSSL 1.1.0b [under development] - o + o Fix Use After Free for large message sizes (CVE-2016-6309) Major changes between OpenSSL 1.1.0 and OpenSSL 1.1.0a [22 Sep 2016]