projects / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 8db3f4a) | patch
Introduce limits to prevent malicious keys being able to
authorMark J. Cox <mark@openssl.org>
Thu, 28 Sep 2006 11:53:51 +0000 (11:53 +0000)
committerMark J. Cox <mark@openssl.org>
Thu, 28 Sep 2006 11:53:51 +0000 (11:53 +0000)
commitb213966415c35bafba6876127eecc9157077f81e
tree7d7d9bda84234956e025ef08113b047bd9985093tree | snapshot
parent8db3f4ace9bd7fa147c52f31d4c964630ea1a727commit | diff
Introduce limits to prevent malicious keys being able to
cause a denial of service.  (CVE-2006-2940)
[Steve Henson, Bodo Moeller]

Fix ASN.1 parsing of certain invalid structures that can result
in a denial of service.  (CVE-2006-2937)  [Steve Henson]

Fix buffer overflow in SSL_get_shared_ciphers() function.
(CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]

Fix SSL client code which could crash if connecting to a
malicious SSLv2 server.  (CVE-2006-4343)
[Tavis Ormandy and Will Drewry, Google Security Team]
15 files changed:
CHANGES diff | blob | history
NEWS diff | blob | history
crypto/asn1/tasn_dec.c diff | blob | history
crypto/dh/dh.h diff | blob | history
crypto/dh/dh_err.c diff | blob | history
crypto/dh/dh_key.c diff | blob | history
crypto/dsa/dsa.h diff | blob | history
crypto/dsa/dsa_err.c diff | blob | history
crypto/dsa/dsa_ossl.c diff | blob | history
crypto/rsa/rsa.h diff | blob | history
crypto/rsa/rsa_eay.c diff | blob | history
crypto/rsa/rsa_err.c diff | blob | history
ssl/s2_clnt.c diff | blob | history
ssl/s3_srvr.c diff | blob | history
ssl/ssl_lib.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.