OpenSSL CHANGES
_______________
- Changes between 0.9.8r and 0.9.8s [xx XXX xxxx]
+ Changes between 0.9.8x and 0.9.8y [xx XXX xxxx]
+
+ *) Return an error when checking OCSP signatures when key is NULL.
+ This fixes a DoS attack. (CVE-2013-0166)
+ [Steve Henson]
+
+ *) Call OCSP Stapling callback after ciphersuite has been chosen, so
+ the right response is stapled. Also change SSL_get_certificate()
+ so it returns the certificate actually sent.
+ See http://rt.openssl.org/Ticket/Display.html?id=2836.
+ (This is a backport)
+ [Rob Stradling <rob.stradling@comodo.com>]
+
+ *) Fix possible deadlock when decoding public keys.
+ [Steve Henson]
+
+ Changes between 0.9.8w and 0.9.8x [10 May 2012]
+
+ *) Sanity check record length before skipping explicit IV in DTLS
+ to fix DoS attack.
+
+ Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic
+ fuzzing as a service testing platform.
+ (CVE-2012-2333)
+ [Steve Henson]
+
+ *) Initialise tkeylen properly when encrypting CMS messages.
+ Thanks to Solar Designer of Openwall for reporting this issue.
+ [Steve Henson]
+
+ Changes between 0.9.8v and 0.9.8w [23 Apr 2012]
+
+ *) The fix for CVE-2012-2110 did not take into account that the
+ 'len' argument to BUF_MEM_grow and BUF_MEM_grow_clean is an
+ int in OpenSSL 0.9.8, making it still vulnerable. Fix by
+ rejecting negative len parameter. (CVE-2012-2131)
+ [Tomas Hoger <thoger@redhat.com>]
+
+ Changes between 0.9.8u and 0.9.8v [19 Apr 2012]
+
+ *) Check for potentially exploitable overflows in asn1_d2i_read_bio
+ BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer
+ in CRYPTO_realloc_clean.
+
+ Thanks to Tavis Ormandy, Google Security Team, for discovering this
+ issue and to Adam Langley <agl@chromium.org> for fixing it.
+ (CVE-2012-2110)
+ [Adam Langley (Google), Tavis Ormandy, Google Security Team]
+
+ Changes between 0.9.8t and 0.9.8u [12 Mar 2012]
+
+ *) Fix MMA (Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) weakness
+ in CMS and PKCS7 code. When RSA decryption fails use a random key for
+ content decryption and always return the same error. Note: this attack
+ needs on average 2^20 messages so it only affects automated senders. The
+ old behaviour can be reenabled in the CMS code by setting the
+ CMS_DEBUG_DECRYPT flag: this is useful for debugging and testing where
+ an MMA defence is not necessary.
+ Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for discovering
+ this issue. (CVE-2012-0884)
+ [Steve Henson]
+
+ *) Fix CVE-2011-4619: make sure we really are receiving a
+ client hello before rejecting multiple SGC restarts. Thanks to
+ Ivan Nestlerode <inestlerode@us.ibm.com> for discovering this bug.
+ [Steve Henson]
+
+ Changes between 0.9.8s and 0.9.8t [18 Jan 2012]
+
+ *) Fix for DTLS DoS issue introduced by fix for CVE-2011-4109.
+ Thanks to Antonio Martin, Enterprise Secure Access Research and
+ Development, Cisco Systems, Inc. for discovering this bug and
+ preparing a fix. (CVE-2012-0050)
+ [Antonio Martin]
+
+ Changes between 0.9.8r and 0.9.8s [4 Jan 2012]
+
+ *) Nadhem Alfardan and Kenny Paterson have discovered an extension
+ of the Vaudenay padding oracle attack on CBC mode encryption
+ which enables an efficient plaintext recovery attack against
+ the OpenSSL implementation of DTLS. Their attack exploits timing
+ differences arising during decryption processing. A research
+ paper describing this attack can be found at:
+ http://www.isg.rhul.ac.uk/~kp/dtls.pdf
+ Thanks go to Nadhem Alfardan and Kenny Paterson of the Information
+ Security Group at Royal Holloway, University of London
+ (www.isg.rhul.ac.uk) for discovering this flaw and to Robin Seggelmann
+ <seggelmann@fh-muenster.de> and Michael Tuexen <tuexen@fh-muenster.de>
+ for preparing the fix. (CVE-2011-4108)
+ [Robin Seggelmann, Michael Tuexen]
+
+ *) Stop policy check failure freeing same buffer twice. (CVE-2011-4109)
+ [Ben Laurie, Kasper <ekasper@google.com>]
+
+ *) Clear bytes used for block padding of SSL 3.0 records.
+ (CVE-2011-4576)
+ [Adam Langley (Google)]
+
+ *) Only allow one SGC handshake restart for SSL/TLS. Thanks to George
+ Kadianakis <desnacked@gmail.com> for discovering this issue and
+ Adam Langley for preparing the fix. (CVE-2011-4619)
+ [Adam Langley (Google)]
*) Prevent malformed RFC3779 data triggering an assertion failure.
Thanks to Andrew Chi, BBN Technologies, for discovering the flaw
projects / openssl.git / blobdiff