diff options
| author | marha <marha@users.sourceforge.net> | 2014-06-26 09:30:29 +0200 |
|---|---|---|
| committer | marha <marha@users.sourceforge.net> | 2014-06-26 09:30:29 +0200 |
| commit | c30d5eefc96925b4bef781806c7a0114eca1b8e0 (patch) | |
| tree | 420bb99ba463e5df728e71214ea6aaed0ad18fcb /openssl/CHANGES | |
| parent | d435b20322433b335a4fc5693cce0399a3f27b2d (diff) | |
| download | vcxsrv-c30d5eefc96925b4bef781806c7a0114eca1b8e0.tar.gz vcxsrv-c30d5eefc96925b4bef781806c7a0114eca1b8e0.tar.bz2 vcxsrv-c30d5eefc96925b4bef781806c7a0114eca1b8e0.zip | |
Opdated to openssl-1.0.1h
xkeyboard-config fontconfig libX11 libxcb xcb-proto mesa xserver git update 26 June 2014
xserver commit a3b44ad8db1fa2f3b81c1ff9498f31c5323edd37
libxcb commit 125135452a554e89e49448e2c1ee6658324e1095
libxcb/xcb-proto commit 84bfd909bc3774a459b11614cfebeaa584a1eb38
xkeyboard-config commit 39a226707b133ab5540c2d30176cb3857e74dcca
libX11 commit a4679baaa18142576d42d423afe816447f08336c
fontconfig commit 274f2181f294af2eff3e8db106ec8d7bab2d3ff1
mesa commit 9a8acafa47558cafeb37f80f4b30061ac1962c69
Diffstat (limited to 'openssl/CHANGES')
| -rw-r--r-- | openssl/CHANGES | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/openssl/CHANGES b/openssl/CHANGES index 4fcfd1d4b..d161ecaf2 100644 --- a/openssl/CHANGES +++ b/openssl/CHANGES @@ -2,6 +2,50 @@ OpenSSL CHANGES _______________ + Changes between 1.0.1g and 1.0.1h [5 Jun 2014] + + *) Fix for SSL/TLS MITM flaw. An attacker using a carefully crafted + handshake can force the use of weak keying material in OpenSSL + SSL/TLS clients and servers. + + Thanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for discovering and + researching this issue. (CVE-2014-0224) + [KIKUCHI Masashi, Steve Henson] + + *) Fix DTLS recursion flaw. By sending an invalid DTLS handshake to an + OpenSSL DTLS client the code can be made to recurse eventually crashing + in a DoS attack. + + Thanks to Imre Rad (Search-Lab Ltd.) for discovering this issue. + (CVE-2014-0221) + [Imre Rad, Steve Henson] + + *) Fix DTLS invalid fragment vulnerability. A buffer overrun attack can + be triggered by sending invalid DTLS fragments to an OpenSSL DTLS + client or server. This is potentially exploitable to run arbitrary + code on a vulnerable client or server. + + Thanks to Jüri Aedla for reporting this issue. (CVE-2014-0195) + [Jüri Aedla, Steve Henson] + + *) Fix bug in TLS code where clients enable anonymous ECDH ciphersuites + are subject to a denial of service attack. + + Thanks to Felix Gröbert and Ivan Fratric at Google for discovering + this issue. (CVE-2014-3470) + [Felix Gröbert, Ivan Fratric, Steve Henson] + + *) Harmonize version and its documentation. -f flag is used to display + compilation flags. + [mancha <mancha1@zoho.com>] + + *) Fix eckey_priv_encode so it immediately returns an error upon a failure + in i2d_ECPrivateKey. + [mancha <mancha1@zoho.com>] + + *) Fix some double frees. These are not thought to be exploitable. + [mancha <mancha1@zoho.com>] + Changes between 1.0.1f and 1.0.1g [7 Apr 2014] *) A missing bounds check in the handling of the TLS heartbeat extension |