diff options
Diffstat (limited to 'openssl/CHANGES')
| -rw-r--r-- | openssl/CHANGES | 128 | 
1 files changed, 127 insertions, 1 deletions
| diff --git a/openssl/CHANGES b/openssl/CHANGES index a0de5abb6..67ff293f3 100644 --- a/openssl/CHANGES +++ b/openssl/CHANGES @@ -2,6 +2,73 @@   OpenSSL CHANGES   _______________ + Changes between 1.0.0f and 1.0.0g [18 Jan 2012] + +  *) Fix for DTLS DoS issue introduced by fix for CVE-2011-4109. +     Thanks to Antonio Martin, Enterprise Secure Access Research and +     Development, Cisco Systems, Inc. for discovering this bug and +     preparing a fix. (CVE-2012-0050) +     [Antonio Martin] + + Changes between 1.0.0e and 1.0.0f [4 Jan 2012] + +  *) Nadhem Alfardan and Kenny Paterson have discovered an extension +     of the Vaudenay padding oracle attack on CBC mode encryption +     which enables an efficient plaintext recovery attack against +     the OpenSSL implementation of DTLS. Their attack exploits timing +     differences arising during decryption processing. A research +     paper describing this attack can be found at: +                  http://www.isg.rhul.ac.uk/~kp/dtls.pdf +     Thanks go to Nadhem Alfardan and Kenny Paterson of the Information +     Security Group at Royal Holloway, University of London +     (www.isg.rhul.ac.uk) for discovering this flaw and to Robin Seggelmann +     <seggelmann@fh-muenster.de> and Michael Tuexen <tuexen@fh-muenster.de> +     for preparing the fix. (CVE-2011-4108) +     [Robin Seggelmann, Michael Tuexen] + +  *) Clear bytes used for block padding of SSL 3.0 records. +     (CVE-2011-4576) +     [Adam Langley (Google)] + +  *) Only allow one SGC handshake restart for SSL/TLS. Thanks to George +     Kadianakis <desnacked@gmail.com> for discovering this issue and +     Adam Langley for preparing the fix. (CVE-2011-4619) +     [Adam Langley (Google)] + +  *) Check parameters are not NULL in GOST ENGINE. (CVE-2012-0027) +     [Andrey Kulikov <amdeich@gmail.com>] + +  *) Prevent malformed RFC3779 data triggering an assertion failure. +     Thanks to Andrew Chi, BBN Technologies, for discovering the flaw +     and Rob Austein <sra@hactrn.net> for fixing it. (CVE-2011-4577) +     [Rob Austein <sra@hactrn.net>] + +  *) Improved PRNG seeding for VOS. +     [Paul Green <Paul.Green@stratus.com>] + +  *) Fix ssl_ciph.c set-up race. +     [Adam Langley (Google)] + +  *) Fix spurious failures in ecdsatest.c. +     [Emilia Käsper (Google)] + +  *) Fix the BIO_f_buffer() implementation (which was mixing different +     interpretations of the '..._len' fields). +     [Adam Langley (Google)] + +  *) Fix handling of BN_BLINDING: now BN_BLINDING_invert_ex (rather than +     BN_BLINDING_invert_ex) calls BN_BLINDING_update, ensuring that concurrent +     threads won't reuse the same blinding coefficients. + +     This also avoids the need to obtain the CRYPTO_LOCK_RSA_BLINDING +     lock to call BN_BLINDING_invert_ex, and avoids one use of +     BN_BLINDING_update for each BN_BLINDING structure (previously, +     the last update always remained unused). +     [Emilia Käsper (Google)] + +  *) In ssl3_clear, preserve s3->init_extra along with s3->rbuf. +     [Bob Buckholz (Google)] +   Changes between 1.0.0d and 1.0.0e [6 Sep 2011]    *) Fix bug where CRLs with nextUpdate in the past are sometimes accepted @@ -906,8 +973,67 @@    *) Change 'Configure' script to enable Camellia by default.       [NTT] + + Changes between 0.9.8s and 0.9.8t [18 Jan 2012] + +  *) Fix for DTLS DoS issue introduced by fix for CVE-2011-4109. +     Thanks to Antonio Martin, Enterprise Secure Access Research and +     Development, Cisco Systems, Inc. for discovering this bug and +     preparing a fix. (CVE-2012-0050) +     [Antonio Martin] - Changes between 0.9.8r and 0.9.8s [xx XXX xxxx] + Changes between 0.9.8r and 0.9.8s [4 Jan 2012] + +  *) Nadhem Alfardan and Kenny Paterson have discovered an extension +     of the Vaudenay padding oracle attack on CBC mode encryption +     which enables an efficient plaintext recovery attack against +     the OpenSSL implementation of DTLS. Their attack exploits timing +     differences arising during decryption processing. A research +     paper describing this attack can be found at: +                  http://www.isg.rhul.ac.uk/~kp/dtls.pdf +     Thanks go to Nadhem Alfardan and Kenny Paterson of the Information +     Security Group at Royal Holloway, University of London +     (www.isg.rhul.ac.uk) for discovering this flaw and to Robin Seggelmann +     <seggelmann@fh-muenster.de> and Michael Tuexen <tuexen@fh-muenster.de> +     for preparing the fix. (CVE-2011-4108) +     [Robin Seggelmann, Michael Tuexen] + +  *) Stop policy check failure freeing same buffer twice. (CVE-2011-4109) +     [Ben Laurie, Kasper <ekasper@google.com>] + +  *) Clear bytes used for block padding of SSL 3.0 records. +     (CVE-2011-4576) +     [Adam Langley (Google)] + +  *) Only allow one SGC handshake restart for SSL/TLS. Thanks to George +     Kadianakis <desnacked@gmail.com> for discovering this issue and +     Adam Langley for preparing the fix. (CVE-2011-4619) +     [Adam Langley (Google)] +  +  *) Prevent malformed RFC3779 data triggering an assertion failure. +     Thanks to Andrew Chi, BBN Technologies, for discovering the flaw +     and Rob Austein <sra@hactrn.net> for fixing it. (CVE-2011-4577) +     [Rob Austein <sra@hactrn.net>] + +  *) Fix ssl_ciph.c set-up race. +     [Adam Langley (Google)] + +  *) Fix spurious failures in ecdsatest.c. +     [Emilia Käsper (Google)] + +  *) Fix the BIO_f_buffer() implementation (which was mixing different +     interpretations of the '..._len' fields). +     [Adam Langley (Google)] + +  *) Fix handling of BN_BLINDING: now BN_BLINDING_invert_ex (rather than +     BN_BLINDING_invert_ex) calls BN_BLINDING_update, ensuring that concurrent +     threads won't reuse the same blinding coefficients. + +     This also avoids the need to obtain the CRYPTO_LOCK_RSA_BLINDING +     lock to call BN_BLINDING_invert_ex, and avoids one use of +     BN_BLINDING_update for each BN_BLINDING structure (previously, +     the last update always remained unused). +     [Emilia Käsper (Google)]    *) Fix SSL memory handling for (EC)DH ciphersuites, in particular       for multi-threaded use of ECDH. | 
