]>
Commit | Line | Data |
---|---|---|
81a6c781 | 1 | |
f1c236f8 | 2 | OpenSSL CHANGES |
651d0aff RE |
3 | _______________ |
4 | ||
2a8c2799 | 5 | Changes between 1.0.1n and 1.0.1o [12 Jun 2015] |
3adca975 | 6 | |
2ad310ff MC |
7 | *) Fix HMAC ABI incompatibility. The previous version introduced an ABI |
8 | incompatibility in the handling of HMAC. The previous ABI has now been | |
9 | restored. | |
3adca975 | 10 | |
517899e6 | 11 | Changes between 1.0.1m and 1.0.1n [11 Jun 2015] |
a6a704f4 | 12 | |
1f31458a MC |
13 | *) Malformed ECParameters causes infinite loop |
14 | ||
15 | When processing an ECParameters structure OpenSSL enters an infinite loop | |
16 | if the curve specified is over a specially malformed binary polynomial | |
17 | field. | |
18 | ||
19 | This can be used to perform denial of service against any | |
20 | system which processes public keys, certificate requests or | |
21 | certificates. This includes TLS clients and TLS servers with | |
22 | client authentication enabled. | |
23 | ||
24 | This issue was reported to OpenSSL by Joseph Barr-Pixton. | |
25 | (CVE-2015-1788) | |
26 | [Andy Polyakov] | |
27 | ||
28 | *) Exploitable out-of-bounds read in X509_cmp_time | |
29 | ||
30 | X509_cmp_time does not properly check the length of the ASN1_TIME | |
31 | string and can read a few bytes out of bounds. In addition, | |
32 | X509_cmp_time accepts an arbitrary number of fractional seconds in the | |
33 | time string. | |
34 | ||
35 | An attacker can use this to craft malformed certificates and CRLs of | |
36 | various sizes and potentially cause a segmentation fault, resulting in | |
37 | a DoS on applications that verify certificates or CRLs. TLS clients | |
38 | that verify CRLs are affected. TLS clients and servers with client | |
39 | authentication enabled may be affected if they use custom verification | |
40 | callbacks. | |
41 | ||
42 | This issue was reported to OpenSSL by Robert Swiecki (Google), and | |
43 |