projects / thirdparty / openssl.git / blame
| Commit | Line | Data |
|---|---|---|
| 81a6c781 | 1 | |
| f1c236f8 | 2 | OpenSSL CHANGES |
| 651d0aff RE |
3 | _______________ |
| 4 | ||
| 204fb36a MC |
5 | Changes between 1.0.1i and 1.0.1j [xx XXX xxxx] |
| 6 | ||
| 7 | *) | |
| 8 | ||
| 2b456034 | 9 | Changes between 1.0.1h and 1.0.1i [6 Aug 2014] |
| 049615e3 | 10 | |
| abbd5855 DSH |
11 | *) Fix SRP buffer overrun vulnerability. Invalid parameters passed to the |
| 12 | SRP code can be overrun an internal buffer. Add sanity check that | |
| 13 | g, A, B < N to SRP code. | |
| 14 | ||
| 15 | Thanks to Sean Devlin and Watson Ladd of Cryptography Services, NCC | |
| 16 | Group for discovering this issue. | |
| 17 | (CVE-2014-3512) | |
| 18 | [Steve Henson] | |
| 19 | ||
| 20 | *) A flaw in the OpenSSL SSL/TLS server code causes the server to negotiate | |
| 21 | TLS 1.0 instead of higher protocol versions when the ClientHello message | |
| 22 | is badly fragmented. This allows a man-in-the-middle attacker to force a | |
| 23 | downgrade to TLS 1.0 even if both the server and the client support a | |
| 24 | higher protocol version, by modifying the client's TLS records. | |
| 25 | ||
| 26 | Thanks to David Benjamin and Adam Langley (Google) for discovering and | |
| 27 | researching this issue. | |
| 28 | (CVE-2014-3511) | |
| 29 | [David Benjamin] | |
| 30 | ||
| 31 | *) OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject | |
| 32 | to a denial of service attack. A malicious server can crash the client | |
| 33 | with a null pointer dereference (read) by specifying an anonymous (EC)DH | |
| 34 | ciphersuite and sending carefully crafted handshake messages. | |
| 35 | ||
| 36 |