[thirdparty/openssl.git] / CHANGES


 OpenSSL CHANGES
 _______________

 Changes between 0.9.8ze and 0.9.8zf [19 Mar 2015]

  *) Segmentation fault in ASN1_TYPE_cmp fix

     The function ASN1_TYPE_cmp will crash with an invalid read if an attempt is
     made to compare ASN.1 boolean types. Since ASN1_TYPE_cmp is used to check
     certificate signature algorithm consistency this can be used to crash any
     certificate verification operation and exploited in a DoS attack. Any
     application which performs certificate verification is vulnerable including
     OpenSSL clients and servers which enable client authentication.
     (CVE-2015-0286)
     [Stephen Henson]

  *) ASN.1 structure reuse memory corruption fix

     Reusing a structure in ASN.1 parsing may allow an attacker to cause
     memory corruption via an invalid write. Such reuse is and has been
     strongly discouraged and is believed to be rare.

     Applications that parse structures containing CHOICE or ANY DEFINED BY
     components may be affected. Certificate parsing (d2i_X509 and related
     functions) are however not affected. OpenSSL clients and servers are
     not affected.
     (CVE-2015-0287)
     [Stephen Henson]

  *) PKCS7 NULL pointer dereferences fix

     The PKCS#7 parsing code does not handle missing outer ContentInfo
     correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs with
     missing content and trigger a NULL pointer dereference on parsing.

     Applications that verify PKCS#7 signatures, decrypt PKCS#7 data or
     otherwise parse PKCS#7 structures from untrusted sources are
     affected. OpenSSL clients and servers are not affected.

     This issue was reported to OpenSSL by Michal Zalewski (Google).
     (CVE-2015-0289)
Commit	Line	Data
81a6c781	1
f1c236f8	2	OpenSSL CHANGES
651d0aff RE	3	_______________
651d0aff RE	4
db8334be	5	Changes between 0.9.8ze and 0.9.8zf [19 Mar 2015]
ba442a7e	6
d53f9203 MC	7	*) Segmentation fault in ASN1_TYPE_cmp fix
	8
	9	The function ASN1_TYPE_cmp will crash with an invalid read if an attempt is
	10	made to compare ASN.1 boolean types. Since ASN1_TYPE_cmp is used to check
	11	certificate signature algorithm consistency this can be used to crash any
	12	certificate verification operation and exploited in a DoS attack. Any
	13	application which performs certificate verification is vulnerable including
	14	OpenSSL clients and servers which enable client authentication.
	15	(CVE-2015-0286)
	16	[Stephen Henson]
	17
	18	*) ASN.1 structure reuse memory corruption fix
	19
	20	Reusing a structure in ASN.1 parsing may allow an attacker to cause
	21	memory corruption via an invalid write. Such reuse is and has been
	22	strongly discouraged and is believed to be rare.
	23
	24	Applications that parse structures containing CHOICE or ANY DEFINED BY
	25	components may be affected. Certificate parsing (d2i_X509 and related
	26	functions) are however not affected. OpenSSL clients and servers are
	27	not affected.
	28	(CVE-2015-0287)
	29	[Stephen Henson]
	30
	31	*) PKCS7 NULL pointer dereferences fix
	32
	33	The PKCS#7 parsing code does not handle missing outer ContentInfo
	34	correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs with
	35	missing content and trigger a NULL pointer dereference on parsing.
	36
	37	Applications that verify PKCS#7 signatures, decrypt PKCS#7 data or
	38	otherwise parse PKCS#7 structures from untrusted sources are
	39	affected. OpenSSL clients and servers are not affected.
	40
	41	This issue was reported to OpenSSL by Michal Zalewski (Google).
	42	(CVE-2015-0289)
	43