]>
Commit | Line | Data |
---|---|---|
81a6c781 | 1 | |
f1c236f8 | 2 | OpenSSL CHANGES |
651d0aff RE |
3 | _______________ |
4 | ||
79cc5417 MC |
5 | Changes between 0.9.8zf and 0.9.8zg [xx XXX xxxx] |
6 | ||
7 | *) | |
8 | ||
db8334be | 9 | Changes between 0.9.8ze and 0.9.8zf [19 Mar 2015] |
ba442a7e | 10 | |
d53f9203 MC |
11 | *) Segmentation fault in ASN1_TYPE_cmp fix |
12 | ||
13 | The function ASN1_TYPE_cmp will crash with an invalid read if an attempt is | |
14 | made to compare ASN.1 boolean types. Since ASN1_TYPE_cmp is used to check | |
15 | certificate signature algorithm consistency this can be used to crash any | |
16 | certificate verification operation and exploited in a DoS attack. Any | |
17 | application which performs certificate verification is vulnerable including | |
18 | OpenSSL clients and servers which enable client authentication. | |
19 | (CVE-2015-0286) | |
20 | [Stephen Henson] | |
21 | ||
22 | *) ASN.1 structure reuse memory corruption fix | |
23 | ||
24 | Reusing a structure in ASN.1 parsing may allow an attacker to cause | |
25 | memory corruption via an invalid write. Such reuse is and has been | |
26 | strongly discouraged and is believed to be rare. | |
27 | ||
28 | Applications that parse structures containing CHOICE or ANY DEFINED BY | |
29 | components may be affected. Certificate parsing (d2i_X509 and related | |
30 | functions) are however not affected. OpenSSL clients and servers are | |
31 | not affected. | |
32 | (CVE-2015-0287) | |
33 | [Stephen Henson] | |
34 | ||
35 | *) PKCS7 NULL pointer dereferences fix | |
36 | ||
37 | The PKCS#7 parsing code does not handle missing outer ContentInfo | |
38 | correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs with | |
39 | missing content and trigger a NULL pointer dereference on parsing. | |
40 | ||
41 | Applications that verify PKCS#7 signatures, decrypt PKCS#7 data or | |
42 | otherwise parse PKCS#7 structures from untrusted sources are | |
43 | affected. OpenSSL clients and servers are not affected. | |
44 | ||
45 | This issue was reported to OpenSSL by Michal Zalewski (Google). | |
46 | (CVE-2015-0289) | |
47 |