[thirdparty/openssl.git] / CHANGES


 OpenSSL CHANGES
 _______________

 Changes between 0.9.8zf and 0.9.8zg [xx XXX xxxx]

  *)

 Changes between 0.9.8ze and 0.9.8zf [19 Mar 2015]

  *) Segmentation fault in ASN1_TYPE_cmp fix

     The function ASN1_TYPE_cmp will crash with an invalid read if an attempt is
     made to compare ASN.1 boolean types. Since ASN1_TYPE_cmp is used to check
     certificate signature algorithm consistency this can be used to crash any
     certificate verification operation and exploited in a DoS attack. Any
     application which performs certificate verification is vulnerable including
     OpenSSL clients and servers which enable client authentication.
     (CVE-2015-0286)
     [Stephen Henson]

  *) ASN.1 structure reuse memory corruption fix

     Reusing a structure in ASN.1 parsing may allow an attacker to cause
     memory corruption via an invalid write. Such reuse is and has been
     strongly discouraged and is believed to be rare.

     Applications that parse structures containing CHOICE or ANY DEFINED BY
     components may be affected. Certificate parsing (d2i_X509 and related
     functions) are however not affected. OpenSSL clients and servers are
     not affected.
     (CVE-2015-0287)
     [Stephen Henson]

  *) PKCS7 NULL pointer dereferences fix

     The PKCS#7 parsing code does not handle missing outer ContentInfo
     correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs with
     missing content and trigger a NULL pointer dereference on parsing.

     Applications that verify PKCS#7 signatures, decrypt PKCS#7 data or
     otherwise parse PKCS#7 structures from untrusted sources are
     affected. OpenSSL clients and servers are not affected.

     This issue was reported to OpenSSL by Michal Zalewski (Google).
     (CVE-2015-0289)
Commit	Line	Data
81a6c781	1
f1c236f8	2	OpenSSL CHANGES
651d0aff RE	3	_______________
651d0aff RE	4
79cc5417 MC	5	Changes between 0.9.8zf and 0.9.8zg [xx XXX xxxx]
	6
	7	*)
	8
db8334be	9	Changes between 0.9.8ze and 0.9.8zf [19 Mar 2015]
ba442a7e	10
d53f9203 MC	11	*) Segmentation fault in ASN1_TYPE_cmp fix
	12
	13	The function ASN1_TYPE_cmp will crash with an invalid read if an attempt is
	14	made to compare ASN.1 boolean types. Since ASN1_TYPE_cmp is used to check
	15	certificate signature algorithm consistency this can be used to crash any
	16	certificate verification operation and exploited in a DoS attack. Any
	17	application which performs certificate verification is vulnerable including
	18	OpenSSL clients and servers which enable client authentication.
	19	(CVE-2015-0286)
	20	[Stephen Henson]
	21
	22	*) ASN.1 structure reuse memory corruption fix
	23
	24	Reusing a structure in ASN.1 parsing may allow an attacker to cause
	25	memory corruption via an invalid write. Such reuse is and has been
	26	strongly discouraged and is believed to be rare.
	27
	28	Applications that parse structures containing CHOICE or ANY DEFINED BY
	29	components may be affected. Certificate parsing (d2i_X509 and related
	30	functions) are however not affected. OpenSSL clients and servers are
	31	not affected.
	32	(CVE-2015-0287)
	33	[Stephen Henson]
	34
	35	*) PKCS7 NULL pointer dereferences fix
	36
	37	The PKCS#7 parsing code does not handle missing outer ContentInfo
	38	correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs with
	39	missing content and trigger a NULL pointer dereference on parsing.
	40
	41	Applications that verify PKCS#7 signatures, decrypt PKCS#7 data or
	42	otherwise parse PKCS#7 structures from untrusted sources are
	43	affected. OpenSSL clients and servers are not affected.
	44
	45	This issue was reported to OpenSSL by Michal Zalewski (Google).
	46	(CVE-2015-0289)
	47