From: Eugene Syromiatnikov Date: Tue, 10 Mar 2026 10:41:18 +0000 (+0100) Subject: CHANGES.md, NEWS.md: picking up changes from 3.6.1 X-Git-Tag: openssl-4.0.0-alpha1~3 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=8f235186544809bcdab4dfe79b871eb6dc3daefd;p=thirdparty%2Fopenssl.git CHANGES.md, NEWS.md: picking up changes from 3.6.1 Since it has been released before 4.0.0-alpha1. Signed-off-by: Eugene Syromiatnikov Reviewed-by: Tomas Mraz Reviewed-by: Nikola Pajkovsky Reviewed-by: Neil Horman MergeDate: Tue Mar 10 13:39:37 2026 (Merged from https://github.com/openssl/openssl/pull/30338) --- diff --git a/CHANGES.md b/CHANGES.md index 8967a28a2ae..c6b1975defb 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -501,6 +501,272 @@ OpenSSL Releases OpenSSL 3.6 ----------- +### Changes between 3.6.0 and 3.6.1 [27 Jan 2026] + + * Fixed Improper validation of PBMAC1 parameters in PKCS#12 MAC verification. + + Severity: Moderate + + Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation + which can trigger a stack-based buffer overflow, invalid pointer or NULL + pointer dereference during MAC verification. + + Impact summary: The stack buffer overflow or NULL pointer dereference may + cause a crash leading to Denial of Service for an application that parses + untrusted PKCS#12 files. The buffer overflow may also potentially enable + code execution depending on platform mitigations. + + Reported by: Stanislav Fort (Aisle Research) and Petr Šimeček (Aisle + Research) and Hamza (Metadust) + + ([CVE-2025-11187]) + + *Tomáš Mráz* + + * Fixed Stack buffer overflow in CMS `AuthEnvelopedData` parsing. + + Severity: High + + Issue summary: Parsing CMS `AuthEnvelopedData` message with maliciously + crafted AEAD parameters can trigger a stack buffer overflow. + + Impact summary: A stack buffer overflow may lead to a crash, causing Denial + of Service, or potentially remote code execution. + + Reported by: Stanislav Fort (Aisle Research) + + ([CVE-2025-15467]) + + *Igor Ustinov* + + * Fixed NULL dereference in `SSL_CIPHER_find()` function on unknown cipher ID. + + Severity: Low + + Issue summary: If an application using the `SSL_CIPHER_find()` function + in a QUIC protocol client or server receives an unknown cipher suite from + the peer, a NULL dereference occurs. + + Impact summary: A NULL pointer dereference leads to abnormal termination + of the running process causing Denial of Service. + + Reported by: Stanislav Fort (Aisle Research) + + ([CVE-2025-15468]) + + *Stanislav Fort* + + * Fixed `openssl dgst` one-shot codepath silently truncates inputs >16 MiB. + + Severity: Low + + Issue summary: The `openssl dgst` command-line tool silently truncates input + data to 16 MiB when using one-shot signing algorithms and reports success + instead of an error. + + Impact summary: A user signing or verifying files larger than 16 MiB with + one-shot algorithms (such as Ed25519, Ed448, or ML-DSA) may believe the + entire file is authenticated while trailing data beyond 16 MiB remains + unauthenticated. + + Reported by: Stanislav Fort (Aisle Research) + + ([CVE-2025-15469]) + + *Viktor Dukhovni* + + * Fixed TLS 1.3 `CompressedCertificate` excessive memory allocation. + + Severity: Low + + Issue summary: A TLS 1.3 connection using certificate compression can be + forced to allocate a large buffer before decompression without checking + against the configured certificate size limit. + + Impact summary: An attacker can cause per-connection memory allocations + of up to approximately 22 MiB and extra CPU work, potentially leading + to service degradation or resource exhaustion (Denial of Service). + + Reported by: Tomas Dulka (Aisle Research) and Stanislav Fort (Aisle + Research) + + ([CVE-2025-66199]) + + *Tomas Dulka and Stanislav Fort* + + * Fixed Heap out-of-bounds write in `BIO_f_linebuffer` on short writes. + + Severity: Low + + Issue summary: Writing large, newline-free data into a BIO chain using the + line-buffering filter where the next BIO performs short writes can trigger + a heap-based out-of-bounds write. + + Impact summary: This out-of-bounds write can cause memory corruption + which typically results in a crash, leading to Denial of Service for + an application. + + Reported by: Petr Simecek (Aisle Research) and Stanislav Fort (Aisle + Research) + + ([CVE-2025-68160]) + + *Stanislav Fort and Neil Horman* + + * Fixed Unauthenticated/unencrypted trailing bytes with low-level OCB + function calls. + + Severity: Low + + Issue summary: When using the low-level OCB API directly with AES-NI or + other hardware-accelerated code paths, inputs whose length is not a multiple + of 16 bytes can leave the final partial block unencrypted and + unauthenticated. + + Impact summary: The trailing 1-15 bytes of a message may be exposed in + cleartext on encryption and are not covered by the authentication tag, + allowing an attacker to read or tamper with those bytes without detection. + + Reported by: Stanislav Fort (Aisle Research) + + ([CVE-2025-69418]) + + *Stanislav Fort* + + * Fixed Out of bounds write in `PKCS12_get_friendlyname()` UTF-8 conversion. + + Severity: Low + + Issue summary: Calling `PKCS12_get_friendlyname()` function on a maliciously + crafted PKCS#12 file with a `BMPString` (UTF-16BE) friendly name containing + non-ASCII BMP code point can trigger a one byte write before the allocated + buffer. + + Impact summary: The out-of-bounds write can cause a memory corruption + which can have various consequences including a Denial of Service. + + Reported by: Stanislav Fort (Aisle Research) + + ([CVE-2025-69419]) + + *Norbert Pócs* + + * Fixed Missing `ASN1_TYPE` validation in `TS_RESP_verify_response()` function. + + Severity: Low + + Issue summary: A type confusion vulnerability exists in the TimeStamp + Response verification code where an `ASN1_TYPE` union member is accessed + without first validating the type, causing an invalid or NULL pointer + dereference when processing a malformed `TimeStamp` Response file. + + Impact summary: An application calling `TS_RESP_verify_response()` + with a malformed TimeStamp Response can be caused to dereference an invalid + or NULL pointer when reading, resulting in a Denial of Service. + + Reported by: Luigino Camastra (Aisle Research) + + ([CVE-2025-69420]) + + *Bob Beck* + + * Fixed NULL Pointer Dereference in `PKCS12_item_decrypt_d2i_ex()` function. + + Severity: Low + + Issue summary: Processing a malformed PKCS#12 file can trigger a NULL + pointer dereference in the `PKCS12_item_decrypt_d2i_ex()` function. + + Impact summary: A NULL pointer dereference can trigger a crash which leads + to Denial of Service for an application processing PKCS#12 files. + + Reported by: Luigino Camastra (Aisle Research) + + ([CVE-2025-69421]) + + *Luigino Camastra* + + * Fixed Missing `ASN1_TYPE` validation in PKCS#12 parsing. + + Severity: Low + + Issue summary: An invalid or NULL pointer dereference can happen in + an application processing a malformed PKCS#12 file. + + Impact summary: An application processing a malformed PKCS#12 file can be + caused to dereference an invalid or NULL pointer on memory read, resulting + in a Denial of Service. + + Reported by: Luigino Camastra (Aisle Research) + + ([CVE-2026-22795]) + + *Bob Beck* + + * Fixed `ASN1_TYPE` Type Confusion in the `PKCS7_digest_from_attributes()` + function. + + Severity: Low + + Issue summary: A type confusion vulnerability exists in the signature + verification of signed PKCS#7 data where an `ASN1_TYPE` union member + is accessed without first validating the type, causing an invalid or NULL + pointer dereference when processing malformed PKCS#7 data. + + Impact summary: An application performing signature verification of PKCS#7 + data or calling directly the `PKCS7_digest_from_attributes()` function can be + caused to dereference an invalid or NULL pointer when reading, resulting in + a Denial of Service. + + Reported by: Luigino Camastra (Aisle Research) + + ([CVE-2026-22796]) + + *Bob Beck* + + * RISC-V capabilities string format has changed to include the base + architecture and the vector length for the V extension. + + + *Bernd Edlinger* + + * Fixed a regression in `X509_V_FLAG_CRL_CHECK_ALL` flag handling by restoring + its pre-3.6.0 behaviour of being ignored when `X509_V_FLAG_CRL_CHECK` flag + is not set, and no longer implying the latter flag instead. + + + *Carter Thaxton* + + * Fixed a regression that caused generation of empty stapled OCSP responses + when at least one certificate in the certificate chain had a stapled OCSP + response present, causing handshake failures for OpenSSL 3.6.0 servers + with various client implementations, including GnuTLS and BoringSSL. + + + *Martin Rauch* + + * Fixed exit code of `openssl x509` command with `-checkend` option in use. + + + *Stefan Rieche* + + * Fixed incorrect acceptance of some malformed ECDSA signatures on s390x. + + + *Holger Dengler* + + * Source code has been reformatted with `clang-format`. + + + *Bob Beck* + + * Reverted a change in behaviour of the single stapled OCSP response API + with respect to the ownership of the OCSP response object that caused + a memory leak. + + + *Remi Gacogne and Tomáš Mráz* + ### Changes between 3.5 and 3.6.0 [1 Oct 2025] * Added support for `EVP_SKEY` opaque symmetric key objects to the key @@ -22266,6 +22532,18 @@ ndif [CVE-2025-9230]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-9230 [CVE-2025-9231]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-9231 [CVE-2025-9232]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-9232 +[CVE-2025-11187]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-11187 +[CVE-2025-15467]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-15467 +[CVE-2025-15468]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-15468 +[CVE-2025-15469]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-15469 +[CVE-2025-66199]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-66199 +[CVE-2025-68160]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-68160 +[CVE-2025-69418]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-69418 +[CVE-2025-69419]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-69419 +[CVE-2025-69420]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-69420 +[CVE-2025-69421]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-69421 +[CVE-2026-22795]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-22795 +[CVE-2026-22796]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-22796 [ESV]: https://csrc.nist.gov/Projects/cryptographic-module-validation-program/entropy-validations [RFC 2578 (STD 58), section 3.5]: https://datatracker.ietf.org/doc/html/rfc2578#section-3.5 [RFC 7919]: https://datatracker.ietf.org/doc/html/rfc7919 diff --git a/NEWS.md b/NEWS.md index 95a85814eb0..296b04b3b48 100644 --- a/NEWS.md +++ b/NEWS.md @@ -116,6 +116,58 @@ This release adds the following new features: OpenSSL 3.6 ----------- +### Major changes between OpenSSL 3.6.0 and OpenSSL 3.6.1 [27 Jan 2026] + +OpenSSL 3.6.1 is a security patch release. The most severe CVE fixed in this +release is High. + +This release incorporates the following bug fixes and mitigations: + + * Fixed Improper validation of PBMAC1 parameters in PKCS#12 MAC verification. + ([CVE-2025-11187]) + + * Fixed Stack buffer overflow in CMS `AuthEnvelopedData` parsing. + ([CVE-2025-15467]) + + * Fixed NULL dereference in `SSL_CIPHER_find()` function on unknown cipher ID. + ([CVE-2025-15468]) + + * Fixed `openssl dgst` one-shot codepath silently truncates inputs >16 MiB. + ([CVE-2025-15469]) + + * Fixed TLS 1.3 `CompressedCertificate` excessive memory allocation. + ([CVE-2025-66199]) + + * Fixed Heap out-of-bounds write in `BIO_f_linebuffer` on short writes. + ([CVE-2025-68160]) + + * Fixed Unauthenticated/unencrypted trailing bytes with low-level OCB + function calls. + ([CVE-2025-69418]) + + * Fixed Out of bounds write in `PKCS12_get_friendlyname()` UTF-8 conversion. + ([CVE-2025-69419]) + + * Fixed Missing `ASN1_TYPE` validation in `TS_RESP_verify_response()` + function. + ([CVE-2025-69420]) + + * Fixed NULL Pointer Dereference in `PKCS12_item_decrypt_d2i_ex()` function. + ([CVE-2025-69421]) + + * Fixed Missing `ASN1_TYPE` validation in PKCS#12 parsing. + ([CVE-2026-22795]) + + * Fixed `ASN1_TYPE` Type Confusion in the `PKCS7_digest_from_attributes()` + function. + ([CVE-2026-22796]) + + * Fixed a regression in `X509_V_FLAG_CRL_CHECK_ALL` flag handling by + restoring its pre-3.6.0 behaviour. + + * Fixed a regression in handling stapled OCSP responses causing handshake + failures for OpenSSL 3.6.0 servers with various client implementations. + ### Major changes between OpenSSL 3.5 and OpenSSL 3.6 [under development] OpenSSL 3.6.0 is a feature release adding significant new functionality @@ -2249,6 +2301,18 @@ OpenSSL 0.9.x [CVE-2025-9230]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-9230 [CVE-2025-9231]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-9231 [CVE-2025-9232]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-9232 +[CVE-2025-11187]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-11187 +[CVE-2025-15467]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-15467 +[CVE-2025-15468]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-15468 +[CVE-2025-15469]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-15469 +[CVE-2025-66199]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-66199 +[CVE-2025-68160]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-68160 +[CVE-2025-69418]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-69418 +[CVE-2025-69419]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-69419 +[CVE-2025-69420]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-69420 +[CVE-2025-69421]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-69421 +[CVE-2026-22795]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-22795 +[CVE-2026-22796]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-22796 [ESV]: https://csrc.nist.gov/Projects/cryptographic-module-validation-program/entropy-validations [OpenSSL Guide]: https://docs.openssl.org/master/man7/ossl-guide-introduction [README-QUIC.md]: ./README-QUIC.md