path: root/CHANGES
diff options
authorJung-uk Kim <jkim@FreeBSD.org>2014-10-15 17:32:57 +0000
committerJung-uk Kim <jkim@FreeBSD.org>2014-10-15 17:32:57 +0000
commit58ab7656b2c140e06d60a7831a9f5b6e1ddc2fe5 (patch)
tree6195ffd39cd3e0b3d6c711f6531b3e7e13b85b44 /CHANGES
parentcb6864802ed26a1031701a6a385961592a5cac25 (diff)
Import OpenSSL 1.0.1j.vendor/openssl/1.0.1j
Notes: svn path=/vendor-crypto/openssl/dist/; revision=273138 svn path=/vendor-crypto/openssl/1.0.1j/; revision=273139; tag=vendor/openssl/1.0.1j
Diffstat (limited to 'CHANGES')
1 files changed, 51 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index 064c1d9ded48..277b46f17c0d 100644
@@ -2,6 +2,57 @@
+ Changes between 1.0.1i and 1.0.1j [15 Oct 2014]
+ *) SRTP Memory Leak.
+ A flaw in the DTLS SRTP extension parsing code allows an attacker, who
+ sends a carefully crafted handshake message, to cause OpenSSL to fail
+ to free up to 64k of memory causing a memory leak. This could be
+ exploited in a Denial Of Service attack. This issue affects OpenSSL
+ 1.0.1 server implementations for both SSL/TLS and DTLS regardless of
+ whether SRTP is used or configured. Implementations of OpenSSL that
+ have been compiled with OPENSSL_NO_SRTP defined are not affected.
+ The fix was developed by the OpenSSL team.
+ (CVE-2014-3513)
+ [OpenSSL team]
+ *) Session Ticket Memory Leak.
+ When an OpenSSL SSL/TLS/DTLS server receives a session ticket the
+ integrity of that ticket is first verified. In the event of a session
+ ticket integrity check failing, OpenSSL will fail to free memory
+ causing a memory leak. By sending a large number of invalid session
+ tickets an attacker could exploit this issue in a Denial Of Service
+ attack.
+ (CVE-2014-3567)
+ [Steve Henson]
+ *) Build option no-ssl3 is incomplete.
+ When OpenSSL is configured with "no-ssl3" as a build option, servers
+ could accept and complete a SSL 3.0 handshake, and clients could be
+ configured to send them.
+ (CVE-2014-3568)
+ [Akamai and the OpenSSL team]
+ *) Add support for TLS_FALLBACK_SCSV.
+ Client applications doing fallback retries should call
+ (CVE-2014-3566)
+ [Adam Langley, Bodo Moeller]
+ *) Add additional DigestInfo checks.
+ Reencode DigestInto in DER and check against the original when
+ verifying RSA signature: this will reject any improperly encoded
+ DigestInfo structures.
+ Note: this is a precautionary measure and no attacks are currently known.
+ [Steve Henson]
Changes between 1.0.1h and 1.0.1i [6 Aug 2014]
*) Fix SRP buffer overrun vulnerability. Invalid parameters passed to the