Loading CHANGES +30 −1 Original line number Diff line number Diff line Loading @@ -968,7 +968,36 @@ *) Change 'Configure' script to enable Camellia by default. [NTT] Changes between 0.9.8r and 0.9.8s [xx XXX xxxx] Changes between 0.9.8r and 0.9.8s [4 Jan 2012] *) Nadhem Alfardan and Kenny Paterson have discovered an extension of the Vaudenay padding oracle attack on CBC mode encryption which enables an efficient plaintext recovery attack against the OpenSSL implementation of DTLS. Their attack exploits timing differences arising during decryption processing. A research paper describing this attack can be found at: http://www.isg.rhul.ac.uk/~kp/dtls.pdf Thanks go to Nadhem Alfardan and Kenny Paterson of the Information Security Group at Royal Holloway, University of London (www.isg.rhul.ac.uk) for discovering this flaw and to Robin Seggelmann <seggelmann@fh-muenster.de> and Michael Tuexen <tuexen@fh-muenster.de> for preparing the fix. (CVE-2011-4108) [Robin Seggelmann, Michael Tuexen] *) Stop policy check failure freeing same buffer twice. (CVE-2011-4109) [Ben Laurie, Kasper <ekasper@google.com>] *) Clear bytes used for block padding of SSL 3.0 records. (CVE-2011-4576) [Adam Langley (Google)] *) Only allow one SGC handshake restart for SSL/TLS. (CVE-2011-4619) [Adam Langley (Google)] *) Prevent malformed RFC3779 data triggering an assertion failure. Thanks to Andrew Chi, BBN Technologies, for discovering the flaw and Rob Austein <sra@hactrn.net> for fixing it. (CVE-2011-4577) [Rob Austein <sra@hactrn.net>] *) Fix ssl_ciph.c set-up race. [Adam Langley (Google)] Loading Loading
CHANGES +30 −1 Original line number Diff line number Diff line Loading @@ -968,7 +968,36 @@ *) Change 'Configure' script to enable Camellia by default. [NTT] Changes between 0.9.8r and 0.9.8s [xx XXX xxxx] Changes between 0.9.8r and 0.9.8s [4 Jan 2012] *) Nadhem Alfardan and Kenny Paterson have discovered an extension of the Vaudenay padding oracle attack on CBC mode encryption which enables an efficient plaintext recovery attack against the OpenSSL implementation of DTLS. Their attack exploits timing differences arising during decryption processing. A research paper describing this attack can be found at: http://www.isg.rhul.ac.uk/~kp/dtls.pdf Thanks go to Nadhem Alfardan and Kenny Paterson of the Information Security Group at Royal Holloway, University of London (www.isg.rhul.ac.uk) for discovering this flaw and to Robin Seggelmann <seggelmann@fh-muenster.de> and Michael Tuexen <tuexen@fh-muenster.de> for preparing the fix. (CVE-2011-4108) [Robin Seggelmann, Michael Tuexen] *) Stop policy check failure freeing same buffer twice. (CVE-2011-4109) [Ben Laurie, Kasper <ekasper@google.com>] *) Clear bytes used for block padding of SSL 3.0 records. (CVE-2011-4576) [Adam Langley (Google)] *) Only allow one SGC handshake restart for SSL/TLS. (CVE-2011-4619) [Adam Langley (Google)] *) Prevent malformed RFC3779 data triggering an assertion failure. Thanks to Andrew Chi, BBN Technologies, for discovering the flaw and Rob Austein <sra@hactrn.net> for fixing it. (CVE-2011-4577) [Rob Austein <sra@hactrn.net>] *) Fix ssl_ciph.c set-up race. [Adam Langley (Google)] Loading
