Skip to content
  1. Mar 19, 2015
    • Matt Caswell's avatar
      Fix DHE Null CKE vulnerability · b19d8143
      Matt Caswell authored
      
      
      If client auth is used then a server can seg fault in the event of a DHE
      cipher being used and a zero length ClientKeyExchange message being sent
      by the client. This could be exploited in a DoS attack.
      
      CVE-2015-1787
      
      Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
      b19d8143
    • Dr. Stephen Henson's avatar
      Fix for CVE-2015-0291 · 76343947
      Dr. Stephen Henson authored
      
      
      If a client renegotiates using an invalid signature algorithms extension
      it will crash a server with a NULL pointer dereference.
      
      Thanks to David Ramos of Stanford University for reporting this bug.
      
      CVE-2015-0291
      
      Reviewed-by: default avatarTim Hudson <tjh@openssl.org>
      
      Conflicts:
      	ssl/t1_lib.c
      76343947
    • Dr. Stephen Henson's avatar
      Reject invalid PSS parameters. · 4b22cce3
      Dr. Stephen Henson authored
      
      
      Fix a bug where invalid PSS parameters are not rejected resulting in a
      NULL pointer exception. This can be triggered during certificate
      verification so could be a DoS attack against a client or a server
      enabling client authentication.
      
      Thanks to Brian Carpenter for reporting this issues.
      
      CVE-2015-0208
      
      Reviewed-by: default avatarTim Hudson <tjh@openssl.org>
      4b22cce3
    • Dr. Stephen Henson's avatar
      Free up ADB and CHOICE if already initialised. · b717b083
      Dr. Stephen Henson authored
      
      
      CVE-2015-0287
      
      Reviewed-by: default avatarTim Hudson <tjh@openssl.org>
      Reviewed-by: default avatarEmilia Käsper <emilia@openssl.org>
      b717b083
    • Matt Caswell's avatar
      Fix Seg fault in DTLSv1_listen · 81941811
      Matt Caswell authored
      
      
      The DTLSv1_listen function is intended to be stateless and processes
      the initial ClientHello from many peers. It is common for user code to
      loop over the call to DTLSv1_listen until a valid ClientHello is received
      with an associated cookie. A defect in the implementation of DTLSv1_listen
      means that state is preserved in the SSL object from one invokation to the
      next that can lead to a segmentation fault. Erorrs processing the initial
      ClientHello can trigger this scenario. An example of such an error could
      be that a DTLS1.0 only client is attempting to connect to a DTLS1.2 only
      server.
      
      CVE-2015-0207
      
      Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
      81941811
    • Matt Caswell's avatar
      Multiblock corrupted pointer fix · 77c77f0a
      Matt Caswell authored
      
      
      OpenSSL 1.0.2 introduced the "multiblock" performance improvement. This
      feature only applies on 64 bit x86 architecture platforms that support AES
      NI instructions. A defect in the implementation of "multiblock" can cause
      OpenSSL's internal write buffer to become incorrectly set to NULL when
      using non-blocking IO. Typically, when the user application is using a
      socket BIO for writing, this will only result in a failed connection.
      However if some other BIO is used then it is likely that a segmentation
      fault will be triggered, thus enabling a potential DoS attack.
      
      CVE-2015-0290
      
      Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
      Reviewed-by: default avatarAndy Polyakov <appro@openssl.org>
      77c77f0a
  2. Mar 18, 2015
  3. Mar 17, 2015
  4. Mar 15, 2015
  5. Mar 14, 2015
  6. Mar 12, 2015
  7. Mar 11, 2015
  8. Mar 10, 2015
    • Emilia Kasper's avatar
      Harmonize return values in dtls1_buffer_record · 0c14565c
      Emilia Kasper authored
      
      
      Ensure all malloc failures return -1.
      
      Reported by Adam Langley (Google).
      
      Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
      (cherry picked from commit 06c6a2b4)
      0c14565c
    • Richard Godbee's avatar
      BIO_debug_callback: Fix output on 64-bit machines · 5a9e9669
      Richard Godbee authored
      
      
      BIO_debug_callback() no longer assumes the hexadecimal representation of
      a pointer fits in 8 characters.
      
      Signed-off-by: default avatarRichard Levitte <levitte@openssl.org>
      Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
      (cherry picked from commit 460e920d)
      5a9e9669
    • Matt Caswell's avatar
      Prevent handshake with unseeded PRNG · 2b31fcc0
      Matt Caswell authored
      
      
      Fix security issue where under certain conditions a client can complete a
      handshake with an unseeded PRNG. The conditions are:
      - Client is on a platform where the PRNG has not been seeded, and the
      user has not seeded manually
      - A protocol specific client method version has been used (i.e. not
      SSL_client_methodv23)
      - A ciphersuite is used that does not require additional random data
      from the PRNG beyond the initial ClientHello client random
      (e.g. PSK-RC4-SHA)
      
      If the handshake succeeds then the client random that has been used will
      have been generated from a PRNG with insufficient entropy and therefore
      the output may be predictable.
      
      For example using the following command with an unseeded openssl will
      succeed on an unpatched platform:
      
      openssl s_client -psk 1a2b3c4d -tls1_2 -cipher PSK-RC4-SHA
      
      CVE-2015-0285
      
      Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
      (cherry picked from commit e1b568dd)
      2b31fcc0
  9. Mar 09, 2015
  10. Mar 08, 2015