Skip to content
  1. Mar 19, 2015
    • Matt Caswell's avatar
      Remove overlapping CHANGES/NEWS entries · d6e903d1
      Matt Caswell authored
      
      
      Remove entries from CHANGES and NEWS from letter releases that occur *after*
      the next point release. Without this we get duplicate entries for the same
      issue appearing multiple times.
      
      Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
      d6e903d1
    • Emilia Kasper's avatar
      Fix reachable assert in SSLv2 servers. · 86f8fb0e
      Emilia Kasper authored
      
      
      This assert is reachable for servers that support SSLv2 and export ciphers.
      Therefore, such servers can be DoSed by sending a specially crafted
      SSLv2 CLIENT-MASTER-KEY.
      
      Also fix s2_srvr.c to error out early if the key lengths are malformed.
      These lengths are sent unencrypted, so this does not introduce an oracle.
      
      CVE-2015-0293
      
      This issue was discovered by Sean Burford (Google) and Emilia Käsper of
      the OpenSSL development team.
      
      Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
      Reviewed-by: default avatarTim Hudson <tjh@openssl.org>
      86f8fb0e
    • Emilia Kasper's avatar
      PKCS#7: avoid NULL pointer dereferences with missing content · c0334c2c
      Emilia Kasper authored
      
      
      In PKCS#7, the ASN.1 content component is optional.
      This typically applies to inner content (detached signatures),
      however we must also handle unexpected missing outer content
      correctly.
      
      This patch only addresses functions reachable from parsing,
      decryption and verification, and functions otherwise associated
      with reading potentially untrusted data.
      
      Correcting all low-level API calls requires further work.
      
      CVE-2015-0289
      
      Thanks to Michal Zalewski (Google) for reporting this issue.
      
      Reviewed-by: default avatarSteve Henson <steve@openssl.org>
      c0334c2c
    • Dr. Stephen Henson's avatar
      Fix ASN1_TYPE_cmp · c3c7fb07
      Dr. Stephen Henson authored
      
      
      Fix segmentation violation when ASN1_TYPE_cmp is passed a boolean type. This
      can be triggered during certificate verification so could be a DoS attack
      against a client or a server enabling client authentication.
      
      CVE-2015-0286
      
      Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
      c3c7fb07
    • Matt Caswell's avatar
      Fix DHE Null CKE vulnerability · b19d8143
      Matt Caswell authored
      
      
      If client auth is used then a server can seg fault in the event of a DHE
      cipher being used and a zero length ClientKeyExchange message being sent
      by the client. This could be exploited in a DoS attack.
      
      CVE-2015-1787
      
      Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
      b19d8143
    • Dr. Stephen Henson's avatar
      Fix for CVE-2015-0291 · 76343947
      Dr. Stephen Henson authored
      
      
      If a client renegotiates using an invalid signature algorithms extension
      it will crash a server with a NULL pointer dereference.
      
      Thanks to David Ramos of Stanford University for reporting this bug.
      
      CVE-2015-0291
      
      Reviewed-by: default avatarTim Hudson <tjh@openssl.org>
      
      Conflicts:
      	ssl/t1_lib.c
      76343947
    • Dr. Stephen Henson's avatar
      Reject invalid PSS parameters. · 4b22cce3
      Dr. Stephen Henson authored
      
      
      Fix a bug where invalid PSS parameters are not rejected resulting in a
      NULL pointer exception. This can be triggered during certificate
      verification so could be a DoS attack against a client or a server
      enabling client authentication.
      
      Thanks to Brian Carpenter for reporting this issues.
      
      CVE-2015-0208
      
      Reviewed-by: default avatarTim Hudson <tjh@openssl.org>
      4b22cce3
    • Dr. Stephen Henson's avatar
      Free up ADB and CHOICE if already initialised. · b717b083
      Dr. Stephen Henson authored
      
      
      CVE-2015-0287
      
      Reviewed-by: default avatarTim Hudson <tjh@openssl.org>
      Reviewed-by: default avatarEmilia Käsper <emilia@openssl.org>
      b717b083
    • Matt Caswell's avatar
      Fix Seg fault in DTLSv1_listen · 81941811
      Matt Caswell authored
      
      
      The DTLSv1_listen function is intended to be stateless and processes
      the initial ClientHello from many peers. It is common for user code to
      loop over the call to DTLSv1_listen until a valid ClientHello is received
      with an associated cookie. A defect in the implementation of DTLSv1_listen
      means that state is preserved in the SSL object from one invokation to the
      next that can lead to a segmentation fault. Erorrs processing the initial
      ClientHello can trigger this scenario. An example of such an error could
      be that a DTLS1.0 only client is attempting to connect to a DTLS1.2 only
      server.
      
      CVE-2015-0207
      
      Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
      81941811
    • Matt Caswell's avatar
      Multiblock corrupted pointer fix · 77c77f0a
      Matt Caswell authored
      
      
      OpenSSL 1.0.2 introduced the "multiblock" performance improvement. This
      feature only applies on 64 bit x86 architecture platforms that support AES
      NI instructions. A defect in the implementation of "multiblock" can cause
      OpenSSL's internal write buffer to become incorrectly set to NULL when
      using non-blocking IO. Typically, when the user application is using a
      socket BIO for writing, this will only result in a failed connection.
      However if some other BIO is used then it is likely that a segmentation
      fault will be triggered, thus enabling a potential DoS attack.
      
      CVE-2015-0290
      
      Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
      Reviewed-by: default avatarAndy Polyakov <appro@openssl.org>
      77c77f0a
  2. Mar 18, 2015
  3. Mar 17, 2015
  4. Mar 15, 2015
  5. Mar 14, 2015
  6. Mar 12, 2015
  7. Mar 11, 2015
  8. Mar 10, 2015
    • Emilia Kasper's avatar
      Harmonize return values in dtls1_buffer_record · 0c14565c
      Emilia Kasper authored
      
      
      Ensure all malloc failures return -1.
      
      Reported by Adam Langley (Google).
      
      Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
      (cherry picked from commit 06c6a2b4)
      0c14565c
    • Richard Godbee's avatar
      BIO_debug_callback: Fix output on 64-bit machines · 5a9e9669
      Richard Godbee authored
      
      
      BIO_debug_callback() no longer assumes the hexadecimal representation of
      a pointer fits in 8 characters.
      
      Signed-off-by: default avatarRichard Levitte <levitte@openssl.org>
      Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
      (cherry picked from commit 460e920d)
      5a9e9669
    • Matt Caswell's avatar
      Prevent handshake with unseeded PRNG · 2b31fcc0
      Matt Caswell authored
      
      
      Fix security issue where under certain conditions a client can complete a
      handshake with an unseeded PRNG. The conditions are:
      - Client is on a platform where the PRNG has not been seeded, and the
      user has not seeded manually
      - A protocol specific client method version has been used (i.e. not
      SSL_client_methodv23)
      - A ciphersuite is used that does not require additional random data
      from the PRNG beyond the initial ClientHello client random
      (e.g. PSK-RC4-SHA)
      
      If the handshake succeeds then the client random that has been used will
      have been generated from a PRNG with insufficient entropy and therefore
      the output may be predictable.
      
      For example using the following command with an unseeded openssl will
      succeed on an unpatched platform:
      
      openssl s_client -psk 1a2b3c4d -tls1_2 -cipher PSK-RC4-SHA
      
      CVE-2015-0285
      
      Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
      (cherry picked from commit e1b568dd)
      2b31fcc0
  9. Mar 09, 2015