The branch master has been updated via 6d223568b215ccb0c297a1ea8761f00b2b470473 (commit) from 50b169440002898052ea41e9a9393ed41a68e7b2 (commit)
- Log ----------------------------------------------------------------- commit 6d223568b215ccb0c297a1ea8761f00b2b470473 Author: Matt Caswell <m...@openssl.org> Date: Mon Sep 26 11:01:35 2016 +0100 Update website for new release ----------------------------------------------------------------------- Summary of changes: news/newsflash.txt | 3 +++ news/secadv/20160926.txt | 60 ++++++++++++++++++++++++++++++++++++++++++++++++ news/vulnerabilities.xml | 37 ++++++++++++++++++++++++++++- 3 files changed, 99 insertions(+), 1 deletion(-) create mode 100644 news/secadv/20160926.txt diff --git a/news/newsflash.txt b/news/newsflash.txt index 6eb393c..e10aef8 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -4,6 +4,9 @@ # Format is two fields, colon-separated; the first line is the column # headings. URL paths must all be absolute. Date: Item +26-Sep-2016: <a href="/news/secadv/20160926.txt">Security Advisory</a>: Two security fixes +26-Sep-2016: OpenSSL 1.1.0b is now available, including a security fix +26-Sep-2016: OpenSSL 1.0.2j is now available, including a security fix 22-Sep-2016: <a href="/news/secadv/20160922.txt">Security Advisory</a>: several security fixes 22-Sep-2016: OpenSSL 1.1.0a is now available, including bug and security fixes 22-Sep-2016: OpenSSL 1.0.2i is now available, including bug and security fixes diff --git a/news/secadv/20160926.txt b/news/secadv/20160926.txt new file mode 100644 index 0000000..467a119 --- /dev/null +++ b/news/secadv/20160926.txt @@ -0,0 +1,60 @@ + +OpenSSL Security Advisory [26 Sep 2016] +======================================== + +This security update addresses issues that were caused by patches +included in our previous security update, released on 22nd September +2016. Given the Critical severity of one of these flaws we have +chosen to release this advisory immediately to prevent upgrades to the +affected version, rather than delaying in order to provide our usual +public pre-notification. + + +Fix Use After Free for large message sizes (CVE-2016-6309) +========================================================== + +Severity: Critical + +This issue only affects OpenSSL 1.1.0a, released on 22nd September 2016. + +The patch applied to address CVE-2016-6307 resulted in an issue where if a +message larger than approx 16k is received then the underlying buffer to store +the incoming message is reallocated and moved. Unfortunately a dangling pointer +to the old location is left which results in an attempt to write to the +previously freed location. This is likely to result in a crash, however it +could potentially lead to execution of arbitrary code. + +OpenSSL 1.1.0 users should upgrade to 1.1.0b + +This issue was reported to OpenSSL on 23rd September 2016 by Robert +Święcki (Google Security Team), and was found using honggfuzz. The fix +was developed by Matt Caswell of the OpenSSL development team. + +Missing CRL sanity check (CVE-2016-7052) +======================================== + +Severity: Moderate + +This issue only affects OpenSSL 1.0.2i, released on 22nd September 2016. + +A bug fix which included a CRL sanity check was added to OpenSSL 1.1.0 +but was omitted from OpenSSL 1.0.2i. As a result any attempt to use +CRLs in OpenSSL 1.0.2i will crash with a null pointer exception. + +OpenSSL 1.0.2i users should upgrade to 1.0.2j + +The issue was reported to OpenSSL on 22nd September 2016 by Bruce Stephens and +Thomas Jakobi. The fix was developed by Matt Caswell of the OpenSSL development +team. + +References +========== + +URL for this Security Advisory: +https://www.openssl.org/news/secadv/20160926.txt + +Note: the online version of the advisory may be updated with additional details +over time. + +For details of OpenSSL severity classifications please see: +https://www.openssl.org/policies/secpolicy.html diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml index f9b4a5d..e53c367 100644 --- a/news/vulnerabilities.xml +++ b/news/vulnerabilities.xml @@ -5,7 +5,42 @@ 1.0.0 on 20100329 --> -<security updated="20160922"> +<security updated="20160926"> + <issue public="20160926"> + <impact severity="Critical"/> + <cve name="2016-6309"/> + <affects base="1.1.0" version="1.1.0a"/> + <fixed base="1.1.0" version="1.1.0b" date="20160926"/> + + <description> + This issue only affects OpenSSL 1.1.0a, released on 22nd September 2016. + + The patch applied to address CVE-2016-6307 resulted in an issue where if a + message larger than approx 16k is received then the underlying buffer to store + the incoming message is reallocated and moved. Unfortunately a dangling pointer + to the old location is left which results in an attempt to write to the + previously freed location. This is likely to result in a crash, however it + could potentially lead to execution of arbitrary code. + </description> + <advisory url="/news/secadv/20160926.txt"/> + <reported source="Robert Święcki (Google Security Team)"/> + </issue> + <issue public="20160926"> + <impact severity="Moderate"/> + <cve name="2016-7052"/> + <affects base="1.0.2" version="1.0.2i"/> + <fixed base="1.0.2" version="1.0.2j" date="20160926"/> + + <description> + This issue only affects OpenSSL 1.0.2i, released on 22nd September 2016. + + A bug fix which included a CRL sanity check was added to OpenSSL 1.1.0 + but was omitted from OpenSSL 1.0.2i. As a result any attempt to use + CRLs in OpenSSL 1.0.2i will crash with a null pointer exception. + </description> + <advisory url="/news/secadv/20160926.txt"/> + <reported source="Bruce Stephens and Thomas Jakobi"/> + </issue> <issue public="20160922"> <impact severity="High"/> <cve name="2016-6304"/> _____ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits