The branch OpenSSL_1_1_0-stable has been updated via d38234550ec4cdf10048dd26539d629cca7d6bcf (commit) from 78617373f2af1b735e66501a799969248251c54b (commit)
- Log ----------------------------------------------------------------- commit d38234550ec4cdf10048dd26539d629cca7d6bcf Author: Matt Caswell <m...@openssl.org> Date: Tue Sep 10 10:26:07 2019 +0100 Update CHANGES and NEWS for the new release Reviewed-by: Paul Dale <paul.d...@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9842) ----------------------------------------------------------------------- Summary of changes: CHANGES | 12 ++++++++++++ NEWS | 8 +++++++- 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index 3277a0dbd4..b4400d20cc 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,18 @@ Changes between 1.1.0k and 1.1.0l [xx XXX xxxx] + *) Fixed a padding oracle in PKCS7_decrypt() and CMS_decrypt(). In situations + where an attacker receives automated notification of the success or failure + of a decryption attempt an attacker, after sending a very large number of + messages to be decrypted, can recover a CMS/PKCS7 transported encryption + key or decrypt any RSA encrypted message that was encrypted with the public + RSA key, using a Bleichenbacher padding oracle attack. Applications are not + affected if they use a certificate together with the private RSA key to the + CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info + to decrypt. + (CVE-2019-1563) + [Bernd Edlinger] + *) For built-in EC curves, ensure an EC_GROUP built from the curve name is used even when parsing explicit parameters, when loading a serialized key or calling `EC_GROUP_new_from_ecpkparameters()`/ diff --git a/NEWS b/NEWS index a27090521b..3d6d5a6f23 100644 --- a/NEWS +++ b/NEWS @@ -7,7 +7,13 @@ Major changes between OpenSSL 1.1.0k and OpenSSL 1.1.0l [under development] - o + o Fixed a padding oracle in PKCS7_decrypt() and CMS_decrypt() + (CVE-2019-1563) + o For built-in EC curves, ensure an EC_GROUP built from the curve name is + used even when parsing explicit parameters + o Compute ECC cofactors if not provided during EC_GROUP construction + (CVE-2019-1547) + o Use Windows installation paths in the mingw builds (CVE-2019-1552) Major changes between OpenSSL 1.1.0j and OpenSSL 1.1.0k [28 May 2019]