-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL Security Advisory [07 Dec 2017]
Read/write after SSL object in error state (CVE-2017-3737)
==
Severity: Moderate
OpenSSL 1.0.2 (starting
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL Security Advisory [02 Nov 2017]
bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)
==
Severity: Moderate
There is a carry propagating bug in
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL Security Advisory [16 Feb 2017]
Encrypt-Then-Mac renegotiation crash (CVE-2017-3733)
Severity: High
During a renegotiation handshake if the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL Security Advisory [26 Jan 2017]
Truncated packet could crash via OOB read (CVE-2017-3731)
=
Severity: Moderate
If an SSL/TLS server or
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL Security Advisory [10 Nov 2016]
ChaCha20/Poly1305 heap-buffer-overflow (CVE-2016-7054)
==
Severity: High
TLS connections using *-CHACHA20
On 26/09/16 14:16, David Woodhouse wrote:
> On Mon, 2016-09-26 at 10:35 +, OpenSSL wrote:
>
>> Content-Type: text/plain; charset="iso-8859-1"
>
>> This issue was reported to OpenSSL on 23rd September 2016 by Robert Święcki
>
> Found by whom? Welcome to the 21st century... :)
Yes. Sorry
On Mon, 2016-09-26 at 10:35 +, OpenSSL wrote:
> Content-Type: text/plain; charset="iso-8859-1"
> This issue was reported to OpenSSL on 23rd September 2016 by Robert Święcki
Found by whom? Welcome to the 21st century... :)
--
dwmw2
smime.p7s
Description: S/MIME cryptographic signature
-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [26 Sep 2016]
This security update addresses issues that were caused by patches
included in our previous security update, released on 22nd September
2016. Given the Critical
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [22 Sep 2016]
OCSP Status Request extension unbounded memory growth (CVE-2016-6304)
=
Severity: High
A malicious
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [3rd May 2016]
Memory corruption in the ASN.1 encoder (CVE-2016-2108)
==
Severity: High
This issue affected versions of OpenSSL
On Tuesday 01 March 2016 19:50:51 Nounou Dadoun wrote:
> I'm interested in your tlsfuzzer tool (of which this appears to be a
> part), is there a larger test suite available? Is there any
> documentation out there?
> Thanks again .. N
No, for now there isn't one. The plan is to have a full featur
> I am a bit surprised with the following assertion concerning CVE-2016-0798 :
> (Memory leak in SRP database lookups)
> "This issue was discovered on February 23rd 2016..."
Yes, Michel, sorry. You did create a ticket:
https://rt.openssl.org/Ticket/Display.html?id=4172
Thanks for being so go
Hi,
I am a bit surprised with the following assertion concerning CVE-2016-0798 :
(Memory leak in SRP database lookups)
"This issue was discovered on February 23rd 2016..."
My opinion is that this issue is known at least since I reported it to you
(first in march 2015 !) :
https://mta.openssl.org/
Kario
Sent: Tuesday, March 01, 2016 7:22 AM
To: openssl-dev@openssl.org
Subject: Re: [openssl-dev] OpenSSL Security Advisory
Scripts to verify that a server is not vulnerable to DROWN.
--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech
Scripts to verify that a server is not vulnerable to DROWN.
Two scripts are provided to verify that SSLv2 and all of its ciphers are
disabled and that export grade SSLv2 are disabled and can't be forced by
client.
Reproducer requires Python 2.6 or 3.2 or later, you will also need git
to downlo
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [1st March 2016]
=
NOTE: With this update, OpenSSL is disabling the SSLv2 protocol by default, as
well as removing SSLv2 EXPORT ciphers. We strongly advise against the use of
SSLv2
Am 03.02.2016 um 00:30 schrieb Kurt Roeckx:
On Tue, Feb 02, 2016 at 10:34:32PM +0100, Rainer Jung wrote:
Hi there,
reading the last advisory again, I noticed, that there's one logical
inconsistency.
First:
OpenSSL before 1.0.2f will reuse the key if:
...
- Static DH ciphersuites are used. The
On Tue, Feb 02, 2016 at 10:34:32PM +0100, Rainer Jung wrote:
> Hi there,
>
> reading the last advisory again, I noticed, that there's one logical
> inconsistency.
>
> First:
>
> OpenSSL before 1.0.2f will reuse the key if:
> ...
> - Static DH ciphersuites are used. The key is part of the certifi
On 02/02/16 21:34, Rainer Jung wrote:
> Hi there,
>
> reading the last advisory again, I noticed, that there's one logical
> inconsistency.
>
> First:
>
> OpenSSL before 1.0.2f will reuse the key if:
> ...
> - Static DH ciphersuites are used. The key is part of the certificate
> and so it will
Hi there,
reading the last advisory again, I noticed, that there's one logical
inconsistency.
First:
OpenSSL before 1.0.2f will reuse the key if:
...
- Static DH ciphersuites are used. The key is part of the certificate
and so it will always reuse it. This is only supported in 1.0.2.
and
+1
Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE network.
Original Message
From: Hanno Böck
Sent: Friday, January 29, 2016 06:18
To: openssl-dev@openssl.org
Reply To: openssl-dev@openssl.org
Cc: open...@openssl.org
Subject: Re: [openssl-dev] OpenSSL Security Advisory
On Thu, 28 Jan 2016 15:05:47 +
OpenSSL wrote:
> Additionally the SSL_OP_SINGLE_DH_USE option has been switched on by
> default and cannot be disabled. This could have some performance
> impact.
I think it's good that this has been changed now.
I found this ephemeral key reuse always problema
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [28th Jan 2016]
=
NOTE: SUPPORT FOR VERSION 1.0.1 WILL BE ENDING ON 31ST DECEMBER 2016. NO
SECURITY FIXES WILL BE PROVIDED AFTER THAT DATE. UNTIL THAT TIME SECURITY FIXES
ONLY ARE
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [3 Dec 2015] - Updated [4 Dec 2015]
=
[Updated 4 Dec 2015]: This advisory has been updated to include the details of
CVE-2015-1794, a Low severity issue affecting
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [3 Dec 2015]
===
NOTE: WE ANTICIPATE THAT 1.0.0t AND 0.9.8zh WILL BE THE LAST RELEASES FOR THE
0.9.8 AND 1.0.0 VERSIONS AND THAT NO MORE SECURITY FIXES WILL BE PROVIDED (AS
PER PREVIOUS
On Thu, Jul 09, 2015 at 01:13:30PM +, Salz, Rich wrote:
> > This issue affects OpenSSL versions 1.0.2c, 1.0.2b, 1.0.1n and 1.0.1o.
>
> In other words, if you are not using those specific releases -- i.e., the
> ones that came out less than 30 days ago -- you do not need to upgrade.
More accu
> This issue affects OpenSSL versions 1.0.2c, 1.0.2b, 1.0.1n and 1.0.1o.
In other words, if you are not using those specific releases -- i.e., the ones
that came out less than 30 days ago -- you do not need to upgrade.
___
openssl-dev mailing list
T
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [9 Jul 2015]
===
Alternative chains certificate forgery (CVE-2015-1793)
==
Severity: High
During certificate verification, OpenSSL
Huhu!!
|Fixes for this issue were developed by Emilia Käsper and Kurt Roeckx
I just want to mention these «UTF-8 re-encoded as UTF-8» issues,
which may be acceptable for names of males, but, but
*particularly* with respect to the natural beauty of the affected
person… On the other hand i alway
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [11 Jun 2015]
===
DHE man-in-the-middle protection (Logjam)
A vulnerability in the TLS protocol allows a man-in-the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [19 Mar 2015]
===
OpenSSL 1.0.2 ClientHello sigalgs DoS (CVE-2015-0291)
=
Severity: High
If a client connects to an OpenSSL 1.0.2
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [08 Jan 2015]
===
DTLS segmentation fault in dtls1_get_record (CVE-2014-3571)
===
Severity: Moderate
A carefully crafted DTLS
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [15 Oct 2014]
===
SRTP Memory Leak (CVE-2014-3513)
Severity: High
A flaw in the DTLS SRTP extension parsing code allows an attacker, who
sends a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [6 Aug 2014]
Information leak in pretty printing functions (CVE-2014-3508)
=
A flaw in OBJ_obj2txt may cause pretty
On Thu, Jun 05, 2014, Green, Gatewood wrote:
> Openssl-0.9.8za will not build in FIPS mode. The openssl-fips-1.2(.4) seems
> to be missing the symbol BN_consttime_swap.
>
Fixed now. Workaround is to compile with no-ec: the EC algorithsm aren't
approved for FIPS operation for the FIPS capable Op
: 208.206.7455
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of OpenSSL
Sent: Thursday, June 05, 2014 5:54 AM
To: openssl-dev@openssl.org; openssl-us...@openssl.org;
openssl-annou...@openssl.org
Subject: OpenSSL Security Advisory
On Thu, Jun 05, 2014, OpenSSL wrote:
>
> OpenSSL Security Advisory [05 Jun 2014]
>
>
> Resend: first version contained characters which could cause signature
> failure.
>
Oops, something else to add to the "list of things to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL Security Advisory [05 Jun 2014]
Resend: first version contained characters which could cause signature failure.
SSL/TLS MITM vulnerability (CVE-2014-0224
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL Security Advisory [05 Jun 2014]
SSL/TLS MITM vulnerability (CVE-2014-0224)
===
An attacker using a carefully crafted handshake can force the use of weak
better would be appreciated.
>
> Thanks
>
> Ted
>
> --
> R.E.(Ted) Byers, Ph.D.,Ed.D.
>
>
> On Mon, Apr 7, 2014 at 4:31 PM, OpenSSL wrote:
>
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA256
>>
>> OpenSSL Security Advisory [07 Apr 2014]
>>
NED MESSAGE-
> Hash: SHA256
>
> OpenSSL Security Advisory [07 Apr 2014]
>
>
> TLS heartbeat read overrun (CVE-2014-0160)
> ==
>
> A missing bounds check in the handling of the TLS heartbea
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL Security Advisory [07 Apr 2014]
TLS heartbeat read overrun (CVE-2014-0160)
==
A missing bounds check in the handling of the TLS heartbeat extension can be
On Thu, Feb 07, 2013, Kurt Roeckx wrote:
>
> That would mean the following aren't in the 1.0.0 branch:
> commit b908e88ec15aa0a74805e3f2236fc4f83f2789c2
> Author: Dr. Stephen Henson
> Date: Tue Jan 29 14:44:36 2013 +
>
> Timing fix mitigation for FIPS mode.
> We have to use EVP in
On Tue, Feb 05, 2013 at 03:18:28PM +0100, OpenSSL wrote:
> OpenSSL Security Advisory [05 Feb 2013]
>
>
> SSL, TLS and DTLS Plaintext Recovery Attack (CVE-2013-0169)
>
>
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [05 Feb 2013]
SSL, TLS and DTLS Plaintext Recovery Attack (CVE-2013-0169)
Nadhem Alfardan and Kenny Paterson have
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [10 May 2012]
===
Invalid TLS/DTLS record attack (CVE-2012-2333)
===
A flaw in the OpenSSL handling of CBC mode ciphersuites in TLS 1.1, 1.2
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [24 Apr 2012]
===
ASN1 BIO incomplete fix (CVE-2012-2131)
===
It was discovered that the fix for CVE-2012-2110 released on 19 Apr
2012 was not
-...@master.openssl.org;
openssl-us...@master.openssl.org
Subject: OpenSSL Security Advisory
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [19 Apr 2012]
===
ASN1 BIO vulnerability (CVE-2012-2110
On Thu, Apr 19, 2012, Erik Tkal wrote:
> The detailed analysis for CVE-2012-2110 implies issues with truncation,
> specifically int vs long vs size_t. Is the problem limited to platforms
> where these are different sizes? The analysis says not limited to I32LP64,
> but does not rule out any plat
The detailed analysis for CVE-2012-2110 implies issues with truncation,
specifically int vs long vs size_t. Is the problem limited to platforms where
these are different sizes? The analysis says not limited to I32LP64, but does
not rule out any platforms where it is not an issue. Can it occur
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [19 Apr 2012]
===
ASN1 BIO vulnerability (CVE-2012-2110)
===
A potentially exploitable vulnerability has been discovered in the OpenSSL
function
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [12 Mar 2012]
===
CMS and S/MIME Bleichenbacher attack (CVE-2012-0884)
A weakness in the OpenSSL CMS and PKCS #7 code can be exploited
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [18 Jan 2011]
===
DTLS DoS attack (CVE-2012-0050)
A flaw in the fix to CVE-2011-4108 can be exploited in a denial of
service attack. Only DTLS
On Wed, 4 Jan 2012 21:04:06 +0100 (CET) OpenSSL wrote:
> SGC Restart DoS Attack (CVE-2011-4619)
> ==
>
> Support for handshake restarts for server gated cryptograpy (SGC) can
> be used in a denial-of-service attack.
This issue seems to fall into the same cate
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [04 Jan 2012]
===
Six security flaws have been fixed in OpenSSL 1.0.0f and 0.9.8s.
DTLS Plaintext Recovery Attack (CVE-2011-4108)
==
Nadhem
On Tue, Sep 06, 2011 at 03:40:30PM +0200, OpenSSL wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> OpenSSL Security Advisory [6 September 2011]
>
> Two security flaws have been fixed in OpenSSL 1.0.0e
>
> CRL verification
I will be on vacation from Sep/05/2011 thru Sep/16/2011 (back in the office on
Sep 19).
Have a great day !
Huie-Ying
__
OpenSSL Project http://www.openssl.org
Development Mailing List
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [6 September 2011]
Two security flaws have been fixed in OpenSSL 1.0.0e
CRL verification vulnerability in OpenSSL
=
Under certain circumstances OpenSSL's internal certif
Thanks, Rob; I have updated the Security Advisory at
http://www.openssl.org/news/secadv_20110208.txt.
Bodo
Bodo, some comments inline...
On Tuesday 08 Feb 2011 18:09:46 Bodo Moeller wrote:
> OpenSSL Security Advisory [8 February 2011]
>
> OCSP stapling vulnerability in OpenSSL
> Which applications are affected
> ---
>
> Applications are only affe
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [8 February 2011]
OCSP stapling vulnerability in OpenSSL
==
Incorrectly formatted ClientHello handshake messages could cause OpenSSL
to parse past the end of the message.
This issue
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [8 February 2011]
OCSP stapling vulnerability in OpenSSL
==
Incorrectly formatted ClientHello handshake messages could cause OpenSSL
to parse past the end of the message.
This issue
On Mon, Dec 06, 2010, Jean-Marc Desperrier wrote:
> OpenSSL wrote:
>> OpenSSL Ciphersuite Downgrade Attack
>> =
>>
>> A flaw has been found in the OpenSSL SSL/TLS server code where an old bug
>> workaround allows malicous clients to modify the stored session cac
OpenSSL wrote:
OpenSSL Ciphersuite Downgrade Attack
=
A flaw has been found in the OpenSSL SSL/TLS server code where an old bug
workaround allows malicous clients to modify the stored session cache
ciphersuite. In some cases the ciphersuite can be downgraded t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [2 December 2010]
OpenSSL Ciphersuite Downgrade Attack
=
A flaw has been found in the OpenSSL SSL/TLS server code where an old bug
workaround allows malicous clients to modify the stored
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [16 November 2010]
TLS extension parsing race condition.
=
A flaw has been found in the OpenSSL TLS server extension code parsing which
on affected servers can be exploited in a buffer
Bodo Moeller wrote:
it's code elsewhere that no longer tolerates the coarse logic we are
changing in the patch, which has been around forever.
In fact, I already suspected that, thanks for the confirmation.
__
OpenSSL Project
On Thu, Mar 25, 2010 at 5:16 PM, Claus Assmann wrote:
> So far I haven't been able to determine which change caused the
> problem, so I'm still looking at various diff's, but I'm not
> familiar with the source code to (easily) spot the problem.
I imagine the reason that the exact breakdown wasn't
On Thu, Mar 25, 2010, Paul Suhler wrote:
> Am I reading the changes file correctly: if you don't use Kerberos,
> then this vulnerability doesn't apply?
>
There are two separate issues.
CVE-2010-0740 applies to 0.9.8m SSL/TLS and has nothing to do with Kerberos.
That is why we made the special
On Thu, Mar 25, 2010, Bodo Moeller wrote:
> >>"Record of death" vulnerability in OpenSSL 0.9.8f through 0.9.8m
> No, it's not a mistake -- it's code elsewhere that no longer
> tolerates the coarse logic we are changing in the patch, which has
> been around forever.
Could you please elaborate?
I
al Message-
From: owner-openssl-...@openssl.org
[mailto:owner-openssl-...@openssl.org] On Behalf Of Bodo Moeller
Sent: Thursday, March 25, 2010 11:40 AM
To: openssl-dev@openssl.org
Subject: Re: OpenSSL Security Advisory
On Mar 25, 2010, at 6:33 PM, Jean-Marc Desperrier wrote:
> OpenSSL wrot
On Mar 25, 2010, at 6:33 PM, Jean-Marc Desperrier wrote:
OpenSSL wrote:
"Record of death" vulnerability in OpenSSL 0.9.8f through 0.9.8m
How comes the vulnerability doesn't touch 0.9.8e though the patched
file wasn't modified between 0.9.8e and 0.9.8f ?
But that code was modified between
OpenSSL wrote:
"Record of death" vulnerability in OpenSSL 0.9.8f through 0.9.8m
How comes the vulnerability doesn't touch 0.9.8e though the patched file
wasn't modified between 0.9.8e and 0.9.8f ?
But that code was modified between 0.9.8d and 0.9.8e, see this patch :
http://cvs.openssl.org/f
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [24 March 2010]
"Record of death" vulnerability in OpenSSL 0.9.8f through 0.9.8m
In TLS connections, certain incorrectly formatted records ca
00:55:27.0 +0200
+++ ./crypto/x509/x509_vfy.c 2009-04-07 11:07:52.0 +0200
@@ -1124,7 +1124,7 @@
/* Verify CRL issuer */
ret = X509_verify_cert(&crl_ctx);
- if (!ret)
+ if (ret <= 0) /* OpenSSL Security Advisory [07-Jan-2009] */
goto err;
/* Check chain is acceptable */
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [25-Mar-2009]
Three moderate severity security flaws have been fixed in OpenSSL 0.9.8k.
ASN1 printing crash
===
The function ASN1_STRING_print_ex() when used to print a BMPString or
UniversalString will
/* Verify CRL issuer */
ret = X509_verify_cert(&crl_ctx);
- if (!ret)
+ if (ret <= 0) /* OpenSSL Security Advisory [07-Jan-2009] */
goto err;
/* Check chain is acceptable */
ret = check_crl_chain(ctx, ctx->chain
One way to exploit this flaw would be for a remote attacker who is in
control of a malicious server or who can use a 'man in the middle'
attack to present a malformed SSL/TLS signature from a certificate chain
to a vulnerable client, bypassing validation.
In my opinion, this statement is not ver
--- On Wed, 1/7/09, Dr. Stephen Henson wrote:
> Incorrect checks for malformed signatures
> - ---
It is not perfectly clear to me if regular certificate validiations and smime
signature validiation is also affected by this. Could you please elaborate if
> Does the release of 0.9.8j also include the FIPS module support?
> (i.e., is this a bug-fix only release, or does this include what you
> have been working on for the past few months as well?)
The actual 0.9.8j release announcement stated:
"This is the first full release of OpenSSL that can lin
AGE-
> Hash: SHA1
>
> OpenSSL Security Advisory [07-Jan-2009]
>
> Incorrect checks for malformed signatures
> - ---
__
OpenSSL Project h
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [07-Jan-2009]
Incorrect checks for malformed signatures
- ---
Several functions inside OpenSSL incorrectly checked the result after
calling the EVP_VerifyFinal function, allowing a
On Thu, Aug 15, 2002 at 04:01:57PM +0200, [EMAIL PROTECTED] wrote:
> I have read your OpenSSL Security Advisory (30 July 2002), where there is
> the recommendation to upgrade to OpenSSL 0.9.6e for those using 0.9.6d and
> earlier.
>
> We are using OpenSSL version 0.9.6a-9 and
Dear Sirs,
I have read your OpenSSL Security Advisory (30 July 2002), where there is
the recommendation to upgrade to OpenSSL 0.9.6e for those using 0.9.6d and
earlier.
We are using OpenSSL version 0.9.6a-9 and OpenSSH version 2.9p1-7. The OS is
SuSE - Linux 7.2 (i386)
You recommend also
84 matches
Mail list logo
