-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL Security Advisory [07 Dec 2017]
Read/write after SSL object in error state (CVE-2017-3737)
==
Severity: Moderate
OpenSSL 1.0.2 (starting
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL Security Advisory [02 Nov 2017]
bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)
==
Severity: Moderate
There is a carry propagating bug
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL Security Advisory [16 Feb 2017]
Encrypt-Then-Mac renegotiation crash (CVE-2017-3733)
Severity: High
During a renegotiation handshake
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL Security Advisory [26 Jan 2017]
Truncated packet could crash via OOB read (CVE-2017-3731)
=
Severity: Moderate
If an SSL/TLS server
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL Security Advisory [10 Nov 2016]
ChaCha20/Poly1305 heap-buffer-overflow (CVE-2016-7054)
==
Severity: High
TLS connections using *-CHACHA20
On Mon, 2016-09-26 at 10:35 +, OpenSSL wrote:
> Content-Type: text/plain; charset="iso-8859-1"
> This issue was reported to OpenSSL on 23rd September 2016 by Robert Święcki
Found by whom? Welcome to the 21st century... :)
--
dwmw2
smime.p7s
Description: S/MIME cryptographic signature
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [26 Sep 2016]
This security update addresses issues that were caused by patches
included in our previous security update, released on 22nd September
2016. Given the Critical
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [22 Sep 2016]
OCSP Status Request extension unbounded memory growth (CVE-2016-6304)
=
Severity: High
A malicious
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [3rd May 2016]
Memory corruption in the ASN.1 encoder (CVE-2016-2108)
==
Severity: High
This issue affected versions of OpenSSL
On Tuesday 01 March 2016 19:50:51 Nounou Dadoun wrote:
> I'm interested in your tlsfuzzer tool (of which this appears to be a
> part), is there a larger test suite available? Is there any
> documentation out there?
> Thanks again .. N
No, for now there isn't one. The plan is to have a full
> I am a bit surprised with the following assertion concerning CVE-2016-0798 :
> (Memory leak in SRP database lookups)
> "This issue was discovered on February 23rd 2016..."
Yes, Michel, sorry. You did create a ticket:
https://rt.openssl.org/Ticket/Display.html?id=4172
Thanks for being so
Hi,
I am a bit surprised with the following assertion concerning CVE-2016-0798 :
(Memory leak in SRP database lookups)
"This issue was discovered on February 23rd 2016..."
My opinion is that this issue is known at least since I reported it to you
(first in march 2015 !) :
Sent: Tuesday, March 01, 2016 7:22 AM
To: openssl-dev@openssl.org
Subject: Re: [openssl-dev] OpenSSL Security Advisory
Scripts to verify that a server is not vulnerable to DROWN.
--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o
Scripts to verify that a server is not vulnerable to DROWN.
Two scripts are provided to verify that SSLv2 and all of its ciphers are
disabled and that export grade SSLv2 are disabled and can't be forced by
client.
Reproducer requires Python 2.6 or 3.2 or later, you will also need git
to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [1st March 2016]
=
NOTE: With this update, OpenSSL is disabling the SSLv2 protocol by default, as
well as removing SSLv2 EXPORT ciphers. We strongly advise against the use of
SSLv2
Hi there,
reading the last advisory again, I noticed, that there's one logical
inconsistency.
First:
OpenSSL before 1.0.2f will reuse the key if:
...
- Static DH ciphersuites are used. The key is part of the certificate
and so it will always reuse it. This is only supported in 1.0.2.
and
On Tue, Feb 02, 2016 at 10:34:32PM +0100, Rainer Jung wrote:
> Hi there,
>
> reading the last advisory again, I noticed, that there's one logical
> inconsistency.
>
> First:
>
> OpenSSL before 1.0.2f will reuse the key if:
> ...
> - Static DH ciphersuites are used. The key is part of the
On 02/02/16 21:34, Rainer Jung wrote:
> Hi there,
>
> reading the last advisory again, I noticed, that there's one logical
> inconsistency.
>
> First:
>
> OpenSSL before 1.0.2f will reuse the key if:
> ...
> - Static DH ciphersuites are used. The key is part of the certificate
> and so it
Am 03.02.2016 um 00:30 schrieb Kurt Roeckx:
On Tue, Feb 02, 2016 at 10:34:32PM +0100, Rainer Jung wrote:
Hi there,
reading the last advisory again, I noticed, that there's one logical
inconsistency.
First:
OpenSSL before 1.0.2f will reuse the key if:
...
- Static DH ciphersuites are used.
+1
Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE network.
Original Message
From: Hanno Böck
Sent: Friday, January 29, 2016 06:18
To: openssl-dev@openssl.org
Reply To: openssl-dev@openssl.org
Cc: open...@openssl.org
Subject: Re: [openssl-dev] OpenSSL Security Advisory
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [28th Jan 2016]
=
NOTE: SUPPORT FOR VERSION 1.0.1 WILL BE ENDING ON 31ST DECEMBER 2016. NO
SECURITY FIXES WILL BE PROVIDED AFTER THAT DATE. UNTIL THAT TIME SECURITY FIXES
ONLY
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [3 Dec 2015] - Updated [4 Dec 2015]
=
[Updated 4 Dec 2015]: This advisory has been updated to include the details of
CVE-2015-1794, a Low severity issue affecting
On Thu, Jul 09, 2015 at 01:13:30PM +, Salz, Rich wrote:
This issue affects OpenSSL versions 1.0.2c, 1.0.2b, 1.0.1n and 1.0.1o.
In other words, if you are not using those specific releases -- i.e., the
ones that came out less than 30 days ago -- you do not need to upgrade.
More
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [9 Jul 2015]
===
Alternative chains certificate forgery (CVE-2015-1793)
==
Severity: High
During certificate verification, OpenSSL
This issue affects OpenSSL versions 1.0.2c, 1.0.2b, 1.0.1n and 1.0.1o.
In other words, if you are not using those specific releases -- i.e., the ones
that came out less than 30 days ago -- you do not need to upgrade.
___
openssl-dev mailing list
Huhu!!
|Fixes for this issue were developed by Emilia Käsper and Kurt Roeckx
I just want to mention these «UTF-8 re-encoded as UTF-8» issues,
which may be acceptable for names of males, but, but
*particularly* with respect to the natural beauty of the affected
person… On the other hand i
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [11 Jun 2015]
===
DHE man-in-the-middle protection (Logjam)
A vulnerability in the TLS protocol allows a man
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [19 Mar 2015]
===
OpenSSL 1.0.2 ClientHello sigalgs DoS (CVE-2015-0291)
=
Severity: High
If a client connects to an OpenSSL 1.0.2
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [08 Jan 2015]
===
DTLS segmentation fault in dtls1_get_record (CVE-2014-3571)
===
Severity: Moderate
A carefully crafted DTLS
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [15 Oct 2014]
===
SRTP Memory Leak (CVE-2014-3513)
Severity: High
A flaw in the DTLS SRTP extension parsing code allows an attacker, who
sends
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [6 Aug 2014]
Information leak in pretty printing functions (CVE-2014-3508)
=
A flaw in OBJ_obj2txt may cause pretty
: 208.206.7455
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of OpenSSL
Sent: Thursday, June 05, 2014 5:54 AM
To: openssl-dev@openssl.org; openssl-us...@openssl.org;
openssl-annou...@openssl.org
Subject: OpenSSL Security Advisory
On Thu, Jun 05, 2014, Green, Gatewood wrote:
Openssl-0.9.8za will not build in FIPS mode. The openssl-fips-1.2(.4) seems
to be missing the symbol BN_consttime_swap.
Fixed now. Workaround is to compile with no-ec: the EC algorithsm aren't
approved for FIPS operation for the FIPS capable
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL Security Advisory [05 Jun 2014]
SSL/TLS MITM vulnerability (CVE-2014-0224)
===
An attacker using a carefully crafted handshake can force the use of weak
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL Security Advisory [05 Jun 2014]
Resend: first version contained characters which could cause signature failure.
SSL/TLS MITM vulnerability (CVE-2014-0224
On Thu, Jun 05, 2014, OpenSSL wrote:
OpenSSL Security Advisory [05 Jun 2014]
Resend: first version contained characters which could cause signature
failure.
Oops, something else to add to the list of things to double check before
making
:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL Security Advisory [07 Apr 2014]
TLS heartbeat read overrun (CVE-2014-0160)
==
A missing bounds check in the handling of the TLS heartbeat extension can
be appreciated.
Thanks
Ted
--
R.E.(Ted) Byers, Ph.D.,Ed.D.
On Mon, Apr 7, 2014 at 4:31 PM, OpenSSL open...@openssl.org wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL Security Advisory [07 Apr 2014]
TLS heartbeat read overrun (CVE-2014
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL Security Advisory [07 Apr 2014]
TLS heartbeat read overrun (CVE-2014-0160)
==
A missing bounds check in the handling of the TLS heartbeat extension can
On Thu, Feb 07, 2013, Kurt Roeckx wrote:
That would mean the following aren't in the 1.0.0 branch:
commit b908e88ec15aa0a74805e3f2236fc4f83f2789c2
Author: Dr. Stephen Henson st...@openssl.org
Date: Tue Jan 29 14:44:36 2013 +
Timing fix mitigation for FIPS mode.
We have to
On Tue, Feb 05, 2013 at 03:18:28PM +0100, OpenSSL wrote:
OpenSSL Security Advisory [05 Feb 2013]
SSL, TLS and DTLS Plaintext Recovery Attack (CVE-2013-0169)
Nadhem Alfardan and Kenny
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [05 Feb 2013]
SSL, TLS and DTLS Plaintext Recovery Attack (CVE-2013-0169)
Nadhem Alfardan and Kenny Paterson have
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [10 May 2012]
===
Invalid TLS/DTLS record attack (CVE-2012-2333)
===
A flaw in the OpenSSL handling of CBC mode ciphersuites in TLS 1.1, 1.2
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [24 Apr 2012]
===
ASN1 BIO incomplete fix (CVE-2012-2131)
===
It was discovered that the fix for CVE-2012-2110 released on 19 Apr
2012
-...@master.openssl.org;
openssl-us...@master.openssl.org
Subject: OpenSSL Security Advisory
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [19 Apr 2012]
===
ASN1 BIO vulnerability (CVE-2012-2110
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [19 Apr 2012]
===
ASN1 BIO vulnerability (CVE-2012-2110)
===
A potentially exploitable vulnerability has been discovered in the OpenSSL
function
The detailed analysis for CVE-2012-2110 implies issues with truncation,
specifically int vs long vs size_t. Is the problem limited to platforms where
these are different sizes? The analysis says not limited to I32LP64, but does
not rule out any platforms where it is not an issue. Can it
On Thu, Apr 19, 2012, Erik Tkal wrote:
The detailed analysis for CVE-2012-2110 implies issues with truncation,
specifically int vs long vs size_t. Is the problem limited to platforms
where these are different sizes? The analysis says not limited to I32LP64,
but does not rule out any
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [12 Mar 2012]
===
CMS and S/MIME Bleichenbacher attack (CVE-2012-0884)
A weakness in the OpenSSL CMS and PKCS #7 code can be exploited
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [18 Jan 2011]
===
DTLS DoS attack (CVE-2012-0050)
A flaw in the fix to CVE-2011-4108 can be exploited in a denial of
service attack. Only DTLS
On Wed, 4 Jan 2012 21:04:06 +0100 (CET) OpenSSL wrote:
SGC Restart DoS Attack (CVE-2011-4619)
==
Support for handshake restarts for server gated cryptograpy (SGC) can
be used in a denial-of-service attack.
This issue seems to fall into the same category
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [04 Jan 2012]
===
Six security flaws have been fixed in OpenSSL 1.0.0f and 0.9.8s.
DTLS Plaintext Recovery Attack (CVE-2011-4108)
==
Nadhem
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [6 September 2011]
Two security flaws have been fixed in OpenSSL 1.0.0e
CRL verification vulnerability in OpenSSL
=
Under certain circumstances OpenSSL's internal certificate
I will be on vacation from Sep/05/2011 thru Sep/16/2011 (back in the office on
Sep 19).
Have a great day !
Huie-Ying
__
OpenSSL Project http://www.openssl.org
Development Mailing List
On Tue, Sep 06, 2011 at 03:40:30PM +0200, OpenSSL wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [6 September 2011]
Two security flaws have been fixed in OpenSSL 1.0.0e
CRL verification vulnerability in OpenSSL
Bodo, some comments inline...
On Tuesday 08 Feb 2011 18:09:46 Bodo Moeller wrote:
OpenSSL Security Advisory [8 February 2011]
OCSP stapling vulnerability in OpenSSL
snip
Which applications are affected
---
Applications are only affected if they act as a server
Thanks, Rob; I have updated the Security Advisory at
http://www.openssl.org/news/secadv_20110208.txt.
Bodo
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [8 February 2011]
OCSP stapling vulnerability in OpenSSL
==
Incorrectly formatted ClientHello handshake messages could cause OpenSSL
to parse past the end of the message.
This issue
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [8 February 2011]
OCSP stapling vulnerability in OpenSSL
==
Incorrectly formatted ClientHello handshake messages could cause OpenSSL
to parse past the end of the message.
This issue
OpenSSL wrote:
OpenSSL Ciphersuite Downgrade Attack
=
A flaw has been found in the OpenSSL SSL/TLS server code where an old bug
workaround allows malicous clients to modify the stored session cache
ciphersuite. In some cases the ciphersuite can be downgraded
On Mon, Dec 06, 2010, Jean-Marc Desperrier wrote:
OpenSSL wrote:
OpenSSL Ciphersuite Downgrade Attack
=
A flaw has been found in the OpenSSL SSL/TLS server code where an old bug
workaround allows malicous clients to modify the stored session cache
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [2 December 2010]
OpenSSL Ciphersuite Downgrade Attack
=
A flaw has been found in the OpenSSL SSL/TLS server code where an old bug
workaround allows malicous clients to modify the stored
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [16 November 2010]
TLS extension parsing race condition.
=
A flaw has been found in the OpenSSL TLS server extension code parsing which
on affected servers can be exploited in a buffer
On Thu, Mar 25, 2010 at 5:16 PM, Claus Assmann ca+ssl-...@esmtp.org wrote:
So far I haven't been able to determine which change caused the
problem, so I'm still looking at various diff's, but I'm not
familiar with the source code to (easily) spot the problem.
I imagine the reason that the
Bodo Moeller wrote:
it's code elsewhere that no longer tolerates the coarse logic we are
changing in the patch, which has been around forever.
In fact, I already suspected that, thanks for the confirmation.
__
OpenSSL Project
OpenSSL wrote:
Record of death vulnerability in OpenSSL 0.9.8f through 0.9.8m
How comes the vulnerability doesn't touch 0.9.8e though the patched file
wasn't modified between 0.9.8e and 0.9.8f ?
But that code was modified between 0.9.8d and 0.9.8e, see this patch :
On Mar 25, 2010, at 6:33 PM, Jean-Marc Desperrier wrote:
OpenSSL wrote:
Record of death vulnerability in OpenSSL 0.9.8f through 0.9.8m
How comes the vulnerability doesn't touch 0.9.8e though the patched
file wasn't modified between 0.9.8e and 0.9.8f ?
But that code was modified between
-
From: owner-openssl-...@openssl.org
[mailto:owner-openssl-...@openssl.org] On Behalf Of Bodo Moeller
Sent: Thursday, March 25, 2010 11:40 AM
To: openssl-dev@openssl.org
Subject: Re: OpenSSL Security Advisory
On Mar 25, 2010, at 6:33 PM, Jean-Marc Desperrier wrote:
OpenSSL wrote:
Record
On Thu, Mar 25, 2010, Bodo Moeller wrote:
Record of death vulnerability in OpenSSL 0.9.8f through 0.9.8m
No, it's not a mistake -- it's code elsewhere that no longer
tolerates the coarse logic we are changing in the patch, which has
been around forever.
Could you please elaborate?
I'm
On Thu, Mar 25, 2010, Paul Suhler wrote:
Am I reading the changes file correctly: if you don't use Kerberos,
then this vulnerability doesn't apply?
There are two separate issues.
CVE-2010-0740 applies to 0.9.8m SSL/TLS and has nothing to do with Kerberos.
That is why we made the special
-07 11:07:52.0 +0200
@@ -1124,7 +1124,7 @@
/* Verify CRL issuer */
ret = X509_verify_cert(crl_ctx);
- if (!ret)
+ if (ret = 0) /* OpenSSL Security Advisory [07-Jan-2009] */
goto err;
/* Check chain is acceptable */
One way to exploit this flaw would be for a remote attacker who is in
control of a malicious server or who can use a 'man in the middle'
attack to present a malformed SSL/TLS signature from a certificate chain
to a vulnerable client, bypassing validation.
In my opinion, this statement is not
;
/* Verify CRL issuer */
ret = X509_verify_cert(crl_ctx);
- if (!ret)
+ if (ret = 0) /* OpenSSL Security Advisory [07-Jan-2009] */
goto err;
/* Check chain is acceptable */
ret = check_crl_chain(ctx, ctx-chain, crl_ctx.chain);
err
--- On Wed, 1/7/09, Dr. Stephen Henson st...@openssl.org wrote:
Incorrect checks for malformed signatures
- ---
It is not perfectly clear to me if regular certificate validiations and smime
signature validiation is also affected by this. Could you
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [07-Jan-2009]
Incorrect checks for malformed signatures
- ---
Several functions inside OpenSSL incorrectly checked the result after
calling the EVP_VerifyFinal function, allowing
MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [07-Jan-2009]
Incorrect checks for malformed signatures
- ---
__
OpenSSL Project http://www.openssl.org
Does the release of 0.9.8j also include the FIPS module support?
(i.e., is this a bug-fix only release, or does this include what you
have been working on for the past few months as well?)
The actual 0.9.8j release announcement stated:
This is the first full release of OpenSSL that can link
Dear Sirs,
I have read your OpenSSL Security Advisory (30 July 2002), where there is
the recommendation to upgrade to OpenSSL 0.9.6e for those using 0.9.6d and
earlier.
We are using OpenSSL version 0.9.6a-9 and OpenSSH version 2.9p1-7. The OS is
SuSE - Linux 7.2 (i386)
You recommend also
78 matches
Mail list logo