Update CHANGES.md and NEWS.md for the upcoming release
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/openssl/openssl/pull/24549)
This commit is contained in:
Tomas Mraz
parent
f7833b0a16
commit
6152b08631
2 changed files with 40 additions and 1 deletions
25
CHANGES.md
25
CHANGES.md
|
|
@ -28,6 +28,29 @@ OpenSSL 3.3
|
|||
|
||||
### Changes between 3.3.0 and 3.3.1 [xx XXX xxxx]
|
||||
|
||||
* Fixed potential use after free after SSL_free_buffers() is called.
|
||||
|
||||
The SSL_free_buffers function is used to free the internal OpenSSL
|
||||
buffer used when processing an incoming record from the network.
|
||||
The call is only expected to succeed if the buffer is not currently
|
||||
in use. However, two scenarios have been identified where the buffer
|
||||
is freed even when still in use.
|
||||
|
||||
The first scenario occurs where a record header has been received
|
||||
from the network and processed by OpenSSL, but the full record body
|
||||
has not yet arrived. In this case calling SSL_free_buffers will succeed
|
||||
even though a record has only been partially processed and the buffer
|
||||
is still in use.
|
||||
|
||||
The second scenario occurs where a full record containing application
|
||||
data has been received and processed by OpenSSL but the application has
|
||||
only read part of this data. Again a call to SSL_free_buffers will
|
||||
succeed even though the buffer is still in use.
|
||||
|
||||
([CVE-2024-4741])
|
||||
|
||||
*Matt Caswell*
|
||||
|
||||
* Fixed an issue where checking excessively long DSA keys or parameters may
|
||||
be very slow.
|
||||
|
||||
|
|
@ -20630,6 +20653,8 @@ ndif
|
|||
|
||||
<!-- Links -->
|
||||
|
||||
[CVE-2024-4741]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4741
|
||||
[CVE-2024-4603]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4603
|
||||
[CVE-2024-2511]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-2511
|
||||
[CVE-2024-0727]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-0727
|
||||
[CVE-2023-6237]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6237
|
||||
|
|
|
|||
16
NEWS.md
16
NEWS.md
|
|
@ -23,7 +23,17 @@ OpenSSL 3.3
|
|||
|
||||
### Major changes between OpenSSL 3.3.0 and OpenSSL 3.3.1 [under development]
|
||||
|
||||
* none
|
||||
OpenSSL 3.3.1 is a security patch release. The most severe CVE fixed in this
|
||||
release is Low.
|
||||
|
||||
This release incorporates the following bug fixes and mitigations:
|
||||
|
||||
* Fixed potential use after free after SSL_free_buffers() is called
|
||||
([CVE-2024-4741])
|
||||
|
||||
* Fixed an issue where checking excessively long DSA keys or parameters may
|
||||
be very slow
|
||||
([CVE-2024-4603])
|
||||
|
||||
### Major changes between OpenSSL 3.2 and OpenSSL 3.3.0 [9 Apr 2024]
|
||||
|
||||
|
|
@ -163,8 +173,10 @@ This release incorporates the following bug fixes and mitigations:
|
|||
|
||||
* Fixed PKCS12 Decoding crashes
|
||||
([CVE-2024-0727])
|
||||
|
||||
* Fixed excessive time spent checking invalid RSA public keys
|
||||
([CVE-2023-6237])
|
||||
|
||||
* Fixed POLY1305 MAC implementation corrupting vector registers on PowerPC
|
||||
CPUs which support PowerISA 2.07
|
||||
([CVE-2023-6129])
|
||||
|
|
@ -1717,6 +1729,8 @@ OpenSSL 0.9.x
|
|||
|
||||
<!-- Links -->
|
||||
|
||||
[CVE-2024-4741]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4741
|
||||
[CVE-2024-4603]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4603
|
||||
[CVE-2024-2511]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-2511
|
||||
[CVE-2024-0727]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-0727
|
||||
[CVE-2023-6237]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6237
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue