zzy/openssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update CHANGES.md and NEWS.md for the upcoming release

Browse Source 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/24549)

(cherry picked from commit 6152b08631568551f155f9d8219298f55aef5d94)
This commit is contained in:
Tomas Mraz 2024-06-03 16:46:41 +02:00
parent 0285160ffa
commit ae20c423f9
2 changed files with 44 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
CHANGES.md
View File

@ -100,6 +100,29 @@ OpenSSL 3.3
### Changes between 3.3.0 and 3.3.1 [xx XXX xxxx]
* Fixed potential use after free after SSL_free_buffers() is called.
The SSL_free_buffers function is used to free the internal OpenSSL
buffer used when processing an incoming record from the network.
The call is only expected to succeed if the buffer is not currently
in use. However, two scenarios have been identified where the buffer
is freed even when still in use.
The first scenario occurs where a record header has been received
from the network and processed by OpenSSL, but the full record body
has not yet arrived. In this case calling SSL_free_buffers will succeed
even though a record has only been partially processed and the buffer
is still in use.
The second scenario occurs where a full record containing application
data has been received and processed by OpenSSL but the application has
only read part of this data. Again a call to SSL_free_buffers will
succeed even though the buffer is still in use.
([CVE-2024-4741])
*Matt Caswell*
* Fixed an issue where checking excessively long DSA keys or parameters may
be very slow.
@ -20702,6 +20725,8 @@ ndif
<!-- Links -->
[CVE-2024-4741]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4741
[CVE-2024-4603]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4603
[CVE-2024-2511]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-2511
[CVE-2024-0727]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-0727
[CVE-2023-6237]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6237

20
NEWS.md
View File

@ -33,7 +33,21 @@ This release is in development.
OpenSSL 3.3
-----------
### Major changes between OpenSSL 3.2 and OpenSSL 3.3 [under development]
### Major changes between OpenSSL 3.3.0 and OpenSSL 3.3.1 [under development]
OpenSSL 3.3.1 is a security patch release. The most severe CVE fixed in this
release is Low.
This release incorporates the following bug fixes and mitigations:
* Fixed potential use after free after SSL_free_buffers() is called
([CVE-2024-4741])
* Fixed an issue where checking excessively long DSA keys or parameters may
be very slow
([CVE-2024-4603])
### Major changes between OpenSSL 3.2 and OpenSSL 3.3.0 [9 Apr 2024]
OpenSSL 3.3.0 is a feature release adding significant new functionality to
OpenSSL.
@ -171,8 +185,10 @@ This release incorporates the following bug fixes and mitigations:
* Fixed PKCS12 Decoding crashes
([CVE-2024-0727])
* Fixed excessive time spent checking invalid RSA public keys
([CVE-2023-6237])
* Fixed POLY1305 MAC implementation corrupting vector registers on PowerPC
CPUs which support PowerISA 2.07
([CVE-2023-6129])
@ -1725,6 +1741,8 @@ OpenSSL 0.9.x
<!-- Links -->
[CVE-2024-4741]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4741
[CVE-2024-4603]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4603
[CVE-2024-2511]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-2511
[CVE-2024-0727]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-0727
[CVE-2023-6237]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6237