root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity

Update CHANGES.md and NEWS.md for the upcoming release 

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/24550)

(cherry picked from commit 3fa9df5f1d)
This commit is contained in:
Tomas Mraz 2024-06-03 16:52:29 +02:00
parent 0324602e8a
commit e815e0bd40
2 changed files with 34 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
CHANGES.md
View File

@ -24,6 +24,29 @@ OpenSSL 3.1
### Changes between 3.1.5 and 3.1.6 [xx XXX xxxx]
* Fixed potential use after free after SSL_free_buffers() is called.
The SSL_free_buffers function is used to free the internal OpenSSL
buffer used when processing an incoming record from the network.
The call is only expected to succeed if the buffer is not currently
in use. However, two scenarios have been identified where the buffer
is freed even when still in use.
The first scenario occurs where a record header has been received
from the network and processed by OpenSSL, but the full record body
has not yet arrived. In this case calling SSL_free_buffers will succeed
even though a record has only been partially processed and the buffer
is still in use.
The second scenario occurs where a full record containing application
data has been received and processed by OpenSSL but the application has
only read part of this data. Again a call to SSL_free_buffers will
succeed even though the buffer is still in use.
([CVE-2024-4741])
*Matt Caswell*
* Fixed an issue where checking excessively long DSA keys or parameters may
be very slow.
@ -19991,6 +20014,8 @@ ndif
<!-- Links -->
[CVE-2024-4741]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4741
[CVE-2024-4603]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4603
[CVE-2024-2511]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-2511
[CVE-2024-0727]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-0727
[CVE-2023-6237]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6237

9
NEWS.md
View File

@ -21,6 +21,13 @@ OpenSSL 3.1
### Major changes between OpenSSL 3.1.5 and OpenSSL 3.1.6 [under development]
* Fixed potential use after free after SSL_free_buffers() is called
([CVE-2024-4741])
* Fixed an issue where checking excessively long DSA keys or parameters may
be very slow
([CVE-2024-4603])
* Fixed unbounded memory growth with session handling in TLSv1.3
([CVE-2024-2511])
@ -1491,6 +1498,8 @@ OpenSSL 0.9.x
<!-- Links -->
[CVE-2024-4741]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4741
[CVE-2024-4603]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4603
[CVE-2024-2511]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-2511
[CVE-2024-0727]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-0727
[CVE-2023-6237]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6237