[openssl-commits] [web] master update

Matt Caswell matt at openssl.org
Mon Sep 26 10:06:58 UTC 2016


The branch master has been updated
       via  6d223568b215ccb0c297a1ea8761f00b2b470473 (commit)
      from  50b169440002898052ea41e9a9393ed41a68e7b2 (commit)


- Log -----------------------------------------------------------------
commit 6d223568b215ccb0c297a1ea8761f00b2b470473
Author: Matt Caswell <matt at openssl.org>
Date:   Mon Sep 26 11:01:35 2016 +0100

    Update website for new release

-----------------------------------------------------------------------

Summary of changes:
 news/newsflash.txt       |  3 +++
 news/secadv/20160926.txt | 60 ++++++++++++++++++++++++++++++++++++++++++++++++
 news/vulnerabilities.xml | 37 ++++++++++++++++++++++++++++-
 3 files changed, 99 insertions(+), 1 deletion(-)
 create mode 100644 news/secadv/20160926.txt

diff --git a/news/newsflash.txt b/news/newsflash.txt
index 6eb393c..e10aef8 100644
--- a/news/newsflash.txt
+++ b/news/newsflash.txt
@@ -4,6 +4,9 @@
 # Format is two fields, colon-separated; the first line is the column
 # headings.  URL paths must all be absolute.
 Date: Item
+26-Sep-2016: <a href="/news/secadv/20160926.txt">Security Advisory</a>: Two security fixes
+26-Sep-2016: OpenSSL 1.1.0b is now available, including a security fix
+26-Sep-2016: OpenSSL 1.0.2j is now available, including a security fix
 22-Sep-2016: <a href="/news/secadv/20160922.txt">Security Advisory</a>: several security fixes
 22-Sep-2016: OpenSSL 1.1.0a is now available, including bug and security fixes
 22-Sep-2016: OpenSSL 1.0.2i is now available, including bug and security fixes
diff --git a/news/secadv/20160926.txt b/news/secadv/20160926.txt
new file mode 100644
index 0000000..467a119
--- /dev/null
+++ b/news/secadv/20160926.txt
@@ -0,0 +1,60 @@
+
+OpenSSL Security Advisory [26 Sep 2016]
+========================================
+
+This security update addresses issues that were caused by patches
+included in our previous security update, released on 22nd September
+2016.  Given the Critical severity of one of these flaws we have
+chosen to release this advisory immediately to prevent upgrades to the
+affected version, rather than delaying in order to provide our usual
+public pre-notification.
+
+
+Fix Use After Free for large message sizes (CVE-2016-6309)
+==========================================================
+
+Severity: Critical
+
+This issue only affects OpenSSL 1.1.0a, released on 22nd September 2016.
+
+The patch applied to address CVE-2016-6307 resulted in an issue where if a
+message larger than approx 16k is received then the underlying buffer to store
+the incoming message is reallocated and moved. Unfortunately a dangling pointer
+to the old location is left which results in an attempt to write to the
+previously freed location. This is likely to result in a crash, however it
+could potentially lead to execution of arbitrary code.
+
+OpenSSL 1.1.0 users should upgrade to 1.1.0b
+
+This issue was reported to OpenSSL on 23rd September 2016 by Robert
+Święcki (Google Security Team), and was found using honggfuzz. The fix
+was developed by Matt Caswell of the OpenSSL development team.
+
+Missing CRL sanity check (CVE-2016-7052)
+========================================
+
+Severity: Moderate
+
+This issue only affects OpenSSL 1.0.2i, released on 22nd September 2016.
+
+A bug fix which included a CRL sanity check was added to OpenSSL 1.1.0
+but was omitted from OpenSSL 1.0.2i. As a result any attempt to use
+CRLs in OpenSSL 1.0.2i will crash with a null pointer exception.
+
+OpenSSL 1.0.2i users should upgrade to 1.0.2j
+
+The issue was reported to OpenSSL on 22nd September 2016 by Bruce Stephens and
+Thomas Jakobi. The fix was developed by Matt Caswell of the OpenSSL development
+team.
+
+References
+==========
+
+URL for this Security Advisory:
+https://www.openssl.org/news/secadv/20160926.txt
+
+Note: the online version of the advisory may be updated with additional details
+over time.
+
+For details of OpenSSL severity classifications please see:
+https://www.openssl.org/policies/secpolicy.html
diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml
index f9b4a5d..e53c367 100644
--- a/news/vulnerabilities.xml
+++ b/news/vulnerabilities.xml
@@ -5,7 +5,42 @@
      1.0.0 on 20100329
 -->
 
-<security updated="20160922">
+<security updated="20160926">
+  <issue public="20160926">
+    <impact severity="Critical"/>
+    <cve name="2016-6309"/>
+    <affects base="1.1.0" version="1.1.0a"/>
+    <fixed base="1.1.0" version="1.1.0b" date="20160926"/>
+
+    <description>
+      This issue only affects OpenSSL 1.1.0a, released on 22nd September 2016.
+
+      The patch applied to address CVE-2016-6307 resulted in an issue where if a
+      message larger than approx 16k is received then the underlying buffer to store
+      the incoming message is reallocated and moved. Unfortunately a dangling pointer
+      to the old location is left which results in an attempt to write to the
+      previously freed location. This is likely to result in a crash, however it
+      could potentially lead to execution of arbitrary code.
+    </description>
+    <advisory url="/news/secadv/20160926.txt"/>
+    <reported source="Robert Święcki (Google Security Team)"/>
+  </issue>
+  <issue public="20160926">
+    <impact severity="Moderate"/>
+    <cve name="2016-7052"/>
+    <affects base="1.0.2" version="1.0.2i"/>
+    <fixed base="1.0.2" version="1.0.2j" date="20160926"/>
+
+    <description>
+      This issue only affects OpenSSL 1.0.2i, released on 22nd September 2016.
+
+      A bug fix which included a CRL sanity check was added to OpenSSL 1.1.0
+      but was omitted from OpenSSL 1.0.2i. As a result any attempt to use
+      CRLs in OpenSSL 1.0.2i will crash with a null pointer exception.
+    </description>
+    <advisory url="/news/secadv/20160926.txt"/>
+    <reported source="Bruce Stephens and Thomas Jakobi"/>
+  </issue>
   <issue public="20160922">
     <impact severity="High"/>
     <cve name="2016-6304"/>


More information about the openssl-commits mailing list