[openssl-commits] [web] master update
Matt Caswell
matt at openssl.org
Mon Sep 26 10:06:58 UTC 2016
The branch master has been updated
via 6d223568b215ccb0c297a1ea8761f00b2b470473 (commit)
from 50b169440002898052ea41e9a9393ed41a68e7b2 (commit)
- Log -----------------------------------------------------------------
commit 6d223568b215ccb0c297a1ea8761f00b2b470473
Author: Matt Caswell <matt at openssl.org>
Date: Mon Sep 26 11:01:35 2016 +0100
Update website for new release
-----------------------------------------------------------------------
Summary of changes:
news/newsflash.txt | 3 +++
news/secadv/20160926.txt | 60 ++++++++++++++++++++++++++++++++++++++++++++++++
news/vulnerabilities.xml | 37 ++++++++++++++++++++++++++++-
3 files changed, 99 insertions(+), 1 deletion(-)
create mode 100644 news/secadv/20160926.txt
diff --git a/news/newsflash.txt b/news/newsflash.txt
index 6eb393c..e10aef8 100644
--- a/news/newsflash.txt
+++ b/news/newsflash.txt
@@ -4,6 +4,9 @@
# Format is two fields, colon-separated; the first line is the column
# headings. URL paths must all be absolute.
Date: Item
+26-Sep-2016: <a href="/news/secadv/20160926.txt">Security Advisory</a>: Two security fixes
+26-Sep-2016: OpenSSL 1.1.0b is now available, including a security fix
+26-Sep-2016: OpenSSL 1.0.2j is now available, including a security fix
22-Sep-2016: <a href="/news/secadv/20160922.txt">Security Advisory</a>: several security fixes
22-Sep-2016: OpenSSL 1.1.0a is now available, including bug and security fixes
22-Sep-2016: OpenSSL 1.0.2i is now available, including bug and security fixes
diff --git a/news/secadv/20160926.txt b/news/secadv/20160926.txt
new file mode 100644
index 0000000..467a119
--- /dev/null
+++ b/news/secadv/20160926.txt
@@ -0,0 +1,60 @@
+
+OpenSSL Security Advisory [26 Sep 2016]
+========================================
+
+This security update addresses issues that were caused by patches
+included in our previous security update, released on 22nd September
+2016. Given the Critical severity of one of these flaws we have
+chosen to release this advisory immediately to prevent upgrades to the
+affected version, rather than delaying in order to provide our usual
+public pre-notification.
+
+
+Fix Use After Free for large message sizes (CVE-2016-6309)
+==========================================================
+
+Severity: Critical
+
+This issue only affects OpenSSL 1.1.0a, released on 22nd September 2016.
+
+The patch applied to address CVE-2016-6307 resulted in an issue where if a
+message larger than approx 16k is received then the underlying buffer to store
+the incoming message is reallocated and moved. Unfortunately a dangling pointer
+to the old location is left which results in an attempt to write to the
+previously freed location. This is likely to result in a crash, however it
+could potentially lead to execution of arbitrary code.
+
+OpenSSL 1.1.0 users should upgrade to 1.1.0b
+
+This issue was reported to OpenSSL on 23rd September 2016 by Robert
+Święcki (Google Security Team), and was found using honggfuzz. The fix
+was developed by Matt Caswell of the OpenSSL development team.
+
+Missing CRL sanity check (CVE-2016-7052)
+========================================
+
+Severity: Moderate
+
+This issue only affects OpenSSL 1.0.2i, released on 22nd September 2016.
+
+A bug fix which included a CRL sanity check was added to OpenSSL 1.1.0
+but was omitted from OpenSSL 1.0.2i. As a result any attempt to use
+CRLs in OpenSSL 1.0.2i will crash with a null pointer exception.
+
+OpenSSL 1.0.2i users should upgrade to 1.0.2j
+
+The issue was reported to OpenSSL on 22nd September 2016 by Bruce Stephens and
+Thomas Jakobi. The fix was developed by Matt Caswell of the OpenSSL development
+team.
+
+References
+==========
+
+URL for this Security Advisory:
+https://www.openssl.org/news/secadv/20160926.txt
+
+Note: the online version of the advisory may be updated with additional details
+over time.
+
+For details of OpenSSL severity classifications please see:
+https://www.openssl.org/policies/secpolicy.html
diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml
index f9b4a5d..e53c367 100644
--- a/news/vulnerabilities.xml
+++ b/news/vulnerabilities.xml
@@ -5,7 +5,42 @@
1.0.0 on 20100329
-->
-<security updated="20160922">
+<security updated="20160926">
+ <issue public="20160926">
+ <impact severity="Critical"/>
+ <cve name="2016-6309"/>
+ <affects base="1.1.0" version="1.1.0a"/>
+ <fixed base="1.1.0" version="1.1.0b" date="20160926"/>
+
+ <description>
+ This issue only affects OpenSSL 1.1.0a, released on 22nd September 2016.
+
+ The patch applied to address CVE-2016-6307 resulted in an issue where if a
+ message larger than approx 16k is received then the underlying buffer to store
+ the incoming message is reallocated and moved. Unfortunately a dangling pointer
+ to the old location is left which results in an attempt to write to the
+ previously freed location. This is likely to result in a crash, however it
+ could potentially lead to execution of arbitrary code.
+ </description>
+ <advisory url="/news/secadv/20160926.txt"/>
+ <reported source="Robert Święcki (Google Security Team)"/>
+ </issue>
+ <issue public="20160926">
+ <impact severity="Moderate"/>
+ <cve name="2016-7052"/>
+ <affects base="1.0.2" version="1.0.2i"/>
+ <fixed base="1.0.2" version="1.0.2j" date="20160926"/>
+
+ <description>
+ This issue only affects OpenSSL 1.0.2i, released on 22nd September 2016.
+
+ A bug fix which included a CRL sanity check was added to OpenSSL 1.1.0
+ but was omitted from OpenSSL 1.0.2i. As a result any attempt to use
+ CRLs in OpenSSL 1.0.2i will crash with a null pointer exception.
+ </description>
+ <advisory url="/news/secadv/20160926.txt"/>
+ <reported source="Bruce Stephens and Thomas Jakobi"/>
+ </issue>
<issue public="20160922">
<impact severity="High"/>
<cve name="2016-6304"/>
More information about the openssl-commits
mailing list