[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

Matt Caswell matt at openssl.org
Tue Aug 14 09:57:09 UTC 2018

The branch OpenSSL_1_1_0-stable has been updated
       via  825dbd019c7eca898457f64d377074d7f0d43ada (commit)
      from  cc08075f66cd84949524444321bb59566f22dce0 (commit)

- Log -----------------------------------------------------------------
commit 825dbd019c7eca898457f64d377074d7f0d43ada
Author: Matt Caswell <matt at openssl.org>
Date:   Tue Aug 14 10:39:19 2018 +0100

    Updates to CHANGES and NEWS for the new release
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/6950)


Summary of changes:
 CHANGES | 24 ++++++++++++++++++++++++
 NEWS    |  3 ++-
 2 files changed, 26 insertions(+), 1 deletion(-)

diff --git a/CHANGES b/CHANGES
index 13cc641..faf5a3c 100644
@@ -9,6 +9,30 @@
  Changes between 1.1.0h and 1.1.0i [xx XXX xxxx]
+  *) Client DoS due to large DH parameter
+     During key agreement in a TLS handshake using a DH(E) based ciphersuite a
+     malicious server can send a very large prime value to the client. This will
+     cause the client to spend an unreasonably long period of time generating a
+     key for this prime resulting in a hang until the client has finished. This
+     could be exploited in a Denial Of Service attack.
+     This issue was reported to OpenSSL on 5th June 2018 by Guido Vranken
+     (CVE-2018-0732)
+     [Guido Vranken]
+  *) Cache timing vulnerability in RSA Key Generation
+     The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to
+     a cache timing side channel attack. An attacker with sufficient access to
+     mount cache timing attacks during the RSA key generation process could
+     recover the private key.
+     This issue was reported to OpenSSL on 4th April 2018 by Alejandro Cabrera
+     Aldaya, Billy Brumley, Cesar Pereida Garcia and Luis Manuel Alvarez Tapia.
+     (CVE-2018-0737)
+     [Billy Brumley]
   *) Make EVP_PKEY_asn1_new() a bit stricter about its input.  A NULL pem_str
      parameter is no longer accepted, as it leads to a corrupt table.  NULL
      pem_str is reserved for alias entries only.
diff --git a/NEWS b/NEWS
index 22ccd9e..9f6e3cf 100644
--- a/NEWS
+++ b/NEWS
@@ -7,7 +7,8 @@
   Major changes between OpenSSL 1.1.0h and OpenSSL 1.1.0i [under development]
-      o
+      o Client DoS due to large DH parameter (CVE-2018-0732)
+      o Cache timing vulnerability in RSA Key Generation (CVE-2018-0737)
   Major changes between OpenSSL 1.1.0g and OpenSSL 1.1.0h [27 Mar 2018]

More information about the openssl-commits mailing list