[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
Matt Caswell
matt at openssl.org
Tue Aug 14 09:57:57 UTC 2018
The branch OpenSSL_1_0_2-stable has been updated
via 0698c33a7b18a52a41de6800d1d2839fea540af5 (commit)
from 7d4c97add12cfa5d4589880b09d6139c3203e2f4 (commit)
- Log -----------------------------------------------------------------
commit 0698c33a7b18a52a41de6800d1d2839fea540af5
Author: Matt Caswell <matt at openssl.org>
Date: Tue Aug 14 10:39:19 2018 +0100
Updates to CHANGES and NEWS for the new release
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6951)
-----------------------------------------------------------------------
Summary of changes:
CHANGES | 24 ++++++++++++++++++++++++
NEWS | 3 ++-
2 files changed, 26 insertions(+), 1 deletion(-)
diff --git a/CHANGES b/CHANGES
index 4f24046..b25db02 100644
--- a/CHANGES
+++ b/CHANGES
@@ -9,6 +9,30 @@
Changes between 1.0.2o and 1.0.2p [xx XXX xxxx]
+ *) Client DoS due to large DH parameter
+
+ During key agreement in a TLS handshake using a DH(E) based ciphersuite a
+ malicious server can send a very large prime value to the client. This will
+ cause the client to spend an unreasonably long period of time generating a
+ key for this prime resulting in a hang until the client has finished. This
+ could be exploited in a Denial Of Service attack.
+
+ This issue was reported to OpenSSL on 5th June 2018 by Guido Vranken
+ (CVE-2018-0732)
+ [Guido Vranken]
+
+ *) Cache timing vulnerability in RSA Key Generation
+
+ The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to
+ a cache timing side channel attack. An attacker with sufficient access to
+ mount cache timing attacks during the RSA key generation process could
+ recover the private key.
+
+ This issue was reported to OpenSSL on 4th April 2018 by Alejandro Cabrera
+ Aldaya, Billy Brumley, Cesar Pereida Garcia and Luis Manuel Alvarez Tapia.
+ (CVE-2018-0737)
+ [Billy Brumley]
+
*) Make EVP_PKEY_asn1_new() a bit stricter about its input. A NULL pem_str
parameter is no longer accepted, as it leads to a corrupt table. NULL
pem_str is reserved for alias entries only.
diff --git a/NEWS b/NEWS
index 0fb4724..7cf369a 100644
--- a/NEWS
+++ b/NEWS
@@ -7,7 +7,8 @@
Major changes between OpenSSL 1.0.2o and OpenSSL 1.0.2p [under development]
- o
+ o Client DoS due to large DH parameter (CVE-2018-0732)
+ o Cache timing vulnerability in RSA Key Generation (CVE-2018-0737)
Major changes between OpenSSL 1.0.2n and OpenSSL 1.0.2o [27 Mar 2018]
More information about the openssl-commits
mailing list