[openssl] OpenSSL_1_0_2-stable update

Matt Caswell matt at openssl.org
Tue Sep 10 09:55:31 UTC 2019 

The branch OpenSSL_1_0_2-stable has been updated
       via  8bf7d77f33263c81b8e293347edc9a6e43f24d0e (commit)
      from  66fd724daa89996bb775ab8911479c11143b44df (commit)


- Log -----------------------------------------------------------------
commit 8bf7d77f33263c81b8e293347edc9a6e43f24d0e
Author: Matt Caswell <matt at openssl.org>
Date:   Tue Sep 10 10:26:07 2019 +0100

    Update CHANGES and NEWS for the new release
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/9843)

-----------------------------------------------------------------------

Summary of changes:
 CHANGES | 12 ++++++++++++
 NEWS    |  9 ++++++++-
 2 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/CHANGES b/CHANGES
index e9b467bd04..eff1121106 100644
--- a/CHANGES
+++ b/CHANGES
@@ -9,6 +9,18 @@
 
  Changes between 1.0.2s and 1.0.2t [xx XXX xxxx]
 
+  *) Fixed a padding oracle in PKCS7_decrypt() and CMS_decrypt(). In situations
+     where an attacker receives automated notification of the success or failure
+     of a decryption attempt an attacker, after sending a very large number of
+     messages to be decrypted, can recover a CMS/PKCS7 transported encryption
+     key or decrypt any RSA encrypted message that was encrypted with the public
+     RSA key, using a Bleichenbacher padding oracle attack. Applications are not
+     affected if they use a certificate together with the private RSA key to the
+     CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info
+     to decrypt.
+     (CVE-2019-1563)
+     [Bernd Edlinger]
+
    *) For built-in EC curves, ensure an EC_GROUP built from the curve name is
       used even when parsing explicit parameters, when loading a serialized key
       or calling `EC_GROUP_new_from_ecpkparameters()`/
diff --git a/NEWS b/NEWS
index 4bff4ae96a..c8159993e9 100644
--- a/NEWS
+++ b/NEWS
@@ -7,7 +7,14 @@
 
   Major changes between OpenSSL 1.0.2r and OpenSSL 1.0.2t [under development]
 
-      o
+      o Fixed a padding oracle in PKCS7_decrypt() and CMS_decrypt()
+        (CVE-2019-1563)
+      o For built-in EC curves, ensure an EC_GROUP built from the curve name is
+        used even when parsing explicit parameters
+      o Compute ECC cofactors if not provided during EC_GROUP construction
+        (CVE-2019-1547)
+      o Document issue with installation paths in diverse Windows builds
+        (CVE-2019-1552)
 
   Major changes between OpenSSL 1.0.2q and OpenSSL 1.0.2r [26 Feb 2019]

More information about the openssl-commits mailing list