[web] master update

Matt Caswell matt at openssl.org
Tue Apr 21 13:07:38 UTC 2020


The branch master has been updated
       via  7432cc2319a591467575763dcbd5a1c968bf595e (commit)
      from  0ad7d3cbd190744b43db3517d8470b3bc5a09b20 (commit)


- Log -----------------------------------------------------------------
commit 7432cc2319a591467575763dcbd5a1c968bf595e
Author: Matt Caswell <matt at openssl.org>
Date:   Tue Apr 21 12:08:12 2020 +0100

    Updates for 1.1.1g release
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>

-----------------------------------------------------------------------

Summary of changes:
 news/newsflash.txt       |  1 +
 news/secadv/20200421.txt | 48 ++++++++++++++++++++++++++++++++++++++++++++++++
 news/vulnerabilities.xml | 25 ++++++++++++++++++++++++-
 3 files changed, 73 insertions(+), 1 deletion(-)
 create mode 100644 news/secadv/20200421.txt

diff --git a/news/newsflash.txt b/news/newsflash.txt
index 6e96930..23da77d 100644
--- a/news/newsflash.txt
+++ b/news/newsflash.txt
@@ -4,6 +4,7 @@
 # Format is two fields, colon-separated; the first line is the column
 # headings.  URL paths must all be absolute.
 Date: Item
+21-Apr-2020: OpenSSL 1.1.1g is now available, including a security fix
 31-Mar-2020: OpenSSL 1.1.1f is now available, including bug fixes
 17-Mar-2020: OpenSSL 1.1.1e is now available, including bug and security fixes
 17-Feb-2020: New Blog post: <a href="https://www.openssl.org/blog/blog/2020/02/17/QUIC-and-OpenSSL/">QUIC and OpenSSL</a>
diff --git a/news/secadv/20200421.txt b/news/secadv/20200421.txt
new file mode 100644
index 0000000..fe46b3f
--- /dev/null
+++ b/news/secadv/20200421.txt
@@ -0,0 +1,48 @@
+OpenSSL Security Advisory [21 April 2020]
+=========================================
+
+Segmentation fault in SSL_check_chain (CVE-2020-1967)
+=====================================================
+
+Severity: High
+
+Server or client applications that call the SSL_check_chain() function during or
+after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a
+result of incorrect handling of the "signature_algorithms_cert" TLS extension.
+The crash occurs if an invalid or unrecognised signature algorithm is received
+from the peer. This could be exploited by a malicious peer in a Denial of
+Service attack.
+
+OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue.  This
+issue did not affect OpenSSL versions prior to 1.1.1d.
+
+Affected OpenSSL 1.1.1 users should upgrade to 1.1.1g
+
+This issue was found by Bernd Edlinger and reported to OpenSSL on 7th April
+2020. It was found using the new static analysis pass being implemented in GCC,
+-fanalyzer. Additional analysis was performed by Matt Caswell and Benjamin
+Kaduk.
+
+Note
+=====
+
+This issue did not affect OpenSSL 1.0.2 however these versions are out of
+support and no longer receiving public updates. Extended support is available
+for premium support customers: https://www.openssl.org/support/contracts.html
+
+This issue did not affect OpenSSL 1.1.0 however these versions are out of
+support and no longer receiving updates.
+
+Users of these versions should upgrade to OpenSSL 1.1.1.
+
+References
+==========
+
+URL for this Security Advisory:
+https://www.openssl.org/news/secadv/20200421.txt
+
+Note: the online version of the advisory may be updated with additional details
+over time.
+
+For details of OpenSSL severity classifications please see:
+https://www.openssl.org/policies/secpolicy.html
diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml
index 08897ed..697c3c9 100644
--- a/news/vulnerabilities.xml
+++ b/news/vulnerabilities.xml
@@ -7,7 +7,30 @@
 
 <!-- The updated attribute should be the same as the first public issue,
      unless an old entry was updated. -->
-<security updated="20191206">
+<security updated="20200421">
+  <issue public="20200421">
+    <impact severity="High"/>
+    <cve name="2020-1967"/>
+    <affects base="1.1.1" version="1.1.1d"/>
+    <affects base="1.1.1" version="1.1.1e"/>
+    <affects base="1.1.1" version="1.1.1f"/>
+    <fixed base="1.1.1" version="1.1.1g" date="20200421">
+      <git hash="eb563247aef3e83dda7679c43f9649270462e5b1"/>
+    </fixed>
+    <problemtype>NULL pointer dereference</problemtype>
+    <title>Segmentation fault in SSL_check_chain</title>
+    <description>
+      Server or client applications that call the SSL_check_chain() function during or
+      after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a
+      result of incorrect handling of the "signature_algorithms_cert" TLS extension.
+      The crash occurs if an invalid or unrecognised signature algorithm is received
+      from the peer. This could be exploited by a malicious peer in a Denial of
+      Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue.  This
+      issue did not affect OpenSSL versions prior to 1.1.1d.
+    </description>
+    <advisory url="/news/secadv/20200421.txt"/>
+    <reported source="Bernd Edlinger"/>
+  </issue>
   <issue public="20191206">
     <impact severity="Low"/>
     <cve name="2019-1551"/>


More information about the openssl-commits mailing list