diff options
author | Matt Caswell <matt@openssl.org> | 2017-02-16 09:51:56 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2017-02-16 10:10:05 +0000 |
commit | d4da1bb5ab2b8bb08ec6662262fb6b2e3fdafeef (patch) | |
tree | ec996d7631b116a6425dc84c4ea1785c669ce55b | |
parent | 2c55b28a34624c18e3d05dfd7acb78895e3a64e6 (diff) | |
download | openssl-d4da1bb5ab2b8bb08ec6662262fb6b2e3fdafeef.tar.gz |
Update CHANGES and NEWS for new release
Reviewed-by: Richard Levitte <levitte@openssl.org>
-rw-r--r-- | CHANGES | 15 | ||||
-rw-r--r-- | NEWS | 6 |
2 files changed, 19 insertions, 2 deletions
@@ -2,7 +2,7 @@ OpenSSL CHANGES _______________ - Changes between 1.1.0a and 1.1.1 [xx XXX xxxx] + Changes between 1.1.0e and 1.1.1 [xx XXX xxxx] *) Add support for SipHash [Todd Short] @@ -24,6 +24,19 @@ *) Support for SSL_OP_NO_ENCRYPT_THEN_MAC in SSL_CONF_cmd. [Emilia Käsper] + Changes between 1.1.0d and 1.1.0e [16 Feb 2017] + + *) Encrypt-Then-Mac renegotiation crash + + During a renegotiation handshake if the Encrypt-Then-Mac extension is + negotiated where it was not in the original handshake (or vice-versa) then + this can cause OpenSSL to crash (dependant on ciphersuite). Both clients + and servers are affected. + + This issue was reported to OpenSSL by Joe Orton (Red Hat). + (CVE-2017-3733) + [Matt Caswell] + Changes between 1.1.0c and 1.1.0d [26 Jan 2017] *) Truncated packet could crash via OOB read @@ -5,10 +5,14 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. - Major changes between OpenSSL 1.1.0a and OpenSSL 1.1.1 [under development] + Major changes between OpenSSL 1.1.0e and OpenSSL 1.1.1 [under development] o + Major changes between OpenSSL 1.1.0d and OpenSSL 1.1.0e [16 Feb 2017] + + o Encrypt-Then-Mac renegotiation crash (CVE-2017-3733) + Major changes between OpenSSL 1.1.0c and OpenSSL 1.1.0d [26 Jan 2017] o Truncated packet could crash via OOB read (CVE-2017-3731) |