diff options
| author | Viktor Dukhovni <viktor@openssl.org> | 2024-07-10 11:50:57 +0200 |
|---|---|---|
| committer | Tomas Mraz <tomas@openssl.org> | 2024-09-03 21:04:03 +0200 |
| commit | ca979e854b2ac847c3abdf10a6c61b569611b6ae (patch) | |
| tree | eaa3704f4bbc5a0ca4838b98642fa7764a656d0f /CHANGES.md | |
| parent | Avoid type errors in EAI-related name check logic. (diff) | |
| download | openssl-ca979e854b2ac847c3abdf10a6c61b569611b6ae.tar.xz openssl-ca979e854b2ac847c3abdf10a6c61b569611b6ae.zip | |
Updated CHANGES and NEWS for CVE-2024-6119 fix
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(cherry picked from commit cf384d35aa7142cc3b5de19f64d3972e77d3ff74)
Diffstat (limited to 'CHANGES.md')
| -rw-r--r-- | CHANGES.md | 17 |
1 files changed, 16 insertions, 1 deletions
diff --git a/CHANGES.md b/CHANGES.md index db01de1b35..da1a4ba63b 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -197,7 +197,21 @@ OpenSSL 3.4 OpenSSL 3.3 ----------- -### Changes between 3.3.0 and 3.3.1 [xx XXX xxxx] +### Changes between 3.3.1 and 3.3.2 [xx XXX xxxx] + + * Fixed possible denial of service in X.509 name checks. + + Applications performing certificate name checks (e.g., TLS clients checking + server certificates) may attempt to read an invalid memory address when + comparing the expected name with an `otherName` subject alternative name of + an X.509 certificate. This may result in an exception that terminates the + application program. + + [(CVE-2024-6119)] + + *Viktor Dukhovni* + +### Changes between 3.3.0 and 3.3.1 [4 Jun 2024] * Fixed potential use after free after SSL_free_buffers() is called. @@ -20832,6 +20846,7 @@ ndif <!-- Links --> +[CVE-2024-6119]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-6119 [CVE-2024-4741]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4741 [CVE-2024-4603]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4603 [CVE-2024-2511]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-2511 |