Skip to content

Commit

Permalink
Update CHANGES.md and NEWS.md for the upcoming release
Browse files Browse the repository at this point in the history
Reviewed-by: Matt Caswell <[email protected]>
Reviewed-by: Tom Cosgrove <[email protected]>
(Merged from openssl#24549)

(cherry picked from commit 6152b08)
  • Loading branch information
t8m committed Jun 4, 2024
1 parent 0285160 commit ae20c42
Show file tree
Hide file tree
Showing 2 changed files with 44 additions and 1 deletion.
25 changes: 25 additions & 0 deletions CHANGES.md
Original file line number Diff line number Diff line change
Expand Up @@ -100,6 +100,29 @@ OpenSSL 3.3

### Changes between 3.3.0 and 3.3.1 [xx XXX xxxx]

* Fixed potential use after free after SSL_free_buffers() is called.

The SSL_free_buffers function is used to free the internal OpenSSL
buffer used when processing an incoming record from the network.
The call is only expected to succeed if the buffer is not currently
in use. However, two scenarios have been identified where the buffer
is freed even when still in use.

The first scenario occurs where a record header has been received
from the network and processed by OpenSSL, but the full record body
has not yet arrived. In this case calling SSL_free_buffers will succeed
even though a record has only been partially processed and the buffer
is still in use.

The second scenario occurs where a full record containing application
data has been received and processed by OpenSSL but the application has
only read part of this data. Again a call to SSL_free_buffers will
succeed even though the buffer is still in use.

([CVE-2024-4741])

*Matt Caswell*

* Fixed an issue where checking excessively long DSA keys or parameters may
be very slow.

Expand Down Expand Up @@ -20702,6 +20725,8 @@ ndif

<!-- Links -->

[CVE-2024-4741]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4741
[CVE-2024-4603]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4603
[CVE-2024-2511]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-2511
[CVE-2024-0727]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-0727
[CVE-2023-6237]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6237
Expand Down
20 changes: 19 additions & 1 deletion NEWS.md
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,21 @@ This release is in development.
OpenSSL 3.3
-----------

### Major changes between OpenSSL 3.2 and OpenSSL 3.3 [under development]
### Major changes between OpenSSL 3.3.0 and OpenSSL 3.3.1 [under development]

OpenSSL 3.3.1 is a security patch release. The most severe CVE fixed in this
release is Low.

This release incorporates the following bug fixes and mitigations:

* Fixed potential use after free after SSL_free_buffers() is called
([CVE-2024-4741])

* Fixed an issue where checking excessively long DSA keys or parameters may
be very slow
([CVE-2024-4603])

### Major changes between OpenSSL 3.2 and OpenSSL 3.3.0 [9 Apr 2024]

OpenSSL 3.3.0 is a feature release adding significant new functionality to
OpenSSL.
Expand Down Expand Up @@ -171,8 +185,10 @@ This release incorporates the following bug fixes and mitigations:

* Fixed PKCS12 Decoding crashes
([CVE-2024-0727])

* Fixed excessive time spent checking invalid RSA public keys
([CVE-2023-6237])

* Fixed POLY1305 MAC implementation corrupting vector registers on PowerPC
CPUs which support PowerISA 2.07
([CVE-2023-6129])
Expand Down Expand Up @@ -1725,6 +1741,8 @@ OpenSSL 0.9.x

<!-- Links -->

[CVE-2024-4741]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4741
[CVE-2024-4603]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4603
[CVE-2024-2511]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-2511
[CVE-2024-0727]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-0727
[CVE-2023-6237]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6237
Expand Down

0 comments on commit ae20c42

Please sign in to comment.