Skip to content

Commit

Permalink
Update CHANGES.md and NEWS.md for the upcoming release
Browse files Browse the repository at this point in the history 
Reviewed-by: Matt Caswell <[email protected]>
Reviewed-by: Tom Cosgrove <[email protected]>
(Merged from openssl#24550)

(cherry picked from commit 3fa9df5)
  • Loading branch information
@t8m
t8m committed Jun 4, 2024
1 parent 0324602 commit e815e0b
Show file tree
Hide file tree
Showing 2 changed files with 34 additions and 0 deletions.
25 changes: 25 additions & 0 deletions CHANGES.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,29 @@ OpenSSL 3.1

### Changes between 3.1.5 and 3.1.6 [xx XXX xxxx]

* Fixed potential use after free after SSL_free_buffers() is called.

The SSL_free_buffers function is used to free the internal OpenSSL
buffer used when processing an incoming record from the network.
The call is only expected to succeed if the buffer is not currently
in use. However, two scenarios have been identified where the buffer
is freed even when still in use.

The first scenario occurs where a record header has been received
from the network and processed by OpenSSL, but the full record body
has not yet arrived. In this case calling SSL_free_buffers will succeed
even though a record has only been partially processed and the buffer
is still in use.

The second scenario occurs where a full record containing application
data has been received and processed by OpenSSL but the application has
only read part of this data. Again a call to SSL_free_buffers will
succeed even though the buffer is still in use.

([CVE-2024-4741])

*Matt Caswell*

* Fixed an issue where checking excessively long DSA keys or parameters may
be very slow.

Expand Down Expand Up @@ -19991,6 +20014,8 @@ ndif

<!-- Links -->

[CVE-2024-4741]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4741
[CVE-2024-4603]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4603
[CVE-2024-2511]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-2511
[CVE-2024-0727]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-0727
[CVE-2023-6237]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6237
Expand Down
9 changes: 9 additions & 0 deletions NEWS.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,13 @@ OpenSSL 3.1

### Major changes between OpenSSL 3.1.5 and OpenSSL 3.1.6 [under development]

* Fixed potential use after free after SSL_free_buffers() is called
([CVE-2024-4741])

* Fixed an issue where checking excessively long DSA keys or parameters may
be very slow
([CVE-2024-4603])

* Fixed unbounded memory growth with session handling in TLSv1.3
([CVE-2024-2511])

Expand Down Expand Up @@ -1491,6 +1498,8 @@ OpenSSL 0.9.x

<!-- Links -->

[CVE-2024-4741]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4741
[CVE-2024-4603]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4603
[CVE-2024-2511]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-2511
[CVE-2024-0727]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-0727
[CVE-2023-6237]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6237
Expand Down

0 comments on commit e815e0b

Please sign in to comment.