Updates CHANGES and NEWS for new release

Reviewed-by: N Richard Levitte <levitte@openssl.org>

Updates CHANGES and NEWS for new release
Reviewed-by: N Richard Levitte <levitte@openssl.org>
3133c2d3 · Matt Caswell · 44f206aa · 3133c2d3 · 3133c2d3
隐藏空白更改
内联并排

Showing with 21 addition and 0 deletion

CHANGES CHANGES +17 -0

NEWS NEWS +4 -0

未找到文件。
--- a/CHANGES
+++ b/CHANGES
@@ -11,6 +11,23 @@
     https://www.akkadia.org/drepper/SHA-crypt.txt
     [Richard Levitte]

+ Changes between 1.1.0a and 1.1.0b [26 Sep 2016]
+
+  *) Fix Use After Free for large message sizes
+
+     The patch applied to address CVE-2016-6307 resulted in an issue where if a
+     message larger than approx 16k is received then the underlying buffer to
+     store the incoming message is reallocated and moved. Unfortunately a
+     dangling pointer to the old location is left which results in an attempt to
+     write to the previously freed location. This is likely to result in a
+     crash, however it could potentially lead to execution of arbitrary code.
+
+     This issue only affects OpenSSL 1.1.0a.
+
+     This issue was reported to OpenSSL by Robert Święcki.
+     (CVE-2016-6309)
+     [Matt Caswell]
+
 Changes between 1.1.0 and 1.1.0a [22 Sep 2016]

  *) OCSP Status Request extension unbounded memory growth

--- a/NEWS
+++ b/NEWS
@@ -9,6 +9,10 @@

      o

+  Major changes between OpenSSL 1.1.0a and OpenSSL 1.1.0b [26 Sep 2016]
+
+      o Fix Use After Free for large message sizes (CVE-2016-6309)
+
  Major changes between OpenSSL 1.1.0 and OpenSSL 1.1.0a [22 Sep 2016]

      o OCSP Status Request extension unbounded memory growth (CVE-2016-6304)