Update CHANGES and NEWS for new release

Reviewed-by: Richard Levitte <levitte@openssl.org>
author: Matt Caswell <matt@openssl.org> 2017-01-24 16:34:40 +0000
committer: Matt Caswell <matt@openssl.org> 2017-01-26 11:02:44 +0000
commit: 06f87e9685bb2faa033f682aa66b70059e398f71 (patch)
tree: 3544a2f42896dcc5b9dcc2235bba0b3fbbc75f77
parent: 918d8eadb35746456fd1a9d4e219c63ff706173e (diff)
download: openssl-new-06f87e9685bb2faa033f682aa66b70059e398f71.tar.gz
2 files changed, 32 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index 15c927720c..17a84726b8 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,36 @@
 
  Changes between 1.0.2j and 1.0.2k [xx XXX xxxx]
 
+  *) Truncated packet could crash via OOB read
+
+     If one side of an SSL/TLS path is running on a 32-bit host and a specific
+     cipher is being used, then a truncated packet can cause that host to
+     perform an out-of-bounds read, usually resulting in a crash.
+
+     This issue was reported to OpenSSL by Robert Święcki of Google.
+     (CVE-2017-3731)
+     [Andy Polyakov]
+
+  *) BN_mod_exp may produce incorrect results on x86_64
+
+     There is a carry propagating bug in the x86_64 Montgomery squaring
+     procedure. No EC algorithms are affected. Analysis suggests that attacks
+     against RSA and DSA as a result of this defect would be very difficult to
+     perform and are not believed likely. Attacks against DH are considered just
+     feasible (although very difficult) because most of the work necessary to
+     deduce information about a private key may be performed offline. The amount
+     of resources required for such an attack would be very significant and
+     likely only accessible to a limited number of attackers. An attacker would
+     additionally need online access to an unpatched system using the target
+     private key in a scenario with persistent DH parameters and a private
+     key that is shared between multiple clients. For example this can occur by
+     default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very
+     similar to CVE-2015-3193 but must be treated as a separate problem.
+
+     This issue was reported to OpenSSL by the OSS-Fuzz project.
+     (CVE-2017-3732)
+     [Andy Polyakov]
+
   *) Montgomery multiplication may produce incorrect results
 
      There is a carry propagating bug in the Broadwell-specific Montgomery
diff --git a/NEWS b/NEWS
index efd2dbf0bd..23db08e481 100644
--- a/NEWS
+++ b/NEWS
@@ -7,6 +7,8 @@
 
   Major changes between OpenSSL 1.0.2j and OpenSSL 1.0.2k [under development]
 
+      o Truncated packet could crash via OOB read (CVE-2017-3731)
+      o BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732)
       o Montgomery multiplication may produce incorrect results (CVE-2016-7055)
 
   Major changes between OpenSSL 1.0.2i and OpenSSL 1.0.2j [26 Sep 2016]
author	Matt Caswell <matt@openssl.org>	2017-01-24 16:34:40 +0000
committer	Matt Caswell <matt@openssl.org>	2017-01-26 11:02:44 +0000
commit	06f87e9685bb2faa033f682aa66b70059e398f71 (patch)
tree	3544a2f42896dcc5b9dcc2235bba0b3fbbc75f77
parent	918d8eadb35746456fd1a9d4e219c63ff706173e (diff)
download	openssl-new-06f87e9685bb2faa033f682aa66b70059e398f71.tar.gz