testing/openssl-3
SHA256
3
0
Fork 0
forked from pool/openssl-3
Code Pull Requests Activity
openssl-3/openssl-3.0.7.tar.gz
Pedro Monreal Gonzalez c7c7fd87d3 Accepting request 1032747 from home:ohollmann:branches:security:tls 
- Temporary disable tests test_ssl_new and test_sslapi because they are
  failing in openSUSE_Tumbleweed

- Update to 3.0.7: [bsc#1204714, CVE-2022-3602,CVE-2022-3786]
  * Fixed two buffer overflows in punycode decoding functions.
    A buffer overrun can be triggered in X.509 certificate verification,
    specifically in name constraint checking. Note that this occurs after
    certificate chain signature verification and requires either a CA to
    have signed the malicious certificate or for the application to continue
    certificate verification despite failure to construct a path to a trusted
    issuer.
    In a TLS client, this can be triggered by connecting to a malicious
    server.  In a TLS server, this can be triggered if the server requests
    client authentication and a malicious client connects.
    An attacker can craft a malicious email address to overflow
    an arbitrary number of bytes containing the `.`  character (decimal 46)
    on the stack.  This buffer overflow could result in a crash (causing a
    denial of service).
    ([CVE-2022-3786])
    An attacker can craft a malicious email address to overflow four
    attacker-controlled bytes on the stack.  This buffer overflow could
    result in a crash (causing a denial of service) or potentially remote code
    execution depending on stack layout for any given platform/compiler.
    ([CVE-2022-3602])
  * Removed all references to invalid OSSL_PKEY_PARAM_RSA names for CRT
    parameters in OpenSSL code.
    Applications should not use the names OSSL_PKEY_PARAM_RSA_FACTOR,
    OSSL_PKEY_PARAM_RSA_EXPONENT and OSSL_PKEY_PARAM_RSA_COEFFICIENT.
    Use the numbered names such as OSSL_PKEY_PARAM_RSA_FACTOR1 instead.
    Using these invalid names may cause algorithms to use slower methods

OBS-URL: https://build.opensuse.org/request/show/1032747
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-3?expand=0&rev=47
2022-11-01 20:31:17 +00:00

4 lines
133 B
Plaintext
Raw Blame History

version https://git-lfs.github.com/spec/v1
oid sha256:83049d042a260e696f62406ac5c08bf706fd84383f945cf21bd61e9ed95c396e
size 15107575
View Git Blame Copy Permalink