TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 36abef4c5c0a9466085719ec1a102198374fa657^! / . / ChangeLog
commit36abef4c5c0a9466085719ec1a102198374fa657[log] [tgz]
authorSimon Butcher <simon.butcher@arm.com>Mon Oct 05 16:44:59 2015 +0100
committerSimon Butcher <simon.butcher@arm.com>Mon Oct 05 16:44:59 2015 +0100
treef1280a46d66306d46493af3769b712d3cc3a66ee
parentf3e6e4badb35760c9a543ee69b7449cb0cd9784b [diff] [blame]
parentfa647a75a127048e72c0bd1256e8f74a8689a912 [diff] [blame]
Merge multiple backported vulnerability fixes

diff --git a/ChangeLog b/ChangeLog
index ddba5c0..d8d6798 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -3,14 +3,37 @@
 = mbed TLS 1.3.14 released 2015-10-xx
 
 Security
-   * Added fix for CVE-2015-xxxxx to prevent heap corruption due to buffer
-     overflow of the hostname or session ticket. (Found by Guido Vranken)
+   * Added fix for CVE-2015-5291 to prevent heap corruption due to buffer
+     overflow of the hostname or session ticket. Found by Guido Vranken,
+     Intelworks.
+   * Fix stack buffer overflow in pkcs12 decryption (used by
+     mbedtls_pk_parse_key(file)() when the password is > 129 bytes. Found by
+     Guido Vranken, Intelworks. Not triggerable remotely.
+   * Fix potential buffer overflow in mbedtls_mpi_read_string().
+     Found by Guido Vranken, Intelworks. Not exploitable remotely in the context
+     of TLS, but might be in other uses. On 32 bit machines, requires reading a
+     string of close to or larger than 1GB to exploit; on 64 bit machines, would
+     require reading a string of close to or larger than 2^62 bytes.
+   * Fix potential random memory allocation in mbedtls_pem_read_buffer()
+     on crafted PEM input data. Found and fix provided by Guido Vranken,
+     Intelworks. Not triggerable remotely in TLS. Triggerable remotely if you
+     accept PEM data from an untrusted source.
+   * Fix potential double-free if ssl_set_psk() is called repeatedly on
+     the same ssl_context object and some memory allocations fail. Found by
+     Guido Vranken, Intelworks. Can not be forced remotely.
+   * Fix possible heap buffer overflow in base64_encode() when the input
+     buffer is 512MB or larger on 32-bit platforms. Found by Guido Vranken,
+     Intelworks. Found by Guido Vranken. Not trigerrable remotely in TLS.
+   * Fix potential heap buffer overflow in servers that perform client
+     authentication against a crafted CA cert. Cannot be triggered remotely
+     unless you allow third parties to pick trust CAs for client auth. Found by
+     Guido Vranken, Intelworks.
 
 Changes
    * Added checking of hostname length in ssl_set_hostname() to ensure domain
      names are compliant with RFC 1035.
 
-= mbed TLS 1.3.13 reladsed 2015-09-17
+= mbed TLS 1.3.13 released 2015-09-17
 
 Security
    * Fix possible client-side NULL pointer dereference (read) when the client