news
News
- YuOpenSSL-3.3 v1.0.1
- Update to OpenSSL 3.3.2.
- Fixed possible denial of service in X.509 name checks (CVE-2024-6119).
- Fixed possible buffer overread in
SSL_select_next_proto(CVE-2024-5535).
- YuOpenSSL-3.0 v1.3.4
- Update to OpenSSL 3.0.15.
- Fixed possible denial of service in X.509 name checks (CVE-2024-6119).
- Fixed possible buffer overread in
SSL_select_next_proto(CVE-2024-5535).
- YuOpenSSL-3.3 v1.0.0
- First release of YuOpenSSL-3.3 based on OpenSSL 3.3.1.
- YuXMLSec v1.0.3
- Update to XMLSec 1.2.37.
- Migration to OpenSSL 3.0 APIs. Needs YuOpenSSL-3.0 v1.2.6 or later.
- Several smaller fixes.
- YuOpenSSL-3.0 v1.2.6
- Add APIs for YuXmlSec v1.0.3.
- YuOpenSSL-3.0 v1.2.5
- Update to OpenSSL 3.0.7 (OpenSSL 3.0.6 was withdrawn by the OpenSSL developers).
- Fixed two high vulnerability buffer overflows in punycode decoding functions, CVE-2022-3786 and CVE-2022-3602.
- Added RIPEMD160 to the default provider.
- Other minor bug fixes.
- YuOpenSSL-3.0 v1.2.3
- Update to OpenSSL 3.0.5.
- Fix
BN_gcd()to check return value when callingBN_one(). - Add a check for the return of
i2s_ASN1_INTEGER(). - Fix
X509v3_addr_add_range(),X509v3_addr_canonize(), andX509v3_addr_is_canonical()to return the correct result. - Fix memory leak in
EC_GROUP_new_from_ecparameters(). - Add and improve various checks.
- YuOpenSSL-3.0 v1.2.3
- Update to OpenSSL 3.0.4.
- Minor bug fixes.
- Add some constants and functions, mainly related to
EVP_KEYEXCH…andX509v3_addr….
- YuOpenSSL-3.0 v1.2.2
- Fix OpenSSL version reported by
OpenSSL_version…()functions and constants likeOPENSSL_FULL_VERSION_STR.
- YuOpenSSL-3.0 v1.2.1
- Update to OpenSSL 3.0.3.
- Fixed a bug in the
OCSP_basic_verify()function that verifies the signer certificate on an OCSP response. - Fixed a bug where the RC4-MD5 ciphersuite incorrectly used the AAD data as the MAC key.
- Fix a bug in the
OPENSSL_LH_flush()function that breaks reuse of the memory occuppied by the removed hash table entries.
- YuOpenSSL-3.0 v1.2.0
- Update to OpenSSL 3.0.2.
- Fixed a bug in the
BN_mod_sqrt()function that can cause it to loop forever for non-prime moduli (CVE-2022-0778). - Add ciphersuites based on DHE_PSK and ECDHE_PSK to the list of ciphersuites providing Perfect Forward Secrecy as required by SECLEVEL >= 3.
- Fixed
PEM_write_bio_PKCS8PrivateKey()to make it possible to use empty passphrase strings.
- Add OCSP API functions for Internet Component Suite (ICS).
- YuOpenSSL-3.0 v1.3.2
- Update to OpenSSL 3.0.14.
- Fixed potential use after free after
SSL_free_buffers()is called (CVE-2024-4741). - Fixed an issue where checking excessively long DSA keys or parameters may be very slow (CVE-2024-4603).
- Fixed unbounded memory growth with session handling in TLSv1.3 (CVE-2024-2511).
- YuOpenSSL-3.0 v1.3.1
- Update to OpenSSL 3.0.13.
- Fixed PKCS12 Decoding crashes (CVE-2024-0727).
- Fixed Excessive time spent checking invalid RSA public keys (CVE-2023-6237).
- Fix excessive time spent in DH check / generation with large Q parameter value (CVE-2023-5678).
- YuOpenSSL-3.0 v1.2.13
- Update to OpenSSL 3.0.12.
- Fix CVE-2023-5363: Mitigate incorrect resize handling for symmetric cipher keys and IVs.
- YuOpenSSL-3.0 v1.2.12
- Update to OpenSSL 3.0.11.
- YuOpenSSL-3.0 v1.2.11
- Update to OpenSSL 3.0.10.
- Fix CVE-2023-3817: Excessive time spent checking DH q parameter value.
- YuOpenSSL-3.0 v1.2.9
- Fix CVE-2023-2975: AES-SIV implementation ignores empty associated data entries.
- Fix CVE-2023-3446: Excessive time spent checking DH keys and parameters.
- YuOpenSSL-3.0 v1.2.11
- Update to OpenSSL 3.0.10.
- Fix CVE-2023-3817: Excessive time spent checking DH q parameter value.
- YuOpenSSL-3.0 v1.2.8
- Add APIs for YuXMLSec v1.1.0.
- Cherry pick low severity CVE fixes.
- YuOpenSSL-3.0 v1.2.7
- Update to OpenSSL 3.0.8.
- Security fixes.
news.txt · Last modified: 2016/03/03 12:49 by 127.0.0.1