diff options
| author | Jung-uk Kim <jkim@FreeBSD.org> | 2016-05-03 18:00:27 +0000 |
|---|---|---|
| committer | Jung-uk Kim <jkim@FreeBSD.org> | 2016-05-03 18:00:27 +0000 |
| commit | 57f1256b1a087adbdf8e5c080dd9ed7975de939a (patch) | |
| tree | 2dd85c58056a364765d9ae59d6a1774d41f88523 /NEWS | |
| parent | 9aeed18ad799c20d3accf6e1535817538dc983f6 (diff) | |
| download | src-57f1256b1a087adbdf8e5c080dd9ed7975de939a.tar.gz src-57f1256b1a087adbdf8e5c080dd9ed7975de939a.zip | |
Import OpenSSL 1.0.2h.vendor/openssl/1.0.2h
Notes
Notes:
svn path=/vendor-crypto/openssl/dist/; revision=298991
svn path=/vendor-crypto/openssl/1.0.2h/; revision=298992; tag=vendor/openssl/1.0.2h
Diffstat (limited to 'NEWS')
| -rw-r--r-- | NEWS | 13 |
1 files changed, 13 insertions, 0 deletions
@@ -5,6 +5,19 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. + Major changes between OpenSSL 1.0.2g and OpenSSL 1.0.2h [3 May 2016] + + o Prevent padding oracle in AES-NI CBC MAC check (CVE-2016-2107) + o Fix EVP_EncodeUpdate overflow (CVE-2016-2105) + o Fix EVP_EncryptUpdate overflow (CVE-2016-2106) + o Prevent ASN.1 BIO excessive memory allocation (CVE-2016-2109) + o EBCDIC overread (CVE-2016-2176) + o Modify behavior of ALPN to invoke callback after SNI/servername + callback, such that updates to the SSL_CTX affect ALPN. + o Remove LOW from the DEFAULT cipher list. This removes singles DES from + the default. + o Only remove the SSLv2 methods with the no-ssl2-method option. + Major changes between OpenSSL 1.0.2f and OpenSSL 1.0.2g [1 Mar 2016] o Disable weak ciphers in SSLv3 and up in default builds of OpenSSL. |