sora_hのブックマーク - はてなブックマーク

OpenSSL Security Advisory [8th April 2024]

sora_h 2024/04/09

Unbounded memory growth with session handling in TLSv1.3 (CVE-2024-2511)

リンク

https://www.openssl.org/news/secadv/20240109.txt

sora_h 2024/01/10

リンク

/news/openssl-3.2-notes.html

sora_h 2023/11/24

リンク

https://www.openssl.org/news/secadv/20230719.txt

sora_h 2023/07/19

リンク

https://www.openssl.org/news/secadv/20230207.txt

sora_h 2023/02/08

リンク

CVE-2022-3786 and CVE-2022-3602: X.509 Email Address Buffer Overflows - OpenSSL Blog

Today we published an advisory about CVE-2022-3786 (“X.509 Em ail Address Variable Length Buffer Overflow”) and CVE-2022-3602 (“X.509 Em ail Address 4-byte Buffer Overflow”). Please read the advisory for specific details about these CVEs and how they might impact you. This blog post will address some common questions that we expect to be asked about these CVEs. Q: The 3.0.7 release was announced as

sora_h 2022/11/02

"Is this a branded vulnerability?" で笑う

リンク

[ OpenSSL 3.0 Series Release Notes ] - /news/openssl-3.0-notes.html

OpenSSL 3.0 Series Release Notes The major changes and known issues for the 3.0 branch of the OpenSSL toolkit are summarised below. The contents reflect the current state of the NEWS file inside the git repository. More details can be found in the ChangeLog. Major changes between OpenSSL 3.0.12 and OpenSSL 3.0.13 [30 Jan 2024] Fixed PKCS12 Decoding crashes ([CVE-2024-0727]) Fixed Excessive time sp

sora_h 2021/09/08

リンク

OpenSSL Security Advisory : CA certificate check bypass with X509_V_FLAG_X509_STRICT (CVE-2021-3450)

sora_h 2021/03/26

リンク

OpenSSL Security Advisory [09 September 2020]

sora_h 2020/09/09

Raccoon Attack (CVE-2020-1968)

リンク

Using TLS1.3 With OpenSSL - OpenSSL Blog

Note: This is an outdated version of this blog post. This information is now maintained in a wiki page. See here for the latest version. The forthcoming OpenSSL 1.1.1 release will include support for TLSv1.3. The new release will be binary and API compatible with OpenSSL 1.1.0. In theory, if your application supports OpenSSL 1.1.0, then all you need to do to upgrade is to drop in the new version o

sora_h 2017/05/26

リンク

Licensing Update - OpenSSL Blog

Licensing Update Posted by Rich Salz , Mar 22 nd , 2017 12:00 pm The following is a press release that we just released, with the cooperation and financial support of the Core Infrastructure Initiative and the Linux Foundation. In the next few days we’ll start sending out em ail to all contributors asking them to approve the change. In the meantime, you can visit the licensing website and search fo