Changeset 17b2836 in mod_gnutls


Ignore:
Timestamp:
Feb 23, 2023, 2:18:04 PM (4 weeks ago)
Author:
Fiona Klute <fiona.klute@…>
Branches:
main, master
Parents:
82cb66b
git-author:
Fiona Klute <fiona.klute@…> (02/23/23 14:17:19)
git-committer:
Fiona Klute <fiona.klute@…> (02/23/23 14:18:04)
Message:

Note CVE ID in changelog for 0.12.1

The CVE ID was assigned a little after publishing the release, add it
for clarity.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • CHANGELOG

    r82cb66b r17b2836  
    11** Version 0.12.1 (2023-02-23)
    22
    3 - Security fix: Remove an infinite loop in blocking read on transport
    4   timeout. Mod_gnutls versions from 0.9.0 to 0.12.0 (including) did
    5   not properly fail blocking read operations on TLS connections when
    6   the transport hit timeouts. Instead it entered an endless loop
    7   retrying the read operation, consuming CPU resources. This could be
    8   exploited for denial of service attacks. If trace level logging was
    9   enabled, it would also produce an excessive amount of log output
    10   during the loop, consuming disk space.
     3- Security fix (CVE-2023-25824): Remove an infinite loop in blocking
     4  read on transport timeout. Mod_gnutls versions from 0.9.0 to 0.12.0
     5  (including) did not properly fail blocking read operations on TLS
     6  connections when the transport hit timeouts. Instead it entered an
     7  endless loop retrying the read operation, consuming CPU
     8  resources. This could be exploited for denial of service attacks. If
     9  trace level logging was enabled, it would also produce an excessive
     10  amount of log output during the loop, consuming disk space.
    1111
    1212- Replace obsolete Autoconf macros. Generating ./configure now
Note: See TracChangeset for help on using the changeset viewer.