Date: Fri, 4 Apr 2014 10:07:58 +0200 From: Hanno Böck <hanno@...eck.de> To: oss-security@...ts.openwall.com Subject: Lots of CVEs ahead in TLS implementations Hi, There is a pretty interesting new research paper that tries to find all kinds of vulnerabilities in TLS implementations regarding certificate validation: https://www.cs.utexas.edu/~shmat/shmat_oak14.pdf They found a whole bunch of issues in various open source ssl implementations Maybe we can start some collaborative effort to dig through them and assign CVEs. Some seem to have already been handled, e.g. one of the most sever issues found is CVE-2014-1959 in gnutls (already fixed upstream). However, others seem unhandled. Beside: It's well worth reading the paper if you're into that stuff. cu, -- Hanno Böck http://hboeck.de/ mail/jabber: hanno@...eck.de GPG: BBB51E42 Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.