|
Message-ID: <20140404100758.19f40b20@hboeck.de>
Date: Fri, 4 Apr 2014 10:07:58 +0200
From: Hanno Böck <hanno@...eck.de>
To: oss-security@...ts.openwall.com
Subject: Lots of CVEs ahead in TLS implementations
Hi,
There is a pretty interesting new research paper that tries to find all
kinds of vulnerabilities in TLS implementations regarding certificate
validation:
https://www.cs.utexas.edu/~shmat/shmat_oak14.pdf
They found a whole bunch of issues in various open source ssl
implementations
Maybe we can start some collaborative effort to dig through them and
assign CVEs. Some seem to have already been handled, e.g. one of the
most sever issues found is CVE-2014-1959 in gnutls (already fixed
upstream). However, others seem unhandled.
Beside: It's well worth reading the paper if you're into that stuff.
cu,
--
Hanno Böck
http://hboeck.de/
mail/jabber: hanno@...eck.de
GPG: BBB51E42
Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.