From ad1a2c0bd66f7ce5108598c5921185b48010abd6 Mon Sep 17 00:00:00 2001 From: Povilas Kanapickas Date: Mon, 1 Nov 2021 21:31:01 +0200 Subject: [PATCH] Release notes for v2.3.4 --- .../close-failed-handshake-connections.bugfix | 6 ---- .../enforce-maximum-message-length.bugfix | 6 ---- .../fix-crash-on-ssl-hello.bugfix | 4 --- doc/newsfragments/ssl-corrupted-data.bugfix | 2 -- doc/release_notes/index.md | 28 +++++++++++++++++++ 5 files changed, 28 insertions(+), 18 deletions(-) delete mode 100644 doc/newsfragments/close-failed-handshake-connections.bugfix delete mode 100644 doc/newsfragments/enforce-maximum-message-length.bugfix delete mode 100644 doc/newsfragments/fix-crash-on-ssl-hello.bugfix delete mode 100644 doc/newsfragments/ssl-corrupted-data.bugfix diff --git a/doc/newsfragments/close-failed-handshake-connections.bugfix b/doc/newsfragments/close-failed-handshake-connections.bugfix deleted file mode 100644 index 0dc8c16c..00000000 --- a/doc/newsfragments/close-failed-handshake-connections.bugfix +++ /dev/null @@ -1,6 +0,0 @@ -SECURITY ISSUE - -Barrier will now correctly close connections when the app-level handshake fails (fixes CVE-2021-42075). - -Previously repeated failing connections would leak file descriptors leading to Barrier being unable -to receive new connections from clients. diff --git a/doc/newsfragments/enforce-maximum-message-length.bugfix b/doc/newsfragments/enforce-maximum-message-length.bugfix deleted file mode 100644 index 81ec2ba0..00000000 --- a/doc/newsfragments/enforce-maximum-message-length.bugfix +++ /dev/null @@ -1,6 +0,0 @@ -SECURITY ISSUE - -Barrier will now enforce a maximum length of input messages (fixes CVE-2021-42076). - -Previously it was possible for a malicious client or server to send excessive length messages -leading to denial of service by resource exhaustion. diff --git a/doc/newsfragments/fix-crash-on-ssl-hello.bugfix b/doc/newsfragments/fix-crash-on-ssl-hello.bugfix deleted file mode 100644 index 30bb0603..00000000 --- a/doc/newsfragments/fix-crash-on-ssl-hello.bugfix +++ /dev/null @@ -1,4 +0,0 @@ -SECURITY ISSUE - -Fixed a bug which caused Barrier to crash when disconnecting a TCP session just after sending Hello message. -This bug allowed an unauthenticated attacker to crash Barrier with only network access. diff --git a/doc/newsfragments/ssl-corrupted-data.bugfix b/doc/newsfragments/ssl-corrupted-data.bugfix deleted file mode 100644 index db8bbf86..00000000 --- a/doc/newsfragments/ssl-corrupted-data.bugfix +++ /dev/null @@ -1,2 +0,0 @@ -Fixed a bug in SSL implementation that caused invalid data occasionally being sent to clients -under heavy load. diff --git a/doc/release_notes/index.md b/doc/release_notes/index.md index 77dd565a..006debb5 100644 --- a/doc/release_notes/index.md +++ b/doc/release_notes/index.md @@ -2,3 +2,31 @@ Release notes ============= [comment]: <> (towncrier release notes start) + +Barrier `2.3.4` ( `2021-11-01` ) +================================ + +Security fixes +-------------- + +- Barrier will now correctly close connections when the app-level handshake fails (fixes CVE-2021-42075). + + Previously repeated failing connections would leak file descriptors leading to Barrier being unable + to receive new connections from clients. + +- Barrier will now enforce a maximum length of input messages (fixes CVE-2021-42076). + + Previously it was possible for a malicious client or server to send excessive length messages + leading to denial of service by resource exhaustion. + +- Fixed a bug which caused Barrier to crash when disconnecting a TCP session just after sending Hello message. + This bug allowed an unauthenticated attacker to crash Barrier with only network access. + +All of the above security issues have been reported by Matthias Gerstner who was really helpful +resolving them. + +Bug fixes +--------- + +- Fixed a bug in SSL implementation that caused invalid data occasionally being sent to clients + under heavy load.