From 21c8fb88d041c2ebf1136b70c5ccaa5ecd0d9305 Mon Sep 17 00:00:00 2001 From: Povilas Kanapickas Date: Tue, 2 Nov 2021 14:32:21 +0200 Subject: [PATCH] doc: Add missed details to v2.3.4 and v2.4.0 release notes --- doc/release_notes/index.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/doc/release_notes/index.md b/doc/release_notes/index.md index 72d3a43b..0f2b7ca1 100644 --- a/doc/release_notes/index.md +++ b/doc/release_notes/index.md @@ -25,6 +25,9 @@ Security fixes again. Client and server will show both SHA1 and SHA256 server fingerprints to allow interoperability with older versions of Barrier. +All of the above security issues have been reported by Matthias Gerstner who was really helpful +resolving them. + Bug fixes --------- @@ -81,7 +84,8 @@ Security fixes Previously it was possible for a malicious client or server to send excessive length messages leading to denial of service by resource exhaustion. -- Fixed a bug which caused Barrier to crash when disconnecting a TCP session just after sending Hello message. +- Fixed a bug which caused Barrier to crash when disconnecting a TCP session just after sending + Hello message (fixes CVE-2021-42074). This bug allowed an unauthenticated attacker to crash Barrier with only network access. All of the above security issues have been reported by Matthias Gerstner who was really helpful