Topic: [SOLVED] Fixed security issues in CyaSSL release 2.9.4 and 3.0.0

Hi,

I am using CyaSSL embedded SSL release 2.9.0. According to the Changelog http://www.yassl.com/yaSSL/Docs-cyassl-changelog.html, releases 2.9.4 and 3.0.0 have fixed security bugs reported by Ivan Fratric of the Google Security Team and Suman Jana at UT Austin and UC Davis. Could you please give me some detail about the nature of fixed issues? Otherwise I have to do a code comparison to find out these details.

Thanks,
Yun

Share

Re: [SOLVED] Fixed security issues in CyaSSL release 2.9.4 and 3.0.0

Hi,

I found the answer to my questions:

1) Vulnerabilities reported by the Google Security team are described here in wolfSSL Security Advisory:
http://www.yassl.com/yaSSL/Blog/Entries … _2014.html

It would be helpful, if the change log had a link to this blog.

2) Vulnerabilities reported by Suman Jana is described here: http://cve.mitre.org/cgi-bin/cvename.cg … 4-1959.The affected function in CyaSSL is ParseCertRelative() in asn.c.

Regards,
Yun

Share

Re: [SOLVED] Fixed security issues in CyaSSL release 2.9.4 and 3.0.0

Yun,

Glad to hear you found the correct link.

Best Regards,
Chris