]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: d627e5b) | patch
openssl: CVE: CVE-2017-3731
authorAlexandru Moise <alexandru.moise@windriver.com>
Tue, 7 Feb 2017 11:48:47 +0000 (13:48 +0200)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Wed, 8 Feb 2017 12:00:02 +0000 (12:00 +0000)
commit1fe1cb3e6e03b4f7f0d30b2b67edc8809a18fe70
tree352ca98b645c46ed24246099b4dde8a723a5fb2dtree | snapshot
parentd627e5bd50f66275cb3a77036ea3376a6f1e9a96commit | diff
openssl: CVE: CVE-2017-3731

If an SSL/TLS server or client is running on a 32-bit host, and a
specific cipher is being used, then a truncated packet can cause that
server or client  to perform an out-of-bounds read, usually resulting
in a crash.

Backported from:
https://github.com/openssl/openssl/commit/8e20499629b6bcf868d0072c7011e590b5c2294d
https://github.com/openssl/openssl/commit/2198b3a55de681e1f3c23edb0586afe13f438051

* CVE: CVE-2017-3731

Upstream-status: Backport

Signed-off-by: Alexandru Moise <alexandru.moise@windriver.com>
meta/recipes-connectivity/openssl/openssl/0001-CVE-2017-3731.patch [new file with mode: 0644] blob
meta/recipes-connectivity/openssl/openssl/0002-CVE-2017-3731.patch [new file with mode: 0644] blob
meta/recipes-connectivity/openssl/openssl_1.0.2j.bb diff | blob | history
Mirror of the official openembedded-core repository