]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 1bd77c2) | patch
openssl: fix CVE-2014-0195
authorPaul Eggleton <paul.eggleton@linux.intel.com>
Mon, 9 Jun 2014 15:51:16 +0000 (16:51 +0100)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Tue, 10 Jun 2014 16:10:34 +0000 (17:10 +0100)
commit5bcb997663a6bd7a4d7395dcdb5e027d7f2bab81
tree967cbd30a6261e32099749e80fee5dd52f4b22abtree | snapshot
parent1bd77c28fdb51d1a0dad55c8d1af2991046c801dcommit | diff
openssl: fix CVE-2014-0195

From the OpenSSL Security Advisory [05 Jun 2014]
http://www.openssl.org/news/secadv_20140605.txt

DTLS invalid fragment vulnerability (CVE-2014-0195)

A buffer overrun attack can be triggered by sending invalid DTLS fragments
to an OpenSSL DTLS client or server. This is potentially exploitable to
run arbitrary code on a vulnerable client or server.

Only applications using OpenSSL as a DTLS client or server affected.

(Patch borrowed from Fedora.)

Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
meta/recipes-connectivity/openssl/openssl/openssl-1.0.1e-cve-2014-0195.patch [new file with mode: 0644] blob
meta/recipes-connectivity/openssl/openssl_1.0.1g.bb diff | blob | history
Mirror of the official openembedded-core repository