]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 21fa437) | patch
openssl: fix CVE-2014-0221
authorPaul Eggleton <paul.eggleton@linux.intel.com>
Mon, 9 Jun 2014 15:53:45 +0000 (16:53 +0100)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Tue, 10 Jun 2014 16:05:53 +0000 (17:05 +0100)
commit6506f8993c84b966642ef857bb15cf96eada32e8
tree75bc3360b616ada9641fbe533b07dd08e522eecctree | snapshot
parent21fa437a37dad14145b6c8c8c16c95f1b074e09ccommit | diff
openssl: fix CVE-2014-0221

http://www.openssl.org/news/secadv_20140605.txt

DTLS recursion flaw (CVE-2014-0221)

By sending an invalid DTLS handshake to an OpenSSL DTLS client the code
can be made to recurse eventually crashing in a DoS attack.

Only applications using OpenSSL as a DTLS client are affected.

(Patch borrowed from Fedora.)

Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-1.0.1e-cve-2014-0221.patch [new file with mode: 0644] blob
meta/recipes-connectivity/openssl/openssl_1.0.1e.bb diff | blob | history
Mirror of the official openembedded-core repository