code.ossystems Code Review - openembedded-core.git/commit

]> code.ossystems Code Review - openembedded-core.git/commit

Code Review / openembedded-core.git / commit

author	Paul Eggleton <paul.eggleton@linux.intel.com>
	Mon, 9 Jun 2014 15:51:18 +0000 (16:51 +0100)
committer	Richard Purdie <richard.purdie@linuxfoundation.org>
	Tue, 10 Jun 2014 16:10:35 +0000 (17:10 +0100)
commit	833920fadd58fe353d27f94f340e3a9f6923afb8
tree	648dfd0562d960e56783c617475868c076d6d82f	tree \| snapshot
parent	d3d6eee3353fcce09e1d6b0181a0ea7b52b7a937	commit \| diff

openssl: fix CVE-2014-0221

http://www.openssl.org/news/secadv_20140605.txt

DTLS recursion flaw (CVE-2014-0221)

By sending an invalid DTLS handshake to an OpenSSL DTLS client the code
can be made to recurse eventually crashing in a DoS attack.

Only applications using OpenSSL as a DTLS client are affected.

(Patch borrowed from Fedora.)

Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>

meta/recipes-connectivity/openssl/openssl/openssl-1.0.1e-cve-2014-0221.patch	[new file with mode: 0644]	blob
meta/recipes-connectivity/openssl/openssl_1.0.1g.bb		diff \| blob \| history

Mirror of the official openembedded-core repository

RSS Atom