code.ossystems Code Review - openembedded-core.git/commit

]> code.ossystems Code Review - openembedded-core.git/commit

Code Review / openembedded-core.git / commit

author	Paul Eggleton <paul.eggleton@linux.intel.com>
	Mon, 9 Jun 2014 10:21:20 +0000 (11:21 +0100)
committer	Paul Eggleton <paul.eggleton@linux.intel.com>
	Mon, 9 Jun 2014 12:57:13 +0000 (13:57 +0100)
commit	aac6d15448e9a471a8d4ce086538b39f0b928518
tree	ef94bbca3c6b3dee95df976e37212bededdd9263	tree \| snapshot
parent	7ff1924674871d604f9656f3928b91dc417c7246	commit \| diff

openssl: fix CVE-2014-0195

From the OpenSSL Security Advisory [05 Jun 2014]
http://www.openssl.org/news/secadv_20140605.txt

DTLS invalid fragment vulnerability (CVE-2014-0195)

A buffer overrun attack can be triggered by sending invalid DTLS fragments
to an OpenSSL DTLS client or server. This is potentially exploitable to
run arbitrary code on a vulnerable client or server.

Only applications using OpenSSL as a DTLS client or server affected.

(Patch borrowed from Fedora.)

Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>

meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-1.0.1e-cve-2014-0195.patch	[new file with mode: 0644]	blob
meta/recipes-connectivity/openssl/openssl_1.0.1e.bb		diff \| blob \| history

Mirror of the official openembedded-core repository

RSS Atom