]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 5165d2e) | patch
wpa-supplicant: fix CVE-2021-30004
authorStefan Ghinea <stefan.ghinea@windriver.com>
Thu, 8 Apr 2021 16:43:30 +0000 (19:43 +0300)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Sun, 18 Apr 2021 10:29:05 +0000 (11:29 +0100)
commitb32b671bf430b36a5547f8d822dbb760d6be47f7
tree49317b0344849f825e48fdb31cb6846c9f0b5bb7tree | snapshot
parent5165d2e38406c29809dcdbbde4fbc48bcda01b43commit | diff
wpa-supplicant: fix CVE-2021-30004

In wpa_supplicant and hostapd 2.9, forging attacks may occur because
AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and
tls/x509v3.c.

References:
https://nvd.nist.gov/vuln/detail/CVE-2021-30004

Upstream patches:
https://w1.fi/cgit/hostap/commit/?id=a0541334a6394f8237a4393b7372693cd7e96f15

Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2021-30004.patch [new file with mode: 0644] blob
meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb diff | blob | history
Mirror of the official openembedded-core repository