]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: de5797b) | patch
openssl: fix CVE-2014-0198
authorMaxin B. John <maxin.john@enea.com>
Tue, 6 May 2014 00:53:34 +0000 (02:53 +0200)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Thu, 29 May 2014 12:42:07 +0000 (13:42 +0100)
commitc3f6cea0b8f1de1e2042087c26ebe42ff909c1ed
tree8d2c7cfd413a42a03d3611d47635e3e8398aba3btree | snapshot
parentde5797b27a358954eb15318d0d77ad1981981861commit | diff
openssl: fix CVE-2014-0198

A null pointer dereference bug was discovered in do_ssl3_write().
An attacker could possibly use this to cause OpenSSL to crash, resulting
in a denial of service.

https://access.redhat.com/security/cve/CVE-2014-0198

(From OE-Core rev: 580033721abbbb4302bc803ebc70c90e331e4587)

Signed-off-by: Maxin B. John <maxin.john@enea.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
meta/recipes-connectivity/openssl/openssl/openssl-CVE-2014-0198-fix.patch [new file with mode: 0644] blob
meta/recipes-connectivity/openssl/openssl_1.0.1g.bb diff | blob | history
Mirror of the official openembedded-core repository