]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 68da848) | patch
openssl: fix CVE-2014-0195
authorPaul Eggleton <paul.eggleton@linux.intel.com>
Mon, 9 Jun 2014 15:53:43 +0000 (16:53 +0100)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Tue, 10 Jun 2014 16:05:53 +0000 (17:05 +0100)
commitc707b3ea9e1fbff2c6a82670e4b1af2b4f53d5e2
treef159e6f39dd29d88f17d86eb2c29cbe50534f0d0tree | snapshot
parent68da848e0f7f026bf18707d8d59143177ff66f9bcommit | diff
openssl: fix CVE-2014-0195

http://www.openssl.org/news/secadv_20140605.txt

DTLS invalid fragment vulnerability (CVE-2014-0195)

A buffer overrun attack can be triggered by sending invalid DTLS fragments
to an OpenSSL DTLS client or server. This is potentially exploitable to
run arbitrary code on a vulnerable client or server.

Only applications using OpenSSL as a DTLS client or server affected.

(Patch borrowed from Fedora.)

Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-1.0.1e-cve-2014-0195.patch [new file with mode: 0644] blob
meta/recipes-connectivity/openssl/openssl_1.0.1e.bb diff | blob | history
Mirror of the official openembedded-core repository