]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 94352e6) | patch
Security Advisory - openssl - CVE-2013-6449
authorYue Tao <Yue.Tao@windriver.com>
Wed, 26 Mar 2014 09:08:45 +0000 (17:08 +0800)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Wed, 26 Mar 2014 12:15:11 +0000 (12:15 +0000)
commit3e0ac7357a962e3ef6595d21ec4843b078a764dd
tree07e9b17b91c4b119bb71ec1a53ab3b9ef0916275tree | snapshot
parent94352e694cd828aa84abd846149712535f48ab0fcommit | diff
Security Advisory - openssl - CVE-2013-6449

The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2
obtains a certain version number from an incorrect data structure, which
allows remote attackers to cause a denial of service (daemon crash) via
crafted traffic from a TLS 1.2 client.

Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
meta/recipes-connectivity/openssl/openssl-1.0.1e/0001-Use-version-in-SSL_METHOD-not-SSL-structure.patch [new file with mode: 0644] blob
meta/recipes-connectivity/openssl/openssl_1.0.1e.bb diff | blob | history
Mirror of the official openembedded-core repository