]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: ed610b6) | patch
wpa_supplicant: Security Advisory-CVE-2016-4477
authorZhixiong Chi <zhixiong.chi@windriver.com>
Thu, 22 Sep 2016 07:54:27 +0000 (15:54 +0800)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Fri, 23 Sep 2016 13:55:25 +0000 (14:55 +0100)
commitd4d4ed5f31c687b2b2b716ff0fb8ca6c7aa29853
tree36400037c106c96d8d03b8890135e4e2ad1138aetree | snapshot
parented610b68f7e19644c89d7131e34c990a02403c62commit | diff
wpa_supplicant: Security Advisory-CVE-2016-4477

Add CVE-2016-4477 patch for avoiding \n and \r characters in passphrase
parameters, which allows remote attackers to cause a denial of service
(daemon outage) via a crafted WPS operation.
Patches came from http://w1.fi/security/2016-1/

Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-Reject-psk-parameter-set-with-invalid-passphrase-cha.patch [new file with mode: 0644] blob
meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0002-Reject-SET_CRED-commands-with-newline-characters-in-.patch [new file with mode: 0644] blob
meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0003-Reject-SET-commands-with-newline-characters-in-the-s.patch [new file with mode: 0644] blob
meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.5.bb diff | blob | history
Mirror of the official openembedded-core repository