openssl: fix CVE-2014-0221 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Paul Eggleton <paul.eggleton@linux.intel.com>	2014-06-09 11:26:53 +0100
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2014-06-10 17:36:44 +0100
commit	d3bc30f75be8dc4d0e503701de106e25fc15da13 (patch)
tree	0e8b89b9c940b34294205f33236fd02b614eefa4 /meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-1.0.1e-cve-2014-0224.patch
parent	889f731acc7be2503fe092a6ba527cd8893e6948 (diff)
download	poky-d3bc30f75be8dc4d0e503701de106e25fc15da13.tar.gz

openssl: fix CVE-2014-0221

From the OpenSSL Security Advisory [05 Jun 2014] http://www.openssl.org/news/secadv_20140605.txt DTLS recursion flaw (CVE-2014-0221) By sending an invalid DTLS handshake to an OpenSSL DTLS client the code can be made to recurse eventually crashing in a DoS attack. Only applications using OpenSSL as a DTLS client are affected. (Patch borrowed from Fedora.) (From OE-Core rev: 2a9e46a319d32e99266fd44e1ea1ca2b5e7c9a6a) Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

Diffstat (limited to 'meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-1.0.1e-cve-2014-0224.patch')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: