diff options
author | Sona Sarmadi <sona.sarmadi@enea.com> | 2017-03-16 10:54:31 +0100 |
---|---|---|
committer | Adrian Dudau <adrian.dudau@enea.com> | 2017-03-21 11:29:21 +0100 |
commit | 7e14191bb3bf457907727f3125e5cbc846d39b9f (patch) | |
tree | 9770da8380271fe318845b69262590263ee0ebe9 /meta/recipes-connectivity/openssl/openssl/debian/ca.patch | |
parent | dfde5b94e82264ea16a189252d615d67366e3d98 (diff) | |
download | poky-7e14191bb3bf457907727f3125e5cbc846d39b9f.tar.gz |
openssl: upgrade to 1.0.2k
Following vulnerabilities have been solved between 1.0.2h and
1.0.2k releases:
Vulnerabilities detected in 1.0.2h and fixed in 1.0.2i
======================================================
Ref: https://www.openssl.org/news/secadv/20160922.txt
CVE-2016-6304 (High): OCSP Status Request extension unbounded memory growth
CVE-2016-2183 (Low): SWEET32 Mitigation
CVE-2016-6303 (Low): OOB write in MDC2_Update()
CVE-2016-6302 (Low): Malformed SHA512 ticket DoS
CVE-2016-2182 (Low): OOB write in BN_bn2dec()
CVE-2016-2180 (Low): OOB read in TS_OBJ_print_bio()
CVE-2016-2177 (Low): Pointer arithmetic undefined behaviour
CVE-2016-2178 (Low): Constant time flag not preserved in DSA signing
CVE-2016-2179 (Low): DTLS buffered message DoS
CVE-2016-2181 (Low): DTLS replay protection DoS
CVE-2016-6306 (Low): Certificate message OOB reads
Vulnerabilities detected in 1.0.ih and fixed in 1.0.2j
======================================================
https://www.openssl.org/news/secadv/20160926.txt
CVE-2016-7052 (Moderate): This issue only affects OpenSSL 1.0.2i
1.0.2j - 1.0.2k
Vulnerabilities detected in 1.0.2j and fixed in 1.0.2k
======================================================
CVE-2017-3731 (Moderate): For Openssl 1.0.2, the crash can be triggered when using
RC4-MD5; users who have not disabled that algorithm should update to 1.0.2k
CVE-2017-3732 (Moderate): BN_mod_exp may produce incorrect results on x86_64
CVE-2016-7055 (Low): Montgomery multiplication may produce incorrect results
References:
https://www.openssl.org/news/secadv/20160922.txt
https://www.openssl.org/news/secadv/20160926.txt
https://www.openssl.org/news/secadv/20170126.txt
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
Diffstat (limited to 'meta/recipes-connectivity/openssl/openssl/debian/ca.patch')
-rw-r--r-- | meta/recipes-connectivity/openssl/openssl/debian/ca.patch | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl/debian/ca.patch b/meta/recipes-connectivity/openssl/openssl/debian/ca.patch index aba4d42983..fb745e4394 100644 --- a/meta/recipes-connectivity/openssl/openssl/debian/ca.patch +++ b/meta/recipes-connectivity/openssl/openssl/debian/ca.patch | |||
@@ -7,7 +7,7 @@ Index: openssl-0.9.8m/apps/CA.pl.in | |||
7 | @@ -65,6 +65,7 @@ | 7 | @@ -65,6 +65,7 @@ |
8 | foreach (@ARGV) { | 8 | foreach (@ARGV) { |
9 | if ( /^(-\?|-h|-help)$/ ) { | 9 | if ( /^(-\?|-h|-help)$/ ) { |
10 | print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n"; | 10 | print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-signcert|-verify\n"; |
11 | + print STDERR "usage: CA -signcert certfile keyfile|-newcert|-newreq|-newca|-sign|-verify\n"; | 11 | + print STDERR "usage: CA -signcert certfile keyfile|-newcert|-newreq|-newca|-sign|-verify\n"; |
12 | exit 0; | 12 | exit 0; |
13 | } elsif (/^-newcert$/) { | 13 | } elsif (/^-newcert$/) { |