diff options
author | Tudor Florea <tudor.florea@enea.com> | 2015-07-07 00:38:40 +0200 |
---|---|---|
committer | Tudor Florea <tudor.florea@enea.com> | 2015-07-07 00:38:40 +0200 |
commit | b031ebb35ec461c0ca25e1117c81e359d5c6bb21 (patch) | |
tree | 912e85c3f3e9fc651f8dac6de1df733fce2ea358 /meta/recipes-devtools/mtools/mtools_4.0.18.bb | |
parent | 59469018432f7b2cf490a1cefe9855cfccdf0508 (diff) | |
download | poky-b031ebb35ec461c0ca25e1117c81e359d5c6bb21.tar.gz |
openssl: Upgrade to 1.0.1o to address some CVEs
Upgrade from 1.0.1m to 1.0.1n addresses following vulnerabilities:
CVE-2015-4000, DHE man-in-the-middle protection (Logjam)
CVE-2015-1788, Malformed ECParameters causes infinite loop
CVE-2015-1789, Exploitable out-of-bounds read in X509_cmp_time
CVE-2015-1790, PKCS7 crash with missing EnvelopedContent
CVE-2015-1791, Race condition handling NewSessionTicket
CVE-2015-1792, CMS verify infinite loop with unknown hash function
Upgrade from 1.0.1n to 1.0.1o fixes ABI compatibility issues:
Fix HMAC ABI incompatibility. The previous version introduced an ABI
incompatibility in the handling of HMAC. The previous ABI has now been
restored.
References:
http://openssl.org/news/secadv_20150611.txt
https://github.com/openssl/openssl/blob/OpenSSL_1_0_1-stable/CHANGES
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
Diffstat (limited to 'meta/recipes-devtools/mtools/mtools_4.0.18.bb')
0 files changed, 0 insertions, 0 deletions