summaryrefslogtreecommitdiffstats
path: root/meta/recipes-gnome/libgudev
diff options
context:
space:
mode:
authorSona Sarmadi <sona.sarmadi@enea.com>2017-03-16 10:54:31 +0100
committerAdrian Dudau <adrian.dudau@enea.com>2017-03-21 11:29:21 +0100
commit7e14191bb3bf457907727f3125e5cbc846d39b9f (patch)
tree9770da8380271fe318845b69262590263ee0ebe9 /meta/recipes-gnome/libgudev
parentdfde5b94e82264ea16a189252d615d67366e3d98 (diff)
downloadpoky-7e14191bb3bf457907727f3125e5cbc846d39b9f.tar.gz
openssl: upgrade to 1.0.2k
Following vulnerabilities have been solved between 1.0.2h and 1.0.2k releases: Vulnerabilities detected in 1.0.2h and fixed in 1.0.2i ====================================================== Ref: https://www.openssl.org/news/secadv/20160922.txt CVE-2016-6304 (High): OCSP Status Request extension unbounded memory growth CVE-2016-2183 (Low): SWEET32 Mitigation CVE-2016-6303 (Low): OOB write in MDC2_Update() CVE-2016-6302 (Low): Malformed SHA512 ticket DoS CVE-2016-2182 (Low): OOB write in BN_bn2dec() CVE-2016-2180 (Low): OOB read in TS_OBJ_print_bio() CVE-2016-2177 (Low): Pointer arithmetic undefined behaviour CVE-2016-2178 (Low): Constant time flag not preserved in DSA signing CVE-2016-2179 (Low): DTLS buffered message DoS CVE-2016-2181 (Low): DTLS replay protection DoS CVE-2016-6306 (Low): Certificate message OOB reads Vulnerabilities detected in 1.0.ih and fixed in 1.0.2j ====================================================== https://www.openssl.org/news/secadv/20160926.txt CVE-2016-7052 (Moderate): This issue only affects OpenSSL 1.0.2i 1.0.2j - 1.0.2k Vulnerabilities detected in 1.0.2j and fixed in 1.0.2k ====================================================== CVE-2017-3731 (Moderate): For Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have not disabled that algorithm should update to 1.0.2k CVE-2017-3732 (Moderate): BN_mod_exp may produce incorrect results on x86_64 CVE-2016-7055 (Low): Montgomery multiplication may produce incorrect results References: https://www.openssl.org/news/secadv/20160922.txt https://www.openssl.org/news/secadv/20160926.txt https://www.openssl.org/news/secadv/20170126.txt Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
Diffstat (limited to 'meta/recipes-gnome/libgudev')
0 files changed, 0 insertions, 0 deletions