diff options
| author | Jiaying Song <jiaying.song.cn@windriver.com> | 2025-08-20 17:13:44 +0800 |
|---|---|---|
| committer | Steve Sakoman <steve@sakoman.com> | 2025-08-29 08:33:32 -0700 |
| commit | d6f3ce165174cd09f4af6c055d4974a15d9630ae (patch) | |
| tree | 1cd09bd43d0e5ac4a470954acfd0f7d8e74b3bf7 /meta/lib/rootfspostcommands.py | |
| parent | 6b05a9736953089e1f900a1c49cca37404737cfd (diff) | |
| download | poky-d6f3ce165174cd09f4af6c055d4974a15d9630ae.tar.gz | |
openssl: fix CVE-2023-50781
A flaw was found in m2crypto. This issue may allow a remote attacker to
decrypt captured messages in TLS servers that use RSA key exchanges,
which may lead to exposure of confidential or sensitive data.
The CVE-2023-50781 in M2Crypto is addressed by modifying OpenSSL because
M2Crypto relies on OpenSSL for its cryptographic operations.The issue
stems from OpenSSL’s RSA PKCS#1 v1.5 padding verification being
vulnerable to Bleichenbacher-type attacks.To mitigate this, OpenSSL
introduced an implicit rejection mechanism in the RSA PKCS#1 v1.5
padding.Therefore, resolving the vulnerability requires changes within
OpenSSL itself to ensure M2Crypto’s security.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-50781
https://github.com/openssl/openssl/pull/13817/commits
https://todo.sr.ht/~mcepl/m2crypto/342?__goaway_challenge=meta-refresh&__goaway_id=45a03d6accb7b343867110db1f7fb334
(From OE-Core rev: d24c4923d6f7a25bdc3ec5d4ac6bee32bb0bae88)
Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Diffstat (limited to 'meta/lib/rootfspostcommands.py')
0 files changed, 0 insertions, 0 deletions