openssl: fix CVE-2024-41996 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Archana Polampalli <archana.polampalli@windriver.com>	2025-07-11 17:03:11 +0530
committer	Steve Sakoman <steve@sakoman.com>	2025-07-18 08:32:26 -0700
commit	78620e54fd6cf9006e73aa147721db72930c1dc7 (patch)
tree	fab2b0f03b215e89d38ed14c8b29c1ebcf7dd276 /scripts
parent	d3219fb24b8503e678f1d23b7dea64d5555a83b6 (diff)
download	poky-78620e54fd6cf9006e73aa147721db72930c1dc7.tar.gz

openssl: fix CVE-2024-41996

Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key. Reference: https://github.com/openssl/openssl/pull/25088 (From OE-Core rev: 635fc639a13a6b28cac5c67cff23b7f4477bc41c) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>

Diffstat (limited to 'scripts')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: