sysmo-bts
/
generic-poky
9
0
Fork 0
Code Pull Requests Releases Activity
generic-poky/meta/recipes-connectivity/openssl/openssl-1.0.1e
History
Paul Eggleton c5d81c3386 openssl: fix CVE-2014-0195 
http://www.openssl.org/news/secadv_20140605.txt

DTLS invalid fragment vulnerability (CVE-2014-0195)

A buffer overrun attack can be triggered by sending invalid DTLS fragments
to an OpenSSL DTLS client or server. This is potentially exploitable to
run arbitrary code on a vulnerable client or server.

Only applications using OpenSSL as a DTLS client or server affected.

(Patch borrowed from Fedora.)

(From OE-Core rev: c707b3ea9e1fbff2c6a82670e4b1af2b4f53d5e2)

Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 		2014-06-10 17:12:23 +01:00
..
debian openssl: update range information in man-section.patch 2013-04-16 12:06:40 +01:00
0001-Fix-DTLS-retransmission-from-previous-session.patch Security Advisory - openssl - CVE-2013-6450 2014-04-09 09:00:40 +01:00
0001-Fix-for-TLS-record-tampering-bug-CVE-2013-4353.patch Security Advisory - openssl - CVE-2013-4353 2014-04-09 09:00:40 +01:00
0001-Use-version-in-SSL_METHOD-not-SSL-structure.patch Security Advisory - openssl - CVE-2013-6449 2014-04-09 09:00:40 +01:00
CVE-2014-0160.patch openssl: backport fix for CVE-2014-0160 2014-04-09 09:00:40 +01:00
configure-targets.patch openssl: Upgrade to v1.0.1e 2013-04-09 13:16:53 +01:00
engines-install-in-libdir-ssl.patch openssl: Upgrade to v1.0.1e 2013-04-09 13:16:53 +01:00
find.pl openssl: Upgrade to v1.0.1e 2013-04-09 13:16:53 +01:00
fix-cipher-des-ede3-cfb1.patch openssl: Add fix for cipher des-ede3-cfb1 2013-06-17 16:45:36 +01:00
oe-ldflags.patch openssl: Upgrade to v1.0.1e 2013-04-09 13:16:53 +01:00
openssl-1.0.1e-cve-2014-0195.patch openssl: fix CVE-2014-0195 2014-06-10 17:12:23 +01:00
openssl-CVE-2014-0198-fix.patch openssl: fix CVE-2014-0198 2014-05-21 09:32:55 +01:00
openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch openssl: avoid NULL pointer dereference in three places 2013-08-26 11:47:17 +01:00
openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch openssl: avoid NULL pointer dereference in three places 2013-08-26 11:47:17 +01:00
openssl-fix-doc.patch openssl: fix documentation build errors with Perl 5.18 pod2man 2013-05-30 21:10:22 +01:00
openssl-fix-link.patch openssl: Upgrade to v1.0.1e 2013-04-09 13:16:53 +01:00
openssl_fix_for_x32.patch openssl: Upgrade to v1.0.1e 2013-04-09 13:16:53 +01:00
shared-libs.patch openssl: Upgrade to v1.0.1e 2013-04-09 13:16:53 +01:00