sysmo-bts
/
generic-poky
9
0
Fork 0
Code Pull Requests Releases Activity
generic-poky/meta/recipes-connectivity/openssl/openssl-1.0.1e
History
Paul Eggleton 0ea0a14bd9 openssl: fix CVE-2014-0224 
http://www.openssl.org/news/secadv_20140605.txt

SSL/TLS MITM vulnerability (CVE-2014-0224)

An attacker using a carefully crafted handshake can force the use of weak
keying material in OpenSSL SSL/TLS clients and servers. This can be exploited
by a Man-in-the-middle (MITM) attack where the attacker can decrypt and
modify traffic from the attacked client and server.

The attack can only be performed between a vulnerable client *and*
server. OpenSSL clients are vulnerable in all versions of OpenSSL. Servers
are only known to be vulnerable in OpenSSL 1.0.1 and 1.0.2-beta1. Users
of OpenSSL servers earlier than 1.0.1 are advised to upgrade as a precaution.

(Patch borrowed from Fedora.)

(From OE-Core rev: f19dbbc864b12b0f87248d3199296b41a0dcd5b0)

Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 		2014-06-10 17:12:24 +01:00
..
debian openssl: update range information in man-section.patch 2013-04-16 12:06:40 +01:00
0001-Fix-DTLS-retransmission-from-previous-session.patch Security Advisory - openssl - CVE-2013-6450 2014-04-09 09:00:40 +01:00
0001-Fix-for-TLS-record-tampering-bug-CVE-2013-4353.patch Security Advisory - openssl - CVE-2013-4353 2014-04-09 09:00:40 +01:00
0001-Use-version-in-SSL_METHOD-not-SSL-structure.patch Security Advisory - openssl - CVE-2013-6449 2014-04-09 09:00:40 +01:00
CVE-2014-0160.patch openssl: backport fix for CVE-2014-0160 2014-04-09 09:00:40 +01:00
configure-targets.patch openssl: Upgrade to v1.0.1e 2013-04-09 13:16:53 +01:00
engines-install-in-libdir-ssl.patch openssl: Upgrade to v1.0.1e 2013-04-09 13:16:53 +01:00
find.pl openssl: Upgrade to v1.0.1e 2013-04-09 13:16:53 +01:00
fix-cipher-des-ede3-cfb1.patch openssl: Add fix for cipher des-ede3-cfb1 2013-06-17 16:45:36 +01:00
oe-ldflags.patch openssl: Upgrade to v1.0.1e 2013-04-09 13:16:53 +01:00
openssl-1.0.1e-cve-2014-0195.patch openssl: fix CVE-2014-0195 2014-06-10 17:12:23 +01:00
openssl-1.0.1e-cve-2014-0198.patch openssl: use upstream fix for CVE-2014-0198 2014-06-10 17:12:24 +01:00
openssl-1.0.1e-cve-2014-0221.patch openssl: fix CVE-2014-0221 2014-06-10 17:12:24 +01:00
openssl-1.0.1e-cve-2014-0224.patch openssl: fix CVE-2014-0224 2014-06-10 17:12:24 +01:00
openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch openssl: avoid NULL pointer dereference in three places 2013-08-26 11:47:17 +01:00
openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch openssl: avoid NULL pointer dereference in three places 2013-08-26 11:47:17 +01:00
openssl-fix-doc.patch openssl: fix documentation build errors with Perl 5.18 pod2man 2013-05-30 21:10:22 +01:00
openssl-fix-link.patch openssl: Upgrade to v1.0.1e 2013-04-09 13:16:53 +01:00
openssl_fix_for_x32.patch openssl: Upgrade to v1.0.1e 2013-04-09 13:16:53 +01:00
shared-libs.patch openssl: Upgrade to v1.0.1e 2013-04-09 13:16:53 +01:00