The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 before 1.0.1f allows remote TLS servers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Next Protocol Negotiation record in a TLS handshake. (From OE-Core master rev: 35ccce7002188c8270d2fead35f9763b22776877) (From OE-Core rev: a5060594208de172cb31ad406b34b25decd061e4) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> |
||
---|---|---|
.. | ||
debian | ||
0001-Fix-for-TLS-record-tampering-bug-CVE-2013-4353.patch | ||
configure-targets.patch | ||
engines-install-in-libdir-ssl.patch | ||
find.pl | ||
fix-cipher-des-ede3-cfb1.patch | ||
oe-ldflags.patch | ||
openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch | ||
openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch | ||
openssl-fix-doc.patch | ||
openssl-fix-link.patch | ||
openssl_fix_for_x32.patch | ||
shared-libs.patch |