2b09b26cb7
The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 before 1.0.1f allows remote TLS servers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Next Protocol Negotiation record in a TLS handshake. (From OE-Core master rev: 35ccce7002188c8270d2fead35f9763b22776877) (From OE-Core rev: a5060594208de172cb31ad406b34b25decd061e4) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> |
||
|---|---|---|
| .. | ||
| debian | ||
| 0001-Fix-for-TLS-record-tampering-bug-CVE-2013-4353.patch | ||
| configure-targets.patch | ||
| engines-install-in-libdir-ssl.patch | ||
| find.pl | ||
| fix-cipher-des-ede3-cfb1.patch | ||
| oe-ldflags.patch | ||
| openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch | ||
| openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch | ||
| openssl-fix-doc.patch | ||
| openssl-fix-link.patch | ||
| openssl_fix_for_x32.patch | ||
| shared-libs.patch | ||