7f9dd3ff42
The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2 obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service (daemon crash) via crafted traffic from a TLS 1.2 client. (From OE-Core master rev: 3e0ac7357a962e3ef6595d21ec4843b078a764dd) (From OE-Core rev: 33b6441429603b82cfca3d35e68e47e1ca021fd7) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> |
||
---|---|---|
.. | ||
openssl-1.0.1e | ||
ocf-linux.inc | ||
ocf-linux_20120127.bb | ||
openssl.inc | ||
openssl_1.0.1e.bb |