]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core.git/commit
projects / thirdparty / openembedded / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 6e4a952) | patch
openssl: Fix CVE-2023-0464
authorNikhil R <nikhil.r@kpit.com>
Wed, 26 Apr 2023 07:47:21 +0000 (13:17 +0530)
committerSteve Sakoman <steve@sakoman.com>
Wed, 26 Apr 2023 16:00:18 +0000 (06:00 -1000)
commit0c50550e2c8fca3263776c2bb985a8c58b920b99
treef2d99d9328493a7eb7fa2a62ac70f579db95703ftree
parent6e4a952efc94a3bb94216db1cbd738f4fb70217fcommit | diff
openssl: Fix CVE-2023-0464

Fix CVE-2023-0464 for openssl

A security vulnerability has been identified in all supported versions
of OpenSSL related to the verification of X.509 certificate chains
that include policy constraints.  Attackers may be able to exploit
this vulnerability by creating a malicious certificate chain that
triggers exponential use of computational resources, leading
to a denial-of-service(DoS) attack on affected systems.

Link: https://git.openssl.org/gitweb/?p=openssl.git;a=patch;h=879f7080d7e141f415c79eaa3a8ac4a3dad0348b
Signed-off-by: Nikhil R <nikhil.r@kpit.com>
Signed-off-by: Omkar Patil <omkarpatil10.93@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
meta/recipes-connectivity/openssl/openssl/CVE-2023-0464.patch [new file with mode: 0644] blob
meta/recipes-connectivity/openssl/openssl_1.1.1t.bb diff | blob | blame | history
Mirror of git://git.openembedded.org/openembedded-core