mirror of
https://git.yoctoproject.org/poky
synced 2026-05-14 20:27:55 +02:00
d9e1bb679e
This update fixes several CVEs: * OCSP Status Request extension unbounded memory growth (CVE-2016-6304) * SWEET32 Mitigation (CVE-2016-2183) * OOB write in MDC2_Update() (CVE-2016-6303) * Malformed SHA512 ticket DoS (CVE-2016-6302) * OOB write in BN_bn2dec() (CVE-2016-2182) * OOB read in TS_OBJ_print_bio() (CVE-2016-2180) * DTLS buffered message DoS (CVE-2016-2179) * DTLS replay protection DoS (CVE-2016-2181) * Certificate message OOB reads (CVE-2016-6306) Of these, only CVE-2016-6304 is considered of high severity. Everything else is low. CVE-2016-2177 and CVE-2016-2178 were already fixed via local patches, which can be removed now. See https://www.openssl.org/news/secadv/20160922.txt for details. Some patches had to be refreshed and one compile error fix from upstream's OpenSSL_1_0_2-stable was required. The server.pem file is needed for test_dtls. (From OE-Core rev: d6b69279b5d1370d9c4982d5b1842a471cfd2b0e) Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>