[Buildroot] [PATCH 1/1] package/libopenssl: security bump to v1.1.1g
Peter Korsgaard
peter at korsgaard.com
Thu May 7 21:56:35 UTC 2020
>>>>> "Titouan" == Titouan Christophe <titouan.christophe at railnova.eu> writes:
> This fixes CVE-2020-1967:
> Server or client applications that call the SSL_check_chain() function during
> or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a
> result of incorrect handling of the "signature_algorithms_cert" TLS extension.
> The crash occurs if an invalid or unrecognised signature algorithm is received
> from the peer. This could be exploited by a malicious peer in a Denial of
> Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this
> issue. This issue did not affect OpenSSL versions prior to 1.1.1d.
> See https://www.openssl.org/news/secadv/20200421.txt
> Also update the hash file to the new two spaces convention
> Signed-off-by: Titouan Christophe <titouan.christophe at railnova.eu>
Committed to 2020.02.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list