From: Fan Xin <fan.xin@jp.fujitsu.com>
To: "Burton, Ross" <ross.burton@intel.com>
Cc: OE-core <openembedded-core@lists.openembedded.org>
Subject: Re: [PATCH] openssl: fix for CVE-2015-1794
Date: Thu, 10 Dec 2015 11:58:07 +0900 [thread overview]
Message-ID: <5668EA3F.9090009@jp.fujitsu.com> (raw)
In-Reply-To: <CAJTo0LZR3Jy8rvGQEsjGquZXKHpFnhSqWgHNh4k711xnLJqw2Q@mail.gmail.com>
Thanks for your kindly check.
I will correct it in Patch v2.
Best Regards,
Fan
On 2015年12月09日 20:52, Burton, Ross wrote:
>
> On 9 December 2015 at 02:03, Fan Xin <fan.xin@jp.fujitsu.com
> <mailto:fan.xin@jp.fujitsu.com>> wrote:
>
> +++
> b/meta/recipes-connectivity/openssl/openssl/Fix-seg-fault-with-0-p-val-in-SKE.patch
> @@ -0,0 +1,101 @@
> +Upstream-Status: Backport
> +
> +From ada57746b6b80beae73111fe1291bf8dd89af91c Mon Sep 17 00:00:00 2001
> +From: Guy Leaver (guleaver) <guleaver@cisco.com
> <mailto:guleaver@cisco.com>>
> +Date: Fri, 7 Aug 2015 15:45:21 +0100
> +Subject: [PATCH] Fix seg fault with 0 p val in SKE
> +
> +If a client receives a ServerKeyExchange for an anon DH ciphersuite
> with the
> +value of p set to 0 then a seg fault can occur. This commits adds a
> test to
> +reject p, g and pub key parameters that have a 0 value (in
> accordance with
> +RFC 5246)
> +
> +The security vulnerability only affects master and 1.0.2, but the
> fix is
> +additionally applied to 1.0.1 for additional confidence.
> +
> +CVE-2015-1794
> +
> +Reviewed-by: Richard Levitte <levitte@openssl.org
> <mailto:levitte@openssl.org>>
> +Reviewed-by: Matt Caswell <matt@openssl.org <mailto:matt@openssl.org>>
>
>
> This patch needs to have your (or whoever actually did the work)
> signed-off-by inside the patch, alongside the Upstream-Status.
>
> Thanks,
> Ross
--
=====================================================
株式会社富士通コンピュータテクノロジーズ
組込みシステム技術統括部 第一ファームウェア技術部
樊 昕 Fan Xin
fan.xin@jp.fujitsu.com
┏┓ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
┗■ 【ubinux V15】のリリースを開始しました!
「SDN(Open vSwitch)」や「クラウド管理(OpenStack Heat)」などに対応
---------------------------------------------------------------------
詳細>>http://elsc.utsfd.cs.fujitsu.co.jp/location_elsc.php?id=0024
※"ubinux"は組込み装置向け当社独自のLinuxディストリビューションです
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
next prev parent reply other threads:[~2015-12-10 2:57 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-12-09 2:03 [PATCH] openssl: fix for CVE-2015-1794 Fan Xin
2015-12-09 11:52 ` Burton, Ross
2015-12-09 13:33 ` Alexander Kanavin
2015-12-10 2:58 ` Fan Xin [this message]
2015-12-11 7:24 ` [PATCH v2][jethro] " Fan Xin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5668EA3F.9090009@jp.fujitsu.com \
--to=fan.xin@jp.fujitsu.com \
--cc=openembedded-core@lists.openembedded.org \
--cc=ross.burton@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox