Skip to content

Commit

Permalink
webos-image: openssl=v1.0.1h
Browse files Browse the repository at this point in the history 
:Release Notes:
Update to v1.0.1h, which contains six security fixes. Remove an unneeded
patch.

:Detailed Notes:
These security issues are fixed by v1.0.1h:
CVE-2014-0224 (SSL/TLS MITM vulnerability)
CVE-2014-0221 (DTLS recursion flaw)
CVE-2014-0195 (TLS invalid fragment vulnerability)
CVE-2014-0198 (SSL_MODE_RELEASE_BUFFERS NULL pointer dereference)
CVE-2010-5298 (SSL_MODE_RELEASE_BUFFERS session injection or denial of
               service)
CVE-2014-3470 (Anonymous ECDH denial of service)
See https://www.openssl.org/news/secadv_20140605.txt

:Testing Performed:
MiniBAT, BAT, P2 tests

:QA Notes:

:Issues Addressed:
[BHV-10203] openssl - CVE-2010-5298, CVE-2014-3470, CVE-2014-0195,
            CVE-2014-0198, CVE-2014-0221, CVE-2014-0224
[BHV-10136] CCC: openssl=v1.0.1h

Open-webOS-DCO-1.0-Signed-off-by: Andrii Motsok <andrii.motsok@lge.com>

Change-Id: I35c84d1cb21c882946b02a8924a21aaf09b5c53c
Reviewed-on: https://g2g.palm.com/5943
Reviewed-by: DCO Verification
Reviewed-by: Andrii Motsok <andrii.motsok@lge.com>
Tested-by: Andrii Motsok <andrii.motsok@lge.com>
Build: Andrii Motsok <andrii.motsok@lge.com>
Reviewed-by: Build Verification
Reviewed-by: Herb Kuta <herb.kuta@lge.com>
Reviewed-by: Susan Montooth <susan.montooth@lge.com>
  • Loading branch information
Andrii Motsok authored and Susan Montooth committed Jun 12, 2014
1 parent 5d1b452 commit 24c5343
Show file tree
Hide file tree
Showing 4 changed files with 10 additions and 412 deletions.
23 changes: 0 additions & 23 deletions recipes-connectivity/openssl/openssl/openssl-CVE-2014-0198-fix.patch
View file

This file was deleted.

0 comments on commit 24c5343

Please sign in to comment.