[Buildroot] [git commit] openssl: security bump to version 1.0.1i

Thomas Petazzoni thomas.petazzoni at free-electrons.com
Thu Aug 7 20:13:14 UTC 2014


commit: http://git.buildroot.net/buildroot/commit/?id=5dd65f26356e0f6ec2a8fd3b9c4f8655ded6effb
branch: http://git.buildroot.net/buildroot/commit/?id=refs/heads/master

Fixes:
CVE-2014-3508 - Information leak in pretty printing functions
CVE-2014-5139 - Crash with SRP ciphersuite in Server Hello message
CVE-2014-3509 - Race condition in ssl_parse_serverhello_tlsext
CVE-2014-3505 - Double Free when processing DTLS packets
CVE-2014-3506 - DTLS memory exhaustion
CVE-2014-3507 - DTLS memory leak from zero-length fragments
CVE-2014-3510 - OpenSSL DTLS anonymous EC(DH) denial of service
CVE-2014-3511 - OpenSSL TLS protocol downgrade attack
CVE-2014-3512 - SRP buffer overrun

Signed-off-by: Gustavo Zacarias <gustavo at zacarias.com.ar>
Tested-by: Bernd Kuhls <bernd.kuhls at t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni at free-electrons.com>
---
 package/openssl/openssl.mk |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/package/openssl/openssl.mk b/package/openssl/openssl.mk
index 7e49a65..4911034 100644
--- a/package/openssl/openssl.mk
+++ b/package/openssl/openssl.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-OPENSSL_VERSION = 1.0.1h
+OPENSSL_VERSION = 1.0.1i
 OPENSSL_SITE = http://www.openssl.org/source
 OPENSSL_LICENSE = OpenSSL or SSLeay
 OPENSSL_LICENSE_FILES = LICENSE


More information about the buildroot mailing list