Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:GA
compat-openssl098.703
openssl-CVE-2015-0286.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File openssl-CVE-2015-0286.patch of Package compat-openssl098.703
commit 7058bd1712828a78d34457b1cfc32bdc1e6d3d33 Author: Dr. Stephen Henson <steve@openssl.org> Date: Mon Mar 9 23:11:45 2015 +0000 Fix ASN1_TYPE_cmp Fix segmentation violation when ASN1_TYPE_cmp is passed a boolean type. This can be triggered during certificate verification so could be a DoS attack against a client or a server enabling client authentication. CVE-2015-0286 Reviewed-by: Richard Levitte <levitte@openssl.org> Index: openssl-0.9.8j/crypto/asn1/a_type.c =================================================================== --- openssl-0.9.8j.orig/crypto/asn1/a_type.c 2015-03-16 18:00:30.463475273 +0100 +++ openssl-0.9.8j/crypto/asn1/a_type.c 2015-03-16 18:02:48.279480346 +0100 @@ -121,6 +121,9 @@ int ASN1_TYPE_cmp(const ASN1_TYPE *a, co case V_ASN1_OBJECT: result = OBJ_cmp(a->value.object, b->value.object); break; + case V_ASN1_BOOLEAN: + result = a->value.boolean - b->value.boolean; + break; case V_ASN1_NULL: result = 0; /* They do not have content. */ break;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor