Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12:Update
compat-openssl098.32473
openssl-CVE-2016-6303.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File openssl-CVE-2016-6303.patch of Package compat-openssl098.32473
commit 2b4029e68fd7002d2307e6c3cde0f3784eef9c83 Author: Dr. Stephen Henson <steve@openssl.org> Date: Fri Aug 19 23:28:29 2016 +0100 Avoid overflow in MDC2_Update() Thanks to Shi Lei for reporting this issue. CVE-2016-6303 Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 55d83bf7c10c7b205fffa23fa7c3977491e56c07) Index: openssl-0.9.8j/crypto/mdc2/mdc2dgst.c =================================================================== --- openssl-0.9.8j.orig/crypto/mdc2/mdc2dgst.c 2008-09-16 12:47:25.000000000 +0200 +++ openssl-0.9.8j/crypto/mdc2/mdc2dgst.c 2016-09-22 17:55:22.678698357 +0200 @@ -96,7 +96,7 @@ int MDC2_Update(MDC2_CTX *c, const unsig i=c->num; if (i != 0) { - if (i+len < MDC2_BLOCK) + if (len < MDC2_BLOCK - i) { /* partial block */ memcpy(&(c->data[i]),in,len);
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor