From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: [PATCH] openssl: update to 1.1.1g Date: Tue, 21 Apr 2020 15:09:41 +0100 Message-ID: <7BF54C8D-27B9-4E17-9CCA-8F1A93F58A32@ipfire.org> In-Reply-To: <20200421134338.29148-1-arne_f@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============2623633713180053400==" List-Id: --===============2623633713180053400== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Hello Arne, Thank you very much for patching this so quickly. Best, -Michael > On 21 Apr 2020, at 14:43, Arne Fitzenreiter wrote: > > CVE-2020-1967 (OpenSSL advisory) [High severity] 21 April 2020: > Server or client applications that call the SSL_check_chain() > function during or after a TLS 1.3 handshake may crash due > to a NULL pointer dereference as a result of incorrect handling > of the "signature_algorithms_cert" TLS extension. > The crash occurs if an invalid or unrecognised signature algorithm > is received from the peer. This could be exploited by a malicious > peer in a Denial of Service attack. > https://www.openssl.org/news/secadv/20200421.txt > > Signed-off-by: Arne Fitzenreiter > --- > lfs/openssl | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/lfs/openssl b/lfs/openssl > index 06b999a15..8fe3c2856 100644 > --- a/lfs/openssl > +++ b/lfs/openssl > @@ -24,7 +24,7 @@ > > include Config > > -VER = 1.1.1f > +VER = 1.1.1g > > THISAPP = openssl-$(VER) > DL_FILE = $(THISAPP).tar.gz > @@ -87,7 +87,7 @@ objects = $(DL_FILE) > > $(DL_FILE) = $(DL_FROM)/$(DL_FILE) > > -$(DL_FILE)_MD5 = 3f486f2f4435ef14b81814dbbc7b48bb > +$(DL_FILE)_MD5 = 76766e98997660138cdaf13a187bd234 > > install : $(TARGET) > > -- > 2.17.1 > --===============2623633713180053400==--