strongswan: Fix CVE-2022-40617 - linux/meta-openembedded.git - Mirror of git.openembedded.org/meta-openembedded

diff options

author	Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>	2022-11-03 10:43:47 +0530
committer	Armin Kuster <akuster808@gmail.com>	2022-11-25 10:35:23 -0500
commit	b2c7d54b40620211c4b95b58b8bb20649c3b6bac (patch)
tree	aaf3c88ebb5ce33fd02c1ae1fa482ded55819f23 /meta-python/recipes-devtools/python/python3-cryptography
parent	7203130ed8b58c0df75cb72222ac2bcf546bce44 (diff)
download	meta-openembedded-b2c7d54b40620211c4b95b58b8bb20649c3b6bac.tar.gz

strongswan: Fix CVE-2022-40617

Add a patch to fix CVE-2022-40617 issue which allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL that points to a server (under the attacker's control) that doesn't properly respond but (for example) just does nothing after the initial TCP handshake, or sends an excessive amount of application data. Link: https://nvd.nist.gov/vuln/detail/CVE-2022-40617 Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>

Diffstat (limited to 'meta-python/recipes-devtools/python/python3-cryptography')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: