Wind River Support Network

HomeDefectsLIN6-11455

Fixed

LIN6-11455 : Security Advisory - openssl - CVE-2016-2177

Created: Jun 15, 2016 Updated: Dec 3, 2018

Resolved Date: Jun 20, 2016

Found In Version: 6.0

Fix Version: 6.0.0.30

Severity: Standard

Applicable for: Wind River Linux 6

Component/s: Userspace

Description

A common idiom in the codebase is:

if (p + len > limit)
{
	return; /* Too long */
}

where p points to some malloc'd data of SIZE bytes and limit == p + SIZE. 'len' could be from some externally supplied data, e.g. TLS message. This idiom is vulnerable to integer overflow vulnerability.

Upstream commit: 6f35f6deb5ca7daebe289f86477e061ce3ee5f46

Security Notices

Security Advisory - 16 CVE issues of OpenSSL Security Advisory of 22 and 26 Sep 2016

Other Downloads

Wind River Linux 6.0.0.30
Wind River Linux 6.0.0.31
Wind River Linux 6.0.0.32
Wind River Linux 6.0.0.33
Wind River Linux 6.0.0.34
Wind River Linux 6.0.0.35
Wind River Linux 6.0.0.36
Wind River Linux 6.0.0.37
Wind River Linux 6.0.0.38