Wind River Support Network

HomeDefectsLIN8-8958

Fixed

LIN8-8958 : Security Advisory - openssl - CVE-2018-0739

Created: Apr 2, 2018 Updated: Dec 3, 2018

Resolved Date: Apr 25, 2018

Found In Version: 8.0.0.25

Fix Version: 8.0.0.26

Severity: Standard

Applicable for: Wind River Linux 8

Component/s: Userspace

Description

Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n).

https://nvd.nist.gov/vuln/detail/CVE-2018-0739

Other Downloads

Wind River Linux 8.0.0.26
Wind River Linux 8.0.0.27
Wind River Linux 8.0.0.28
Wind River Linux 8.0.0.29
Wind River Linux 8.0.0.30
Wind River Linux 8.0.0.31
Wind River Linux 8.0.0.32
Wind River Linux 8.0.0.33
Wind River Linux 8.0.0.34

CVEs

CVE-2018-0739