Pedro Monreal Gonzalez
18ecb7a582
- Security fix: [bsc#1227138, CVE-2024-5535] * SSL_select_next_proto buffer overread * Add openssl-CVE-2024-5535.patch - Apply "openssl-CVE-2024-4741.patch" to fix a use-after-free security vulnerability. Calling the function SSL_free_buffers() potentially caused memory to be accessed that was previously freed in some situations and a malicious attacker could attempt to engineer a stituation where this occurs to facilitate a denial-of-service attack. [CVE-2024-4741, bsc#1225551] OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-1_1?expand=0&rev=164
14 lines
350 B
Diff
14 lines
350 B
Diff
diff --git a/crypto/fips/fips_post.c b/crypto/fips/fips_post.c
|
|
index 80de6f6..46003d1 100644
|
|
--- a/crypto/fips/fips_post.c
|
|
+++ b/crypto/fips/fips_post.c
|
|
@@ -72,7 +72,7 @@
|
|
int FIPS_selftest(void)
|
|
{
|
|
int rv = 1;
|
|
- if (!FIPS_selftest_drbg())
|
|
+ if (!FIPS_selftest_drbg_all())
|
|
rv = 0;
|
|
if (!FIPS_selftest_sha1())
|
|
rv = 0;
|