Hitendra Prajapati
01358b6d70
wireshark: fix CVE-2023-6175
...
Upstream-Status: Backport from 3be1c99180
2024-04-25 08:27:27 -04:00
Ashish Sharma
6e702707c3
wireshark: Backport fix for CVE-2024-2955
...
Upstream-Status: Backport [6fd3af5e99
2024-04-25 08:27:27 -04:00
Vijay Anusuri
850da18f9c
wireshark: Fix for CVE-2023-4511
...
Upstream-Status: Backport from ef9c79ae81
2024-04-25 08:27:27 -04:00
Vijay Anusuri
e30e0c3094
squid: Backport fix for CVE-2023-50269
...
import patch from ubuntu to fix
CVE-2023-50269
Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/squid/tree/debian/patches?h=ubuntu/focal-security&id=9ccd217ca9428c9a6597e9310a99552026b245fa
Upstream commit
9f7136105b
2024-03-03 16:38:27 -05:00
Vijay Anusuri
9939cf1b69
squid: Fix for CVE-2023-49285 and CVE-2023-49286
...
Upstream-Status: Backport
[77b3fb4df06014c6648a
2024-03-03 16:38:27 -05:00
Vijay Anusuri
724f1e1a28
squid: backport Debian patch for CVE-2023-46728 and CVE-2023-46846
...
import patches from ubuntu to fix
CVE-2023-46728
CVE-2023-46846
Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/squid/tree/debian/patches?h=ubuntu/focal-security&id=9ccd217ca9428c9a6597e9310a99552026b245fa
Upstream commit
6ea12e8fb5417da4006c05f6af2f4c
2024-03-03 16:38:27 -05:00
Ashish Sharma
2071373cce
wireshark: Backport fix for CVE-2023-1992
...
RPCoRDMA: Frame end cleanup for global write offsets
Upstream-Status: Backport from [3c8be14c82
2024-03-03 16:38:27 -05:00
Hitendra Prajapati
84a84000f7
wireshark: fix CVE-2024-0208 GVCP dissector crash
...
Upstream-Status: Backport from a8586fde3a
2024-03-03 16:38:27 -05:00
Hitendra Prajapati
e4af0cd491
proftpd: Fix CVE-2023-51713 Out-of-bounds buffer read
...
Upstream-Status: Backport from 97bbe68363
2024-01-16 07:31:14 -05:00
Vijay Anusuri
474cea683e
strongswan: Backport fix for CVE-2023-41913
...
Upstream-Status: Backport [https://download.strongswan.org/security/CVE-2023-41913/strongswan-5.3.0-5.9.6_charon_tkm_dh_len.patch ]
Reference: https://www.strongswan.org/blog/2023/11/20/strongswan-vulnerability-(cve-2023-41913).html
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2024-01-16 07:31:14 -05:00
vkumbhar
fc632d5bb0
wireshark: fix CVE-2022-4345 multiple (BPv6, OpenFlow, and Kafka protocol) dissector infinite loops
...
Upstream-Status: Backport from 39db474f80
2023-12-17 15:36:42 -05:00
vkumbhar
3bcc5bb4de
squid: fix CVE-2023-46847 Denial of Service in HTTP Digest Authentication
...
Upstream-Status: Backport from 052cf082b0
2023-12-17 15:36:42 -05:00
Hitendra Prajapati
ed41cf1357
samba: fix CVE-2023-42669 denial of service
...
Upstream-Status: Backport from https://www.samba.org/samba/ftp/patches/security/samba-4.17.12-security-2023-10-10.patch
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2023-12-17 15:36:42 -05:00
Vijay Anusuri
57e58dc62f
traceroute: upgrade 2.1.0 -> 2.1.3
...
This upgrade incorporates the CVE-2023-46316 fix and other bug fixes.
Changelog:
----------
- Interpret ipv4-mapped ipv6 addresses (::ffff:A.B.C.D) as true ipv4.
- Return back more robast poll(2) loop handling.
- Fix unprivileged ICMP tracerouting with Linux kernel >= 6.1 (Eric Dumazet, SF bug #14 )
- Fix command line parsing in wrappers.
References:
https://security-tracker.debian.org/tracker/CVE-2023-46316
https://sourceforge.net/projects/traceroute/files/traceroute/traceroute-2.1.3/
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2023-12-17 15:36:42 -05:00
Davide Gardenal
0689773963
openflow: ignore CVE-2018-1078
...
CVE-2018-1078 is not for openflow but in the NVD database the
CVE is for a specific implementation that we don't have so we
can ignore it.
Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
(cherry picked from commit c1e7b0b993
2023-12-17 15:36:41 -05:00
Davide Gardenal
85d87a62df
usrsctp: add CVE_VERSION to correctly check for CVEs
...
The current version of usrsctp is not a release so cve-check
is not able to find the product version. CVE_VERSION is now set
to 0.9.3.0 that is the nearest version in the past starting from
the revision we have.
This is done because we don't have the complete 0.9.4.0 release.
Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 279fce2c87
2023-12-17 15:36:41 -05:00
Hitendra Prajapati
d9ba954b6a
wireshark: Fix CVE-2022-0585-CVE-2023-2879
...
Upstream-Status: Backport from 8d3c217779118815ca7c
2023-12-17 15:36:41 -05:00
Hitendra Prajapati
026fcadc2e
wireshark: Fix CVE-2023-3649
...
Upstream-Status: Backport from 75e0ffcb42
2023-11-12 10:41:59 -05:00
Hitendra Prajapati
964979d26d
wireshark: Fix CVE-2023-2906
...
Upstream-Status: Backport from 44dc70cc5a
2023-09-19 07:34:28 -04:00
Hitendra Prajapati
2dd0c9db67
quagga: CVE-2021-44038 unsafe chown/chmod operations may lead to privileges escalation
...
Upstream-Status: Backport from https://build.opensuse.org/package/view_file/network/quagga/remove-chown-chmod.service.patch
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2023-07-14 07:08:54 -04:00
Hitendra Prajapati
fbe2d05a15
ntp: backport patch for 5 CVEs CVE-2023-26551/2/3/4/5
...
Upstream-Status: Backport from https://archive.ntp.org/ntp4/ntp-4.2/ntp-4.2.8p15-3806-3807.patch
Patch taken from https://archive.ntp.org/ntp4/ntp-4.2/ntp-4.2.8p15-3806-3807.patch
It is linked as official patch for p15 in:
- https://www.ntp.org/support/securitynotice/ntpbug3807/
- https://www.ntp.org/support/securitynotice/ntpbug3806/
Small adaptation to build is needed because of how tests are built.
Backport fixes for:
CVE: CVE-2023-26551
CVE: CVE-2023-26552
CVE: CVE-2023-26553
CVE: CVE-2023-26554
CVE: CVE-2023-26555
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2023-07-14 07:08:54 -04:00
Hitendra Prajapati
205b72edaa
wireshark: Fix CVE-2023-0667 & CVE-2023-0668
...
Backport fixes for:
* CVE-2023-0667 - Upstream-Status: Backport from 35418a73f785fbca8adbc4f37d77b2
2023-07-14 07:08:54 -04:00
Hitendra Prajapati
8b5ce0d524
wireshark: Fix Multiple CVEs
...
Backport fixes for:
* CVE-2023-2855 - Upstream-Status: Backport from 0181fafb21db5135826dcb190d6839e18d0e3697
2023-07-14 07:08:54 -04:00
Hugo SIMELIERE
0a8fa5e716
openvpn: upgrade 2.4.9 -> 2.4.12
...
Fixes below CVEs:
* CVE-2022-0547
* CVE-2020-15078
Signed-off-by: Hugo SIMELIERE <hsimeliere.opensource@witekio.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2023-05-03 11:16:53 -04:00
Hugo SIMELIERE
a8be62b089
openvpn: add CVE-2020-7224 and CVE-2020-27569 to allowlist
...
CVE-2020-7224 and CVE-2020-27569 are for Aviatrix OpenVPN client,
not for openvpn.
Signed-off-by: Akifumi Chikazawa <chikazawa.akifu@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(upstream from commit d49e96aac4
2023-05-03 11:16:53 -04:00
vkumbhar
98e6e31688
dnsmasq: fix CVE-2023-28450 default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232
...
Set the default maximum DNS UDP packet size to 1232.
http://www.dnsflagday.net/2020/ refers.
Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2023-04-06 07:32:11 -04:00
Hitendra Prajapati
d07c7f658f
net-snmp: CVE-2022-44792 & CVE-2022-44793 Fix NULL Pointer Exception
...
Upstream-Status: Backport from be804106fd
2023-02-22 11:24:23 -05:00
Yi Zhao
e707e9b7cf
postfix: upgrade 3.4.23 -> 3.4.27
...
Changelog:
http://ftp.porcupine.org/mirrors/postfix-release/official/postfix-3.4.27.HISTORY
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2023-01-19 07:49:31 -05:00
Hitendra Prajapati
82f77e2b3c
proftpd: CVE-2021-46854 memory disclosure to radius server
...
Upstream-Status: Backport from 10a227b4d5
2023-01-19 07:49:31 -05:00
Ranjitsinh Rathod
b2c7d54b40
strongswan: Fix CVE-2022-40617
...
Add a patch to fix CVE-2022-40617 issue which allows remote attackers to
cause a denial of service in the revocation plugin by sending a crafted
end-entity (and intermediate CA) certificate that contains a CRL/OCSP
URL that points to a server (under the attacker's control) that doesn't
properly respond but (for example) just does nothing after the initial
TCP handshake, or sends an excessive amount of application data.
Link: https://nvd.nist.gov/vuln/detail/CVE-2022-40617
Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2022-11-25 10:35:23 -05:00
Colin Finck
7203130ed8
[dunfell] wireguard: Upgrade to 1.0.20220627 (module) and 1.0.20210914 (tools)
...
Quoting Jason A. Donenfeld on IRC:
<zx2c4> Colin_Finck: you should never, ever use old versions
<zx2c4> Notice that neither the major nor minor version numbers change
<zx2c4> Use the latest versions on your LTS
With that definite answer, I'd like to fix the problem described in https://lore.kernel.org/yocto/CswA.1659543156268567471.pbrp@lists.yoctoproject.org/ by importing the latest versions instead of maintaining our own fork of wireguard 1.0.20200401.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2022-10-30 14:47:43 -04:00
Mathieu Dubois-Briand
44d843ecad
networkmanager: Update to 1.22.16
...
Update network manager stable branch to last version, allowing to fix
CVE-2020-10754.
Signed-off-by: Mathieu Dubois-Briand <mbriand@witekio.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2022-10-30 14:47:43 -04:00
Hitendra Prajapati
8377de1624
dnsmasq: CVE-2022-0934 Heap use after free in dhcp6_no_relay
...
Source: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git
MR: 121726
Type: Security Fix
Disposition: Backport from https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=03345ecefeb0d82e3c3a4c28f27c3554f0611b39
ChangeID: be554ef6ebedd7148404ea3cc280f2e42e17dc8c
Description:
CVE-2022-0934 dnsmasq: Heap use after free in dhcp6_no_relay.
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
2022-10-30 14:47:43 -04:00
Hitendra Prajapati
9f3d116fdd
cyrus-sasl: CVE-2022-24407 failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands
...
Source: https://github.com/cyrusimap/cyrus-sasl
MR: 118501
Type: Security Fix
Disposition: Backport from 9eff746c9d
2022-07-16 12:56:17 -07:00
Mingli Yu
d865d97f9b
bridge-utils: Switch to use the main branch
...
Fix the below do_fetch warning:
WARNING: bridge-utils-1.7-r0 do_fetch: Failed to fetch URL git://git.kernel.org/pub/scm/linux/kernel/git/shemminger/bridge-utils.git, attempting MIRRORS if available
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2022-06-15 06:45:03 -07:00
Riyaz Ahmed Khan
deee226017
tcpdump: Add fix for CVE-2018-16301
...
Add patch for CVE issue: CVE-2018-16301
Link: 8ab211a7ec
2022-05-25 19:34:39 -07:00
Ranjitsinh Rathod
a8d82c80a1
atftp: Add fix for CVE-2021-41054 and CVE-2021-46671
...
Add patches to fix CVE-2021-41054 and CVE-2021-46671 issues
Link: https://nvd.nist.gov/vuln/detail/CVE-2021-41054
Link: https://nvd.nist.gov/vuln/detail/CVE-2021-46671
Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2022-05-25 19:34:31 -07:00
Mingli Yu
388dc2830a
geoip: Switch to use the main branch
...
Fix the below do_fetch warning:
WARNING: geoip-1.6.12-r0 do_fetch: Failed to fetch URL git://github.com/maxmind/geoip-api-c.git, attempting MIRRORS if available
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit df3ef15834
2022-04-18 07:37:42 -07:00
Akash Hadke
a09ddd737e
tcpreplay: Add fix for CVE-2020-24265 and CVE-2020-24266
...
Add below patch to fix CVE-2020-24265 and CVE-2020-24266
CVE-2020-24265-and-CVE-2020-24266.patch
Link: d311085906
2022-03-27 08:18:20 -07:00
Ranjitsinh Rathod
93a315f96f
strongswan: Add fix of CVE-2021-45079
...
Add a patch to fix CVE-2021-45079
Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2022-02-13 10:47:05 -08:00
Armin Kuster
cc90900dfb
wireshark: Update to 3.2.18
...
Source: wireshark.org
MR: 114425, 114409, 114441, 114269, 114417, 114311, 114449
Type: Security Fix
Disposition: Backport from wireshark.org
ChangeID: 8663cdebb2f10ee84817e5199fa3be0acb715af9
Description:
This is a bugfix only update.
Addresses these CVES:
wnpa-sec-2021-07 Bluetooth DHT dissector crash. Issue 17651. CVE-2021-39929.
wnpa-sec-2021-09 Bluetooth SDP dissector crash. Issue 17635. CVE-2021-39925.
wnpa-sec-2021-10 Bluetooth DHT dissector large loop. Issue 17677. CVE-2021-39924.
wnpa-sec-2021-11 PNRP dissector large loop. Issue 17684. CVE-2021-39920, CVE-2021-39923.
wnpa-sec-2021-12 C12.22 dissector crash. Issue 17636. CVE-2021-39922.
wnpa-sec-2021-13 IEEE 802.11 dissector crash. Issue 17704. CVE-2021-39928.
wnpa-sec-2021-14 Modbus dissector crash. Issue 17703. CVE-2021-39921.
Signed-off-by: Armin Kuster <akuster@mvista.com>
---
V2]
Fixes: /build/run/lemon: Exec format error
revert "cmake: lemon: fix path to internal lemon tool"
so the wireshark-native version is instead.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2022-01-26 22:05:03 -08:00
Virendra Thakur
9e5b6ad6ce
strongswan: Fix for CVE-2021-41990 and CVE-2021-41991
...
Add patch to fix CVE-2021-41990 and CVE-2021-41991
Signed-off-by: virendra thakur <thakur.virendra1810@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2022-01-22 10:33:41 -08:00
Andre Carvalho
cc9e6dabcb
netcat: Set CVE_PRODUCT
...
This way yocto cve-check can find open CVE's. See also:
http://lists.openembedded.org/pipermail/openembedded-core/2017-July/139897.html
"Results from cve-check are not very good at the moment.
One of the reasons for this is that component names used in CVE
database differ from yocto recipe names. This series fixes several
of those name mapping problems by setting the CVE_PRODUCT correctly
in the recipes. To check this mapping with after a build, I'm exporting
LICENSE and CVE_PRODUCT variables to buildhistory for recipes and
packages."
Value added is based on:
https://nvd.nist.gov/products/cpe/search/results?keyword=netcat&status=FINAL&orderBy=CPEURI&namingFormat=2.3
Signed-off-by: Andre Carvalho <andrestc@fb.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Sana Kazi <sanakazisk19@gmail.com>
Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2022-01-11 20:47:01 -08:00
Yi Zhao
ab9fca485e
postfix: upgrade 3.4.12 -> 3.4.23
...
Changelog:
http://cdn.postfix.johnriley.me/mirrors/postfix-release/official/postfix-3.3.20.HISTORY
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
2021-12-31 10:24:49 -08:00
Yi Zhao
544bcd09f5
postfix: fix build with glibc 2.34
...
Backport a patch to fix build against glibc 2.34 (e.g. on Fedora 35)
Fixes:
| In file included from attr_clnt.c:88:
| /usr/include/unistd.h:363:13: error: conflicting types for
‘closefrom’; have ‘void(int)’
| 363 | extern void closefrom (int __lowfd) __THROW;
| | ^~~~~~~~~
| In file included from attr_clnt.c:87:
| ./sys_defs.h:1506:12: note: previous declaration of ‘closefrom’ with
type ‘int(int)’
| 1506 | extern int closefrom(int);
| | ^~~~~~~~~
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
2021-12-31 10:24:46 -08:00
Armin kuster
95969f0f5f
dovecot: refresh patches
...
Signed-off-by: Armin kuster <akuster808@gamil.com>
2021-12-27 13:23:37 -08:00
sana kazi
fba8ff0d91
dovecot: Fix CVE-2020-12674
...
Added patch for CVE-2020-12674
Link: http://archive.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_2.2.33.2-1ubuntu4.7.debian.tar.xz
Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com>
Signed-off-by: Sana Kazi <sanakazisk19@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2021-12-03 12:23:42 -08:00
sana kazi
7804c8e5bd
dovecot: Fix CVE-2020-12673
...
Added patch for CVE-2020-12673
Link: http://archive.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_2.2.33.2-1ubuntu4.7.debian.tar.xz
Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com>
Signed-off-by: Sana Kazi <sanakazisk19@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2021-12-03 12:23:38 -08:00
sana kazi
00ad99f4f9
dovecot: Fix CVE-2020-12100
...
Added patches to fix CVE-2020-12100
Link: http://archive.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_2.2.33.2-1ubuntu4.7.debian.tar.xz
Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com>
Signed-off-by: Sana Kazi <sanakazisk19@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2021-12-03 12:23:33 -08:00
Armin Kuster
59bff77ad0
recipes: Update SRC_URI branch and protocols
...
This patch updates SRC_URIs using git to include branch=master if no branch is set
and also to use protocol=https for github urls as generated by the conversion script
in OE-Core.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2021-11-17 12:26:21 -08:00
