CaROS/meta-openembedded
3
1
Fork 0
mirror of git://git.openembedded.org/meta-openembedded synced 2026-01-01 13:58:06 +00:00
Code Issues Packages Projects Releases Wiki Activity
24,458 Commits 63 Branches 0 Tags 91 MiB
BitBake 71.9%
C++ 6.9%
Shell 6.5%
C 3.2%
Roff 2.3%
Other 9%
3f9340a924
Go to file
Stefan Ghinea 3f9340a924 mbedtls: upgrade to 2.28.2 to fix CVE-2022-46392, CVE-2022-46393 
An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0.
An adversary with access to precise enough information about memory
accesses (typically, an untrusted operating system attacking a secure
enclave) can recover an RSA private key after observing the victim
performing a single private-key operation, if the window size
(MBEDTLS_MPI_WINDOW_SIZE) used for the exponentiation is 3 or smaller.

An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0.
There is a potential heap-based buffer overflow and heap-based buffer
over-read in DTLS if MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and
MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX.

References:
https://nvd.nist.gov/vuln/detail/CVE-2022-46392
https://nvd.nist.gov/vuln/detail/CVE-2022-46393

Upstream patches:
https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.2

Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 2ab113e8be)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2023-03-21 14:37:51 -04:00
contrib pw-am.sh: update to new patcwork system 2022-02-28 08:39:26 -08:00
meta-filesystems aufs-util: Fix build with large file support enabled systems 2022-12-20 10:34:28 -05:00
meta-gnome gnome-text-editor: Add missing libpcre build time depenedency 2022-11-25 10:48:25 -05:00
meta-initramfs meta-openemnedded: Add myself as langdale maintainer 2022-10-22 15:59:34 -07:00
meta-multimedia mpd: Upgrade to 0.23.12 release 2023-03-04 07:24:09 -05:00
meta-networking mbedtls: upgrade to 2.28.2 to fix CVE-2022-46392, CVE-2022-46393 2023-03-21 14:37:51 -04:00
meta-oe nodejs: Upgrade 16.19.0 -> 16.19.1 2023-03-12 11:51:57 -04:00
meta-perl meta-openemnedded: Add myself as langdale maintainer 2022-10-22 15:59:34 -07:00
meta-python python3-pillow: add tk to RDEPENDS ptest pkg only if x11 in DISTRO_FEATURES 2023-02-22 16:11:27 -05:00
meta-webserver apache2: upgrade 2.4.55 -> 2.4.56 2023-03-16 08:04:05 -04:00
meta-xfce xfce4-verve-plugin: fix do_configure faiure about missing libpcre 2022-11-25 10:48:09 -05:00
.gitignore .gitignore: add *.pyc and *.pyo 2019-06-15 16:45:33 -07:00
COPYING.MIT
README meta-openemnedded: Add myself as langdale maintainer 2022-10-22 15:59:34 -07:00

README 

Collection of layers for the OE-core universe

Main layer maintainer: Armin Kuster <akuster808@gmail.com>

This repository is a collection of layers to suppliment OE-Core
with additional packages, Each layer have designated maintainer
Please see the respective READMEs in the layer subdirectories