CaROS/meta-openembedded
3
1
Fork 0
mirror of git://git.openembedded.org/meta-openembedded synced 2026-01-01 13:58:06 +00:00
Code Issues Packages Projects Releases Wiki Activity
16,983 Commits 63 Branches 0 Tags 91 MiB
BitBake 71.9%
C++ 6.9%
Shell 6.5%
C 3.2%
Roff 2.3%
Other 9%
aeae0a34cf
Go to file
Li Wang aeae0a34cf apache2: fix CVE-2020-13950 CVE-2020-35452 CVE-2021-26690 CVE-2021-26691 CVE-2021-30641 
CVE-2020-13950:
Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be
made to crash (NULL pointer dereference) with specially crafted
requests using both Content-Length and Transfer-Encoding headers,
leading to a Denial of Service

References:
https://nvd.nist.gov/vuln/detail/CVE-2020-13950

Upstream patches:
https://bugzilla.redhat.com/show_bug.cgi?id=1966738
8c162db8b6

CVE-2020-35452:
Apache HTTP Server versions 2.4.0 to 2.4.46 A specially
crafted Digest nonce can cause a stack overflow in
mod_auth_digest. There is no report of this overflow
being exploitable, nor the Apache HTTP Server team could
create one, though some particular compiler and/or
compilation option might make it possible, with limited
consequences anyway due to the size (a single byte) and
the value (zero byte) of the overflow

References:
https://nvd.nist.gov/vuln/detail/CVE-2020-35452

Upstream patches:
https://security-tracker.debian.org/tracker/CVE-2020-35452
3b6431eb9c

CVE-2021-26690:
Apache HTTP Server versions 2.4.0 to 2.4.46 A specially
crafted Cookie header handled by mod_session can cause
a NULL pointer dereference and crash, leading to a
possible Denial Of Service

References:
https://nvd.nist.gov/vuln/detail/CVE-2021-26690

Upstream patches:
https://security-tracker.debian.org/tracker/CVE-2021-26690
67bd9bfe6c

CVE-2021-26691:
In Apache HTTP Server versions 2.4.0 to 2.4.46 a
specially crafted SessionHeader sent by an origin server
could cause a heap overflow

References:
https://nvd.nist.gov/vuln/detail/CVE-2021-26691

Upstream patches:
https://bugzilla.redhat.com/show_bug.cgi?id=1966732
7e09dd714f

CVE-2021-30641:
Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected
matching behavior with 'MergeSlashes OFF'

References:
https://nvd.nist.gov/vuln/detail/CVE-2021-30641

Upstream patches:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-30641
6141d5aa3f

Signed-off-by: Li Wang <li.wang@windriver.com>
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit 70b1aa0a4c)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2021-07-10 21:15:33 -07:00
contrib tesseract: upgrade to 3.04 2016-10-21 18:20:43 +02:00
meta-filesystems fuse: Whitelisted CVE-2019-14860 2021-05-14 10:03:51 -07:00
meta-gnome gedit: Inherit python3targetconfig 2021-02-19 07:17:12 -08:00
meta-initramfs ubi-utils-klibc: Remove trailing slash from S 2020-11-09 18:56:22 -08:00
meta-multimedia libupnp: Fix CVE-2020-13848 2021-04-23 19:13:09 -07:00
meta-networking dovecot: add CVE-2016-4983 to allowlist 2021-07-06 07:50:13 -07:00
meta-oe nss: Fix build on Centos 7 2021-06-06 20:42:32 -07:00
meta-perl libnet-dns-perl: upgrade 1.23 -> 1.24 2020-06-12 09:32:24 -07:00
meta-python python3-django: upgrade 2.2.23 -> 2.2.24 2021-07-05 15:25:06 -07:00
meta-webserver apache2: fix CVE-2020-13950 CVE-2020-35452 CVE-2021-26690 CVE-2021-26691 CVE-2021-30641 2021-07-10 21:15:33 -07:00
meta-xfce thunar: upgrade 1.8.14 -> 1.8.15 2020-05-28 21:50:13 -07:00
.gitignore .gitignore: add *.pyc and *.pyo 2019-06-15 16:45:33 -07:00
COPYING.MIT add README and license for this layer 2011-02-13 16:47:32 +01:00
README README: updated Maintainers list for Dunfell 2020-05-05 16:47:34 -07:00

README 

Collection of layers for the OE-core universe

dunfell maintainer: Armin Kuster  <akuster808@gmail.com>

This repository is a collection of layers to suppliment OE-Core
with additional packages, Each layer have designated maintainer
Please see the respective READMEs in the layer subdirectories