85275437cd
frr: fix CVE-2024-55553
...
CVE-2024-55553:
In FRRouting (FRR) before 10.3 from 6.0 onward, all routes are re-validated if the
total size of an update received via RTR exceeds the internal socket's buffer size,
default 4K on most OSes. An attacker can use this to trigger re-parsing of the RIB
for FRR routers using RTR by causing more than this number of updates during an update
interval (usually 30 minutes). Additionally, this effect regularly occurs organically.
Furthermore, an attacker can use this to trigger route validation continuously.
Given that routers with large full tables may need more than 30 minutes to fully
re-validate the table, continuous issuance/withdrawal of large numbers of ROA may be
used to impact the route handling performance of all FRR instances using RPKI globally.
Additionally, the re-validation will cause heightened BMP traffic to ingestors.
Fixed Versions: 10.0.3, 10.1.2, 10.2.1, >= 10.3.
Reference: [https://nvd.nist.gov/vuln/detail/CVE-2024-55553 ]
[https://frrouting.org/security/cve-2024-55553/ ]
Upstream patch: backport [https://github.com/FRRouting/frr/commit/b0800bfdf04b4fcf48504737ebfe4ba7f05268d3 ]
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-05-25 14:48:44 -04:00
e42549cef3
net-snmp: fix memory leak
...
Backport patch [1] to fix memory leak by freeing tclist
[1] https://github.com/net-snmp/net-snmp/commit/4bd0d9a8a2860c2c46307aef5ee1ccc69f7e3b62
Signed-off-by: Jinfeng Wang <jinfeng.wang.cn@windriver.com >
2025-04-20 13:43:55 -04:00
77e91fceec
netplan: Fix CVE-2022-4968
...
Backport patch[1] to fix CVE-2022-4968.
[1] https://github.com/canonical/netplan/commit/4c39b75b5c6ae7d976bda6da68da60d9a7f085ee
Signed-off-by: Jinfeng Wang <jinfeng.wang.cn@windriver.com >
2025-04-20 13:43:06 -04:00
709ab51234
corosync: fix CVE-2025-30472
...
Corosync through 3.1.9, if encryption is disabled or the attacker knows
the encryption key, has a stack-based buffer overflow in
orf_token_endian_convert in exec/totemsrp.c via a large UDP packet.
References:
https://nvd.nist.gov/vuln/detail/CVE-2025-30472
Upstream patches:
https://github.com/corosync/corosync/commit/7839990f9cdf34e55435ed90109e82709032466a
Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com >
2025-04-20 13:42:58 -04:00
f8dddbfcbf
openvpn: renew the sample keys
...
Renew the sample keys to fix the test issue:
WARNING: Your certificate has expired!
The renewed sample keys from [1] contain binary files which can't be patched
by quilt, so archive the files into sample-keys-renew-for-the-next-10-years.tar.gz.
[1] https://github.com/OpenVPN/openvpn/commit/98e70e7
Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-03-29 14:24:38 -04:00
66fa0288c9
chrony: fix do_fetch error
...
Change the SRC_URI to the correct value due to the following error:
WARNING: chrony-4.5-r0.wr2401 do_fetch: Failed to fetch URL https://download.tuxfamily.org/chrony/chrony-4.5.tar.gz , attempting MIRRORS if available
Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 8ffe8112f7haixiao.yan.cn@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-03-29 14:24:38 -04:00
94987c9a56
geoip: fix do_fetch error
...
Change the SRC_URI to the correct value due to the following error:
ERROR: geoip-1.6.12-r0 do_fetch: Bitbake Fetcher Error: FetchError('Unable to fetch URL from any source.', 'http://sources.openembedded.org/GeoIP.dat.20181205.gz;apply=no;name=GeoIP-dat ;')
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit aadc2ac9dchaixiao.yan.cn@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-03-29 14:24:38 -04:00
084df16f56
Revert "net-snmp: fix memory leak"
...
This reverts commit d0c2a3d383akuster808@gmail.com >
2025-03-20 09:56:59 -04:00
5c9db7a2b0
freediameter: fix do_fetch warning
...
Update SRC_URI to fix do_fetch warning. The SRC_URI
http://www.freediameter.net/hg/freeDiameter/archive/1.4.0.tar.gz
is not available, which has moved to
https://github.com/freeDiameter/freeDiameter.git .
Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-03-06 09:40:20 -05:00
d0c2a3d383
net-snmp: fix memory leak
...
Backport patch [1] to fix memory leak by freeing tclist
[1] https://github.com/net-snmp/net-snmp/commit/4bd0d9a8a2860c2c46307aef5ee1ccc69f7e3b62
Signed-off-by: Jinfeng Wang <jinfeng.wang.cn@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-03-06 09:39:57 -05:00
b7dc1e8eb7
mbedtls: fix CVE-2024-28755 and CVE-2024-28836
...
An issue was discovered in Mbed TLS 3.5.x before 3.6.0. When
an SSL context was reset with the mbedtls_ssl_session_reset()
API, the maximum TLS version to be negotiated was not restored
to the configured one. An attacker was able to prevent an Mbed
TLS server from establishing any TLS 1.3 connection, potentially
resulting in a Denial of Service or forced version downgrade from
TLS 1.3 to TLS 1.2.
fix indent issue in mbedtls_3.5.2.bb file.
Reference:
https://security-tracker.debian.org/tracker/CVE-2024-28755
https://security-tracker.debian.org/tracker/CVE-2024-28836
Signed-off-by: Yogita Urade <yogita.urade@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-02-09 07:58:36 -08:00
aa423dfd81
lldpd: Fix CVE-2023-41910
...
Adds patch to backport fix for CVE-2023-41910.
Signed-off-by: Colin McAllister <colin.mcallister@garmin.com >
Change-Id: Iab619f1f5ba26b1141dffea065c90ef0b180b46e
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-12-31 09:04:11 -05:00
54933d4bc0
mosquitto: upgrade 2.0.19 -> 2.0.20
...
Changelog:
==========
Broker:
- Fix QoS 1 / QoS 2 publish incorrectly returning "no subscribers".
Closes #3128 .
- Open files with appropriate access on Windows.
- Don't allow invalid response topic values.
- Fix some strict protocol compliance issues.
Client library:
- Fix cmake build on OS X.
Build:
- Fix build on NetBSD
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Peter Marko <peter.marko@siemens.com >
2024-12-31 08:59:59 -05:00
255faa7b69
mosquitto: upgrade 2.0.18 -> 2.0.19
...
- Solves CVE-2024-8376
- removed 1571.patch and 2894.patch, already applied in v2.0.19
https://github.com/eclipse/mosquitto/blob/v2.0.19/ChangeLog.txt
Signed-off-by: Fabrice Aeschbacher <fabrice.aeschbacher@siemens.com >
Reviewed-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Peter Marko <peter.marko@siemens.com >
2024-12-31 08:59:56 -05:00
84ebedfcf4
frr: fix multiple CVEs
...
CVE-2024-27913:
ospf_te_parse_te in ospfd/ospf_te.c in FRRouting (FRR) through 9.1
allows remote attackers to cause a denial of service (ospfd daemon
crash) via a malformed OSPF LSA packet, because of an attempted
access to a missing attribute field.
CVE-2024-34088:
In FRRouting (FRR) through 9.1, it is possible for the get_edge()
function in ospf_te.c in the OSPF daemon to return a NULL pointer.
In cases where calling functions do not handle the returned NULL
value, the OSPF daemon crashes, leading to denial of service.
CVE-2024-31950:
In FRRouting (FRR) through 9.1, there can be a buffer overflow and
daemon crash in ospf_te_parse_ri for OSPF LSA packets during an attempt
to read Segment Routing subTLVs (their size is not validated).
CVE-2024-31951:
In the Opaque LSA Extended Link parser in FRRouting (FRR) through 9.1,
there can be a buffer overflow and daemon crash in
ospf_te_parse_ext_link for OSPF LSA packets during an attempt to read
Segment Routing Adjacency SID subTLVs (lengths are not validated).
CVE-2024-31948:
In FRRouting (FRR) through 9.1, an attacker using a malformed Prefix SID
attribute in a BGP UPDATE packet can cause the bgpd daemon to crash.
Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2024-27913 ]
[https://nvd.nist.gov/vuln/detail/CVE-2024-34088 ]
[https://nvd.nist.gov/vuln/detail/CVE-2024-31951 ]
[https://nvd.nist.gov/vuln/detail/CVE-2024-31950 ]
[https://nvd.nist.gov/vuln/detail/CVE-2024-31948 ]
Upstream patches:
[https://github.com/FRRouting/frr/commit/a73e66d07329d721f26f3f336f7735de420b0183 ]
[https://github.com/FRRouting/frr/commit/8c177d69e32b91b45bda5fc5da6511fa03dc11ca ]
[https://github.com/FRRouting/frr/commit/5557a289acdaeec8cc63ffc97b5c2abf6dee7b3a ]
[https://github.com/FRRouting/frr/commit/f69d1313b19047d3d83fc2b36a518355b861dfc4 ]
[https://github.com/FRRouting/frr/commit/babb23b74855e23c987a63f8256d24e28c044d07 ]
[https://github.com/FRRouting/frr/commit/ba6a8f1a31e1a88df2de69ea46068e8bd9b97138 ]
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-12-08 15:00:01 -05:00
feb3793070
freeradius: upgrade 3.0.21 -> 3.0.27
...
ChangeLog:
https://github.com/FreeRADIUS/freeradius-server/releases/tag/release_3_0_27
Configuration changes:
BlastRADIUS mitigations have been added to the "security" section. See
require_message_authenticator and also limit_proxy_state.
BlastRADIUS mitigations have been added to radclient. See man radclient,
and the -b option.
Security fixes:
CVE-2024-3596:
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a
local attacker who can modify any valid Response (Access-Accept,
Access-Reject, or Access-Challenge) to any other response using a
chosen-prefix collision attack against MD5 Response Authenticator signature.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-3596
https://www.freeradius.org/security/
https://www.blastradius.fail/
https://www.inkbridgenetworks.com/web/content/2557?unique=47be02c8aed46c53b0765db185320249ad873d95
Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com >
[Drop CVE-2024-3596 patch backported early]
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-12-08 14:54:19 -05:00
adf635944c
openvpn: upgrade 2.5.6 -> 2.5.11
...
License-Update: Add Apache2 linking for new commits [1]
ChangeLog:
https://github.com/OpenVPN/openvpn/blob/v2.5.11/Changes.rst
Security fixes:
CVE-2024-5594: control channel: refuse control channel messages with
nonprintable characters in them.
Security scope: a malicious openvpn peer can send garbage to openvpn
log, or cause high CPU load.
[1] https://github.com/OpenVPN/openvpn/commit/4a89a55b8a9d6193957711bef74228796a185179
Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-12-08 14:39:17 -05:00
5782095b7b
open-vm-tools: Security fixes CVE-2023-34059
...
CVE-2023-34059:
open-vm-tools contains a file descriptor hijack vulnerability in the
vmware-user-suid-wrapper. A malicious actor with non-root privileges may
be able to hijack the /dev/uinput file descriptor allowing them to
simulate user inputs.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2023-34059
Patch from:
https://github.com/vmware/open-vm-tools/blob/CVE-2023-34059.patch/CVE-2023-34059.patch
Signed-off-by: Yi Zhao <yi.zhao@windriver.com >
Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-12-08 14:39:17 -05:00
33eb562e38
mbedtls: Upgrade 2.28.8 -> 2.28.9
...
The mbedtls 2.28.9 includes the security fix for CVE-2024-45157,
bug fixes and minor enhancements [1].
[1] https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-2.28.9
Signed-off-by: Mingli Yu <mingli.yu@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-12-08 14:39:17 -05:00
61b0967009
freeradius: Security fix for CVE-2024-3596
...
CVE fixed:
- CVE-2024-3596 freeradius: forgery attack
Upstream-Status: Backport from v3.0.x branch, commit range 3a00a6ecc188629b0441fd45ad61ca8986de156e..da643f1edc267ce95260dc36069e6f1a7a4d66f8
Signed-off-by: Rohini Sangam <rsangam@mvista.com >
Signed-off-by: Siddharth Doshi <sdoshi@mvista.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-12-08 14:39:17 -05:00
82a9ac867d
squid: conditionally set status of CVE-2024-45802
...
According to [1] the ESI feature implementation in squid is vulnerable
without any fix available.
NVD says it's fixed in 6.10, however the change in this release only
disables ESI by default (which we always did via PACKAGECONFIG).
Commit in master branch related to this CVE is [2].
Title is "Remove Edge Side Include (ESI) protocol" and it's also what it
does. So there will never be a fix for these ESI vulnerabilities.
We should not break features in LTS branch and cannot fix this problem.
So ignrore this CVE based on set PACKAGECONFIG which should remove it
from reports for most users. Thos who need ESI need to assess the risk
themselves.
[1] https://github.com/squid-cache/squid/security/advisories/GHSA-f975-v7qw-q7hj
[2] https://github.com/squid-cache/squid/commit/5eb89ef3d828caa5fc43cd8064f958010dbc8158
Signed-off-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-12-08 14:38:16 -05:00
b126eb3705
openipmi: upgrade 2.0.32->2.0.36
...
2c4ab4a6c03dd014ebhttps://sourceforge.net/p/openipmi/news/
Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-12-08 14:38:16 -05:00
6936b5ad4d
wireguard-tools: clean the do_fecth warning
...
Update SRC_URI, change the protocol to https.
do_fetch warning:
WARNING: wireguard-tools-1.0.20210914-r0 do_fetch: Failed to fetch URL
git://git.zx2c4.com/wireguard-tools;branch=master, attempting MIRRORS if
available
Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-12-08 14:38:16 -05:00
86878f61d1
tgt: Security fix for CVE-2024-45751
...
Upstream-Status: Backport from https://github.com/fujita/tgt/commit/abd8e0d987ab56013d360077202bf2aca20a42dd
Reference: https://ubuntu.com/security/CVE-2024-45751
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-10-13 11:13:42 -04:00
4d0efedaa6
frr: fix CVE-2024-44070
...
An issue was discovered in FRRouting (FRR) through 10.1.
bgp_attr_encap in bgpd/bgp_attr.c does not check the actual
remaining stream length before taking the TLV value.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-44070
Upstream patch:
https://github.com/FRRouting/frr/commit/0998b38e4d61179441f90dd7e7fd6a3a8b7bd8c5
Signed-off-by: Yogita Urade <yogita.urade@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-10-13 11:13:14 -04:00
07b6c57f4a
squid: Security fix CVE-2023-5824
...
References:
https://access.redhat.com/security/cve/cve-2023-5824
https://access.redhat.com/errata/RHSA-2023:7668
The patch is from RHEL8.
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-09-22 10:12:40 -04:00
e488bc8305
tcpreplay: Fix CVE-2023-4256
...
Add patch to fix tcpreplay CVE-2023-4256
dlt_jnpr_ether_cleanup: check config before cleanup
Links:
https://github.com/appneta/tcpreplay/pull/851
https://github.com/appneta/tcpreplay/issues/813#issuecomment-2245557093
Signed-off-by: Poonam Jadhav <poonam.jadhav@kpit.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-07-30 09:42:51 -04:00
cfcc9f9945
openvpn: fix multiple CVEs
...
CVE-2024-24974:
Previously, the VPN tool’s Windows implementation allowed remote access to
its service pipe, posing a security risk. Using compromised credentials, a
threat actor could communicate with OpenVPN to orchestrate attacks.
CVE-2024-27903:
OpenVPN has mitigated the risk by restricting plugin load. Plugins can
now only be loaded from the software’s install directory, the Windows
system directory, and the plugin_dir directory under the software’s installation.
CVE-2024-27459:
This vulnerability affects the interactive service component, potentially leading
to local privilege escalation when triggered by an oversized message.To mitigate
this risk, the VPN solution now terminates connections upon detecting excessively
large messages, preventing stack overflow exploits.
References:
https://openvpn.net/security-advisory/ovpnx-vulnerability-cve-2024-27903-cve-2024-27459-cve-2024-24974/
https://socradar.io/openvpn-fixed-multiple-vulnerabilities-on-windows/
https://community.openvpn.net/openvpn/wiki/CVE-2024-27903
https://community.openvpn.net/openvpn/wiki/CVE-2024-27459
https://community.openvpn.net/openvpn/wiki/CVE-2024-24974
Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-06-27 11:21:22 -04:00
d02d0149c7
mbedtls: upgrade 2.28.7->2.28.8
...
Includes security fixes for:
CVE-2024-28960 - Insecure handling of shared memory in PSA Crypto APIs
Release notes:
https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.8
Signed-off-by: Yogita Urade <yogita.urade@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-05-26 15:22:08 -04:00
a5000c12a2
wireshark: fix CVE-2023-6175
...
Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/3be1c99180a6fc48c34ae4bfc79bfd840b29ae3e
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com >
[manual fixed up]
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-04-28 13:10:23 -04:00
c0fbf5751a
wireshark: Backport fix for CVE-2024-2955
...
Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/6fd3af5e999c71df67c2cdcefb96d0dc4afa5341 ]
Signed-off-by: Ashish Sharma <asharma@mvista.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-04-28 13:10:23 -04:00
8bb1653353
dnsmasq: Upgrade 2.87 -> 2.90
...
Fixes CVE-2023-50387 and CVE-2023-50868
Remove backported CVE patch.
Remove patch for lua as hardcoding lua version was removed.
Changelog:
===========
https://thekelleys.org.uk/dnsmasq/CHANGELOG
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-03-25 07:11:05 -04:00
4f2d6f6a8b
openvpn: ignore CVE-2023-7235
...
This CVE is related to OpenVPN 2.x GUI on Windows.
References:
https://community.openvpn.net/openvpn/wiki/CVE-2023-7235
https://security-tracker.debian.org/tracker/CVE-2023-7235
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-03-25 07:11:05 -04:00
fda737ec0c
mbedtls: Upgrade 3.5.0 -> 3.5.2
...
* Includes security fix for CVE-2024-23170 - Timing side channel in private key RSA operations
* Includes security fix for CVE-2024-23775 - Buffer overflow in mbedtls_x509_set_extension()
Use canonical URL, add UPSTREAM_CHECK_GITTAGREGEX.
License-update: Upstream clarified licensing as dual Apache-2.0 or GPL-2.0 or later
Changelog:
https://github.com/Mbed-TLS/mbedtls/blob/v3.5.2/ChangeLog
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-02-28 08:18:18 -05:00
7d07ad5700
mbedtls: upgrade 2.28.5 -> 2.28.7
...
Includes security fixes for:
CVE-2024-23170 - Timing side channel in private key RSA operations
CVE-2024-23775 - Buffer overflow in mbedtls_x509_set_extension()
License updated to dual Apache-2.0 OR GPL-2.0-or-later.
Changelog:
https://github.com/Mbed-TLS/mbedtls/blob/v2.28.7/ChangeLog
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-02-28 08:18:18 -05:00
5800571ad7
squid: Backport fix for CVE-2023-49286 and CVE-2023-50269
...
import patches from ubuntu to fix
CVE-2023-49286
CVE-2023-50269
Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/squid/tree/debian/patches?h=ubuntu/focal-security&id=9ccd217ca9428c9a6597e9310a99552026b245fa
Upstream commit
https://github.com/squid-cache/squid/commit/6014c6648a2a54a4ecb7f952ea1163e0798f9264
&
https://github.com/squid-cache/squid/commit/9f7136105bff920413042a8806cc5de3f6086d6d ]
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-02-28 08:18:18 -05:00
667850f086
postfix: Backport fix for CVE-2023-51764
...
Import patches from ubuntu launchpad fix CVE-2023-51764
Upstream-Status: Backport from [https://launchpad.net/ubuntu/+source/postfix/3.6.4-1ubuntu1.3 ]
Signed-off-by: Ashish Sharma <asharma@mvista.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-02-07 18:41:41 -05:00
f81b181933
squid: backport Debian patch for CVE-2023-46728 and CVE-2023-46846
...
import patches from ubuntu to fix
CVE-2023-46728
CVE-2023-46846
Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/squid/tree/debian/patches?h=ubuntu/focal-security&id=9ccd217ca9428c9a6597e9310a99552026b245fa
Upstream commit
https://github.com/squid-cache/squid/commit/6ea12e8fb590ac6959e9356a81aa3370576568c3
&
https://github.com/squid-cache/squid/commit/417da4006cf5c97d44e74431b816fc58fec9e270
&
https://github.com/squid-cache/squid/commit/05f6af2f4c85cc99323cfff6149c3d74af661b6d ]
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-02-07 18:41:41 -05:00
5f46d71fca
wireshark: Fix for CVE-2023-4511
...
Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/ef9c79ae81b00a63aa8638076ec81dc9482972e9
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-02-07 18:41:41 -05:00
182c4742c6
radvd: add '--shell /sbin/nologin' to /etc/passwd
...
the default setting USERADD_PARAM of yocto:
-s /bin/sh
follow redhat policy:
radvd/redhat/systemd/radvd.spec
useradd ... -s /sbin/nologin ...
Signed-off-by: Li Wang <li.wang@windriver.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-02-07 18:41:41 -05:00
c5008af2c5
samba: fix CVE-2023-0922
...
The Samba AD DC administration tool, when operating against a remote LDAP server,
will by default send new or reset passwords over a signed-only connection.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-0922
Upstream patches:
https://github.com/samba-team/samba/commit/04e5a7eb03a
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-02-07 18:41:41 -05:00
dbb7b798f9
samba: fix CVE-2018-14628
...
An information leak vulnerability was discovered in Samba's LDAP server.
Due to missing access control checks, an authenticated but unprivileged
attacker could discover the names and preserved attributes of deleted
objects in the LDAP store.
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-02-07 18:41:41 -05:00
cda1751e2e
wireshark: fix CVE-2024-0208 GVCP dissector crash
...
Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/a8586fde3a6512466afb2a660538ef3fe712076b
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-02-07 18:41:41 -05:00
b72149572d
squid: Backport fix for CVE-2023-49285
...
Upstream-Status: Backport [https://github.com/squid-cache/squid/commit/77b3fb4df0f126784d5fd4967c28ed40eb8d521b ]
Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-02-07 18:41:40 -05:00
ce9c0d7617
strongswan: upgrade 5.9.12 -> 5.9.13
...
Changelog:
- Fixes a regression with handling OCSP error responses and adds a new
option to specify the length of nonces in OCSP requests. Also adds some
other improvements for OCSP handling and fuzzers for OCSP
requests/responses.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 5be2e20157akuster808@gmail.com >
(cherry picked from commit b135007c8ff43c18dd0593b5115d46dc6362675f)
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-02-05 07:37:06 -05:00
730e44900a
proftpd: Fix CVE-2023-51713 Out-of-bounds buffer read
...
Upstream-Status: Backport from https://github.com/proftpd/proftpd/commit/97bbe68363ccf2de0c07f67170ec64a8b4d62592
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-01-12 07:14:16 -05:00
9843839b23
samba: fix CVE-2023-42669
...
A vulnerability was found in Samba's "rpcecho" development server, a non-Windows
RPC server used to test Samba's DCE/RPC stack elements. This vulnerability stems
from an RPC function that can be blocked indefinitely. The issue arises because
the "rpcecho" service operates with only one worker in the main RPC task, allowing
calls to the "rpcecho" server to be blocked for a specified time, causing service
disruptions. This disruption is triggered by a "sleep()" call in the "dcesrv_echo_TestSleep()"
function under specific conditions. Authenticated users or attackers can exploit this
vulnerability to make calls to the "rpcecho" server, requesting it to block for a
specified duration, effectively disrupting most services and leading to a complete
denial of service on the AD DC. The DoS affects all other services as "rpcecho" runs
in the main RPC task.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-42669
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-01-12 07:14:16 -05:00
dd23a99303
strongswan: upgrade 5.9.6 -> 5.9.12
...
* Drop backport patch 0001-enum-Fix-compiler-warning.patch.
* Drop backport patch CVE-2022-40617.patch
* Update RDEPENDS to fix strongswan startup failures:
plugin 'mgf1': failed to load - mgf1_plugin_create not found and no plugin file available
plugin 'fips-prf': failed to load - fips_prf_plugin_create not found and no plugin file available
plugin 'kdf': failed to load - kdf_plugin_create not found and no plugin file available
plugin 'drbg': failed to load - drbg_plugin_create not found and no plugin file available
* Drop PACKAGECONFIG[scep] as scepclient has been removed.
* Add plugin-gcm to RDEPENDS as gcm plugin has been added to the default
plugins.
ChangeLog:
https://github.com/strongswan/strongswan/releases/tag/5.9.7
https://github.com/strongswan/strongswan/releases/tag/5.9.8
https://github.com/strongswan/strongswan/releases/tag/5.9.9
https://github.com/strongswan/strongswan/releases/tag/5.9.10
https://github.com/strongswan/strongswan/releases/tag/5.9.11
https://github.com/strongswan/strongswan/releases/tag/5.9.12
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-01-12 07:14:16 -05:00
52e23d3fcd
wireshark: fix CVE-2022-4345 multiple (BPv6, OpenFlow, and Kafka protocol) dissector infinite loops
...
Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/39db474f80af87449ce0f034522dccc80ed4153f
Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-01-12 07:14:16 -05:00
e80ffdd368
wireshark: fix CVE-2023-1992 RPCoRDMA dissector crash
...
Upstream-Status: Backport from https://gitlab.com/colin.mcinnes/wireshark/-/commit/3c8be14c827f1587da3c2b3bb0d9c04faff5741
Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-01-12 07:14:16 -05:00
Zhang Peng
Jinfeng Wang
Jiaying Song
Haixiao Yan
Wang Mingyu
Armin Kuster
Yogita Urade
Colin McAllister
Fabrice Aeschbacher
Yi Zhao
Mingli Yu
Rohini Sangam
Peter Marko
Vijay Anusuri
Divya Chellam
Poonam Jadhav
Meenali Gupta
Hitendra Prajapati
Ashish Sharma
Soumya Sambu
Li Wang
Archana Polampalli
Vivek Kumbhar