CVE-2022-39836:
An issue was discovered in Connected Vehicle Systems Alliance (COVESA)
dlt-daemon through 2.18.8. Due to a faulty DLT file parser, a crafted
DLT file that crashes the process can be created. This is due to missing
validation checks. There is a heap-based buffer over-read of one byte.
CVE-2022-39837:
An issue was discovered in Connected Vehicle Systems Alliance (COVESA)
dlt-daemon through 2.18.8. Due to a faulty DLT file parser, a crafted
DLT file that crashes the process can be created. This is due to missing
validation checks. There is a NULL pointer dereference.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2022-39836https://nvd.nist.gov/vuln/detail/CVE-2022-39837
Upstream patch:
https://github.com/COVESA/dlt-daemon/commit/855e0017a980d2990c16f7dbf3b4983b48fac272
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Redis is an open source, in-memory database that persists on disk.
An authenticated user may use a specially crafted Lua script to
manipulate the garbage collector and potentially lead to remote
code execution. The problem is fixed in 7.4.2, 7.2.7, and 6.2.17.
An additional workaround to mitigate the problem without patching
the redis-server executable is to prevent users from executing Lua
scripts. This can be done using ACL to restrict EVAL and EVALSHA
commands.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-46981
Upstream-patch:
https://github.com/redis/redis/commit/e344b2b5879aa52870e6838212dfb78b7968fcbf
Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Redis is an open source, in-memory database that persists on disk.
Authenticated users can trigger a denial-of-service by using specially
crafted, long string match patterns on supported commands such as
`KEYS`, `SCAN`, `PSUBSCRIBE`, `FUNCTION LIST`, `COMMAND LIST` and ACL
definitions. Matching of extremely long patterns may result in
unbounded recursion, leading to stack overflow and process crash.
This problem has been fixed in Redis versions 6.2.16, 7.2.6, and 7.4.1.
Users are advised to upgrade. There are no known workarounds for this
vulnerability.
References:
https://security-tracker.debian.org/tracker/CVE-2024-31228
Upstream-patch:
https://github.com/redis/redis/commit/9317bf64659b33166a943ec03d5d9b954e86afb0
Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Redis is an in-memory database that persists on disk. On startup,
Redis begins listening on a Unix socket before adjusting its
permissions to the user-provided configuration. If a permissive
umask(2) is used, this creates a race condition that enables,
during a short period of time, another process to establish an
otherwise unauthorized connection. This problem has existed
since Redis 2.6.0-RC1. This issue has been addressed in Redis
versions 7.2.2, 7.0.14 and 6.2.14. Users are advised to upgrade.
For users unable to upgrade, it is possible to work around the
problem by disabling Unix sockets, starting Redis with a restrictive
umask, or storing the Unix socket file in a protected directory.
Reference:
https://security-tracker.debian.org/tracker/CVE-2023-45145
Upstream-patch:
https://github.com/redis/redis/commit/7f486ea6eebf0afce74f2e59763b9b82b78629dc
Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
CVE-2024-1454:
The use-after-free vulnerability was found in the AuthentIC driver in OpenSC packages,
occuring in the card enrolment process using pkcs15-init when a user or administrator
enrols or modifies cards. An attacker must have physical access to the computer system
and requires a crafted USB device or smart card to present the system with specially
crafted responses to the APDUs, which are considered high complexity and low severity.
This manipulation can allow for compromised card management operations during enrolment.
Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2024-1454]
Upstream patches:
[https://github.com/OpenSC/OpenSC/commit/5835f0d4f6c033bd58806d33fa546908d39825c9]
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
getVar() now defaults to expanding by default, thus remove the True
option from getVar() calls with a regex search and replace.
Signed-off-by: Akash Hadke <akash.hadke27@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Picked patches according to
http://w1.fi/security/2024-1/hostapd-and-radius-protocol-forgery-attacks.txt
First patch is style commit picked to have a clean cherry-pick of all
mentioned commits without any conflict.
Patch CVE-2024-3596_03.patch was removed as it only patched
wpa_supplicant. The patch names were not changed so it is comparable
with wpa_supplicant recipe.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Backport patch with tweaks for the current version to fix
CVE-2024-7254.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
CVE-2023-52160:
The implementation of PEAP in wpa_supplicant through 2.10 allows
authentication bypass. For a successful attack, wpa_supplicant must be
configured to not verify the network's TLS certificate during Phase 1
authentication, and an eap_peap_decrypt vulnerability can then be abused
to skip Phase 2 authentication. The attack vector is sending an EAP-TLV
Success packet instead of starting Phase 2. This allows an adversary to
impersonate Enterprise Wi-Fi networks.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2023-52160
Patch from:
https://w1.fi/cgit/hostap/commit/?id=8e6485a1bcb0baffdea9e55255a81270b768439c
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Branches used in langdale, mickledore, nanbield were re-written in upstream :(, fixes were sent to meta-oe:
langdale: https://lists.openembedded.org/g/openembedded-devel/message/107533
mickledore: https://lists.openembedded.org/g/openembedded-devel/message/107531
merged in:
https://git.openembedded.org/meta-openembedded/commit/?h=mickledore&id=b0d67900ae9e8911f734c25c0674fe55df8cd188
nanbield: https://lists.openembedded.org/g/openembedded-devel/message/107532
merged in:
https://git.openembedded.org/meta-openembedded/commit/?h=nanbield&id=2da6e1b0e43a8993fd422fee3f83940100b59f4c
fix for langdale wasn't ever fixed because it was sent after langdale
was already EOL, but looks like the version used in kirkstone got
broken recently as well, because master branch was removed:
poco/1.11.2-r0/git $ git branch -a --contains 9d1c428c861f2e5ccf09149bbe8d2149720c5896
* master
...
remotes/origin/dev-task-test-diag
remotes/origin/devel
remotes/origin/feat/acceptor-service-handler-args
remotes/origin/fix/posix-sleep
remotes/origin/issue-templates
remotes/origin/master
remotes/origin/poco-1.12.0
remotes/origin/poco-1.12.1
remotes/origin/poco-1.12.2
remotes/origin/poco-1.12.3
remotes/origin/poco-1.12.4
remotes/origin/poco-1.12.5
remotes/origin/poco-1.12.6
remotes/origin/poco-1.9.5-not-released
remotes/origin/poll-closed-server-test
remotes/origin/upgrade-ci-actions-to-v3
poco/1.11.2-r0/git $ git remote prune origin
Pruning origin
URL: https://github.com/pocoproject/poco.git
...
* [pruned] origin/android-ndk-action
* [pruned] origin/develop
* [pruned] origin/feat/wepoll
* [pruned] origin/fix/PollSet-race
* [pruned] origin/fix/swap-noexcept
* [pruned] origin/master
* [pruned] origin/poco-1.10.2
* [pruned] origin/poco-1.9.5
refs/remotes/origin/HEAD has become dangling!
poco/1.11.2-r0/git $ git branch -a --contains 9d1c428c861f2e5ccf09149bbe8d2149720c5896
* master
...
remotes/origin/dev-task-test-diag
remotes/origin/devel
remotes/origin/discourage-using-configure-and-make
remotes/origin/feat/acceptor-service-handler-args
remotes/origin/feat/json-logging
remotes/origin/fix/posix-sleep
remotes/origin/issue-templates
remotes/origin/main
remotes/origin/master-pre-1.13.0
remotes/origin/master-unused
remotes/origin/openssl_fix
remotes/origin/poco-1.12.0
remotes/origin/poco-1.12.1
remotes/origin/poco-1.12.2
remotes/origin/poco-1.12.3
remotes/origin/poco-1.12.4
remotes/origin/poco-1.12.5
remotes/origin/poco-1.12.6
remotes/origin/poco-1.13.0
remotes/origin/poco-1.13.1
remotes/origin/poco-1.13.2
remotes/origin/poco-1.13.3
remotes/origin/poco-1.13.4
remotes/origin/poco-1.9.5-not-released
remotes/origin/poll-closed-server-test
remotes/origin/release-1.14-changelog-authors
remotes/origin/search-support
remotes/origin/upgrade-ci-actions-to-v3
switch to main branch which is the most common and the least surprising.
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
* it was updated in nanbield with upgrade to 3.0.5 in:
fc0a506bde libjs-jquery-cookie: upgrade 3.0.1 -> 3.0.5
* drop duplicated protocol param as in mickledore:
2e0a581bee recipes: Remove double protocol= from SRC_URIs
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Fixes
DeprecationWarning: 'pipes' is deprecated and slated for removal in Python 3.13
pipes is an alias for shlex therefore switch to using shlex
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The branch names of several upstream repos have been changed, thus we
update the recipe to avoid fetching failure.
Signed-off-by: Ramax Lo <ramaxlo@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Yogita Urade
Martin Jansa
Virendra Thakur
Divya Chellam
Vijay Anusuri
Zhang Peng
Wang Mingyu
akash hadke
Mingli Yu
Khem Raj
Peter Marko
Chen Qi
hongxu
Yi Zhao
Ramax Lo
Liyin Zhang
Guocai He
