aa423dfd81
lldpd: Fix CVE-2023-41910
...
Adds patch to backport fix for CVE-2023-41910.
Signed-off-by: Colin McAllister <colin.mcallister@garmin.com >
Change-Id: Iab619f1f5ba26b1141dffea065c90ef0b180b46e
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-12-31 09:04:11 -05:00
54933d4bc0
mosquitto: upgrade 2.0.19 -> 2.0.20
...
Changelog:
==========
Broker:
- Fix QoS 1 / QoS 2 publish incorrectly returning "no subscribers".
Closes #3128 .
- Open files with appropriate access on Windows.
- Don't allow invalid response topic values.
- Fix some strict protocol compliance issues.
Client library:
- Fix cmake build on OS X.
Build:
- Fix build on NetBSD
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Peter Marko <peter.marko@siemens.com >
2024-12-31 08:59:59 -05:00
255faa7b69
mosquitto: upgrade 2.0.18 -> 2.0.19
...
- Solves CVE-2024-8376
- removed 1571.patch and 2894.patch, already applied in v2.0.19
https://github.com/eclipse/mosquitto/blob/v2.0.19/ChangeLog.txt
Signed-off-by: Fabrice Aeschbacher <fabrice.aeschbacher@siemens.com >
Reviewed-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Peter Marko <peter.marko@siemens.com >
2024-12-31 08:59:56 -05:00
84ebedfcf4
frr: fix multiple CVEs
...
CVE-2024-27913:
ospf_te_parse_te in ospfd/ospf_te.c in FRRouting (FRR) through 9.1
allows remote attackers to cause a denial of service (ospfd daemon
crash) via a malformed OSPF LSA packet, because of an attempted
access to a missing attribute field.
CVE-2024-34088:
In FRRouting (FRR) through 9.1, it is possible for the get_edge()
function in ospf_te.c in the OSPF daemon to return a NULL pointer.
In cases where calling functions do not handle the returned NULL
value, the OSPF daemon crashes, leading to denial of service.
CVE-2024-31950:
In FRRouting (FRR) through 9.1, there can be a buffer overflow and
daemon crash in ospf_te_parse_ri for OSPF LSA packets during an attempt
to read Segment Routing subTLVs (their size is not validated).
CVE-2024-31951:
In the Opaque LSA Extended Link parser in FRRouting (FRR) through 9.1,
there can be a buffer overflow and daemon crash in
ospf_te_parse_ext_link for OSPF LSA packets during an attempt to read
Segment Routing Adjacency SID subTLVs (lengths are not validated).
CVE-2024-31948:
In FRRouting (FRR) through 9.1, an attacker using a malformed Prefix SID
attribute in a BGP UPDATE packet can cause the bgpd daemon to crash.
Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2024-27913 ]
[https://nvd.nist.gov/vuln/detail/CVE-2024-34088 ]
[https://nvd.nist.gov/vuln/detail/CVE-2024-31951 ]
[https://nvd.nist.gov/vuln/detail/CVE-2024-31950 ]
[https://nvd.nist.gov/vuln/detail/CVE-2024-31948 ]
Upstream patches:
[https://github.com/FRRouting/frr/commit/a73e66d07329d721f26f3f336f7735de420b0183 ]
[https://github.com/FRRouting/frr/commit/8c177d69e32b91b45bda5fc5da6511fa03dc11ca ]
[https://github.com/FRRouting/frr/commit/5557a289acdaeec8cc63ffc97b5c2abf6dee7b3a ]
[https://github.com/FRRouting/frr/commit/f69d1313b19047d3d83fc2b36a518355b861dfc4 ]
[https://github.com/FRRouting/frr/commit/babb23b74855e23c987a63f8256d24e28c044d07 ]
[https://github.com/FRRouting/frr/commit/ba6a8f1a31e1a88df2de69ea46068e8bd9b97138 ]
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-12-08 15:00:01 -05:00
feb3793070
freeradius: upgrade 3.0.21 -> 3.0.27
...
ChangeLog:
https://github.com/FreeRADIUS/freeradius-server/releases/tag/release_3_0_27
Configuration changes:
BlastRADIUS mitigations have been added to the "security" section. See
require_message_authenticator and also limit_proxy_state.
BlastRADIUS mitigations have been added to radclient. See man radclient,
and the -b option.
Security fixes:
CVE-2024-3596:
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a
local attacker who can modify any valid Response (Access-Accept,
Access-Reject, or Access-Challenge) to any other response using a
chosen-prefix collision attack against MD5 Response Authenticator signature.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-3596
https://www.freeradius.org/security/
https://www.blastradius.fail/
https://www.inkbridgenetworks.com/web/content/2557?unique=47be02c8aed46c53b0765db185320249ad873d95
Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com >
[Drop CVE-2024-3596 patch backported early]
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-12-08 14:54:19 -05:00
adf635944c
openvpn: upgrade 2.5.6 -> 2.5.11
...
License-Update: Add Apache2 linking for new commits [1]
ChangeLog:
https://github.com/OpenVPN/openvpn/blob/v2.5.11/Changes.rst
Security fixes:
CVE-2024-5594: control channel: refuse control channel messages with
nonprintable characters in them.
Security scope: a malicious openvpn peer can send garbage to openvpn
log, or cause high CPU load.
[1] https://github.com/OpenVPN/openvpn/commit/4a89a55b8a9d6193957711bef74228796a185179
Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-12-08 14:39:17 -05:00
5782095b7b
open-vm-tools: Security fixes CVE-2023-34059
...
CVE-2023-34059:
open-vm-tools contains a file descriptor hijack vulnerability in the
vmware-user-suid-wrapper. A malicious actor with non-root privileges may
be able to hijack the /dev/uinput file descriptor allowing them to
simulate user inputs.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2023-34059
Patch from:
https://github.com/vmware/open-vm-tools/blob/CVE-2023-34059.patch/CVE-2023-34059.patch
Signed-off-by: Yi Zhao <yi.zhao@windriver.com >
Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-12-08 14:39:17 -05:00
33eb562e38
mbedtls: Upgrade 2.28.8 -> 2.28.9
...
The mbedtls 2.28.9 includes the security fix for CVE-2024-45157,
bug fixes and minor enhancements [1].
[1] https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-2.28.9
Signed-off-by: Mingli Yu <mingli.yu@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-12-08 14:39:17 -05:00
61b0967009
freeradius: Security fix for CVE-2024-3596
...
CVE fixed:
- CVE-2024-3596 freeradius: forgery attack
Upstream-Status: Backport from v3.0.x branch, commit range 3a00a6ecc188629b0441fd45ad61ca8986de156e..da643f1edc267ce95260dc36069e6f1a7a4d66f8
Signed-off-by: Rohini Sangam <rsangam@mvista.com >
Signed-off-by: Siddharth Doshi <sdoshi@mvista.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-12-08 14:39:17 -05:00
82a9ac867d
squid: conditionally set status of CVE-2024-45802
...
According to [1] the ESI feature implementation in squid is vulnerable
without any fix available.
NVD says it's fixed in 6.10, however the change in this release only
disables ESI by default (which we always did via PACKAGECONFIG).
Commit in master branch related to this CVE is [2].
Title is "Remove Edge Side Include (ESI) protocol" and it's also what it
does. So there will never be a fix for these ESI vulnerabilities.
We should not break features in LTS branch and cannot fix this problem.
So ignrore this CVE based on set PACKAGECONFIG which should remove it
from reports for most users. Thos who need ESI need to assess the risk
themselves.
[1] https://github.com/squid-cache/squid/security/advisories/GHSA-f975-v7qw-q7hj
[2] https://github.com/squid-cache/squid/commit/5eb89ef3d828caa5fc43cd8064f958010dbc8158
Signed-off-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-12-08 14:38:16 -05:00
b126eb3705
openipmi: upgrade 2.0.32->2.0.36
...
2c4ab4a6c03dd014ebhttps://sourceforge.net/p/openipmi/news/
Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-12-08 14:38:16 -05:00
6936b5ad4d
wireguard-tools: clean the do_fecth warning
...
Update SRC_URI, change the protocol to https.
do_fetch warning:
WARNING: wireguard-tools-1.0.20210914-r0 do_fetch: Failed to fetch URL
git://git.zx2c4.com/wireguard-tools;branch=master, attempting MIRRORS if
available
Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-12-08 14:38:16 -05:00
86878f61d1
tgt: Security fix for CVE-2024-45751
...
Upstream-Status: Backport from https://github.com/fujita/tgt/commit/abd8e0d987ab56013d360077202bf2aca20a42dd
Reference: https://ubuntu.com/security/CVE-2024-45751
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-10-13 11:13:42 -04:00
4d0efedaa6
frr: fix CVE-2024-44070
...
An issue was discovered in FRRouting (FRR) through 10.1.
bgp_attr_encap in bgpd/bgp_attr.c does not check the actual
remaining stream length before taking the TLV value.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-44070
Upstream patch:
https://github.com/FRRouting/frr/commit/0998b38e4d61179441f90dd7e7fd6a3a8b7bd8c5
Signed-off-by: Yogita Urade <yogita.urade@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-10-13 11:13:14 -04:00
07b6c57f4a
squid: Security fix CVE-2023-5824
...
References:
https://access.redhat.com/security/cve/cve-2023-5824
https://access.redhat.com/errata/RHSA-2023:7668
The patch is from RHEL8.
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-09-22 10:12:40 -04:00
e488bc8305
tcpreplay: Fix CVE-2023-4256
...
Add patch to fix tcpreplay CVE-2023-4256
dlt_jnpr_ether_cleanup: check config before cleanup
Links:
https://github.com/appneta/tcpreplay/pull/851
https://github.com/appneta/tcpreplay/issues/813#issuecomment-2245557093
Signed-off-by: Poonam Jadhav <poonam.jadhav@kpit.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-07-30 09:42:51 -04:00
cfcc9f9945
openvpn: fix multiple CVEs
...
CVE-2024-24974:
Previously, the VPN tool’s Windows implementation allowed remote access to
its service pipe, posing a security risk. Using compromised credentials, a
threat actor could communicate with OpenVPN to orchestrate attacks.
CVE-2024-27903:
OpenVPN has mitigated the risk by restricting plugin load. Plugins can
now only be loaded from the software’s install directory, the Windows
system directory, and the plugin_dir directory under the software’s installation.
CVE-2024-27459:
This vulnerability affects the interactive service component, potentially leading
to local privilege escalation when triggered by an oversized message.To mitigate
this risk, the VPN solution now terminates connections upon detecting excessively
large messages, preventing stack overflow exploits.
References:
https://openvpn.net/security-advisory/ovpnx-vulnerability-cve-2024-27903-cve-2024-27459-cve-2024-24974/
https://socradar.io/openvpn-fixed-multiple-vulnerabilities-on-windows/
https://community.openvpn.net/openvpn/wiki/CVE-2024-27903
https://community.openvpn.net/openvpn/wiki/CVE-2024-27459
https://community.openvpn.net/openvpn/wiki/CVE-2024-24974
Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-06-27 11:21:22 -04:00
d02d0149c7
mbedtls: upgrade 2.28.7->2.28.8
...
Includes security fixes for:
CVE-2024-28960 - Insecure handling of shared memory in PSA Crypto APIs
Release notes:
https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.8
Signed-off-by: Yogita Urade <yogita.urade@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-05-26 15:22:08 -04:00
a5000c12a2
wireshark: fix CVE-2023-6175
...
Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/3be1c99180a6fc48c34ae4bfc79bfd840b29ae3e
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com >
[manual fixed up]
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-04-28 13:10:23 -04:00
c0fbf5751a
wireshark: Backport fix for CVE-2024-2955
...
Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/6fd3af5e999c71df67c2cdcefb96d0dc4afa5341 ]
Signed-off-by: Ashish Sharma <asharma@mvista.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-04-28 13:10:23 -04:00
8bb1653353
dnsmasq: Upgrade 2.87 -> 2.90
...
Fixes CVE-2023-50387 and CVE-2023-50868
Remove backported CVE patch.
Remove patch for lua as hardcoding lua version was removed.
Changelog:
===========
https://thekelleys.org.uk/dnsmasq/CHANGELOG
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-03-25 07:11:05 -04:00
4f2d6f6a8b
openvpn: ignore CVE-2023-7235
...
This CVE is related to OpenVPN 2.x GUI on Windows.
References:
https://community.openvpn.net/openvpn/wiki/CVE-2023-7235
https://security-tracker.debian.org/tracker/CVE-2023-7235
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-03-25 07:11:05 -04:00
fda737ec0c
mbedtls: Upgrade 3.5.0 -> 3.5.2
...
* Includes security fix for CVE-2024-23170 - Timing side channel in private key RSA operations
* Includes security fix for CVE-2024-23775 - Buffer overflow in mbedtls_x509_set_extension()
Use canonical URL, add UPSTREAM_CHECK_GITTAGREGEX.
License-update: Upstream clarified licensing as dual Apache-2.0 or GPL-2.0 or later
Changelog:
https://github.com/Mbed-TLS/mbedtls/blob/v3.5.2/ChangeLog
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-02-28 08:18:18 -05:00
7d07ad5700
mbedtls: upgrade 2.28.5 -> 2.28.7
...
Includes security fixes for:
CVE-2024-23170 - Timing side channel in private key RSA operations
CVE-2024-23775 - Buffer overflow in mbedtls_x509_set_extension()
License updated to dual Apache-2.0 OR GPL-2.0-or-later.
Changelog:
https://github.com/Mbed-TLS/mbedtls/blob/v2.28.7/ChangeLog
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-02-28 08:18:18 -05:00
5800571ad7
squid: Backport fix for CVE-2023-49286 and CVE-2023-50269
...
import patches from ubuntu to fix
CVE-2023-49286
CVE-2023-50269
Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/squid/tree/debian/patches?h=ubuntu/focal-security&id=9ccd217ca9428c9a6597e9310a99552026b245fa
Upstream commit
https://github.com/squid-cache/squid/commit/6014c6648a2a54a4ecb7f952ea1163e0798f9264
&
https://github.com/squid-cache/squid/commit/9f7136105bff920413042a8806cc5de3f6086d6d ]
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-02-28 08:18:18 -05:00
667850f086
postfix: Backport fix for CVE-2023-51764
...
Import patches from ubuntu launchpad fix CVE-2023-51764
Upstream-Status: Backport from [https://launchpad.net/ubuntu/+source/postfix/3.6.4-1ubuntu1.3 ]
Signed-off-by: Ashish Sharma <asharma@mvista.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-02-07 18:41:41 -05:00
f81b181933
squid: backport Debian patch for CVE-2023-46728 and CVE-2023-46846
...
import patches from ubuntu to fix
CVE-2023-46728
CVE-2023-46846
Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/squid/tree/debian/patches?h=ubuntu/focal-security&id=9ccd217ca9428c9a6597e9310a99552026b245fa
Upstream commit
https://github.com/squid-cache/squid/commit/6ea12e8fb590ac6959e9356a81aa3370576568c3
&
https://github.com/squid-cache/squid/commit/417da4006cf5c97d44e74431b816fc58fec9e270
&
https://github.com/squid-cache/squid/commit/05f6af2f4c85cc99323cfff6149c3d74af661b6d ]
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-02-07 18:41:41 -05:00
5f46d71fca
wireshark: Fix for CVE-2023-4511
...
Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/ef9c79ae81b00a63aa8638076ec81dc9482972e9
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-02-07 18:41:41 -05:00
182c4742c6
radvd: add '--shell /sbin/nologin' to /etc/passwd
...
the default setting USERADD_PARAM of yocto:
-s /bin/sh
follow redhat policy:
radvd/redhat/systemd/radvd.spec
useradd ... -s /sbin/nologin ...
Signed-off-by: Li Wang <li.wang@windriver.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-02-07 18:41:41 -05:00
c5008af2c5
samba: fix CVE-2023-0922
...
The Samba AD DC administration tool, when operating against a remote LDAP server,
will by default send new or reset passwords over a signed-only connection.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-0922
Upstream patches:
https://github.com/samba-team/samba/commit/04e5a7eb03a
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-02-07 18:41:41 -05:00
dbb7b798f9
samba: fix CVE-2018-14628
...
An information leak vulnerability was discovered in Samba's LDAP server.
Due to missing access control checks, an authenticated but unprivileged
attacker could discover the names and preserved attributes of deleted
objects in the LDAP store.
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-02-07 18:41:41 -05:00
cda1751e2e
wireshark: fix CVE-2024-0208 GVCP dissector crash
...
Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/a8586fde3a6512466afb2a660538ef3fe712076b
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-02-07 18:41:41 -05:00
b72149572d
squid: Backport fix for CVE-2023-49285
...
Upstream-Status: Backport [https://github.com/squid-cache/squid/commit/77b3fb4df0f126784d5fd4967c28ed40eb8d521b ]
Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-02-07 18:41:40 -05:00
ce9c0d7617
strongswan: upgrade 5.9.12 -> 5.9.13
...
Changelog:
- Fixes a regression with handling OCSP error responses and adds a new
option to specify the length of nonces in OCSP requests. Also adds some
other improvements for OCSP handling and fuzzers for OCSP
requests/responses.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 5be2e20157akuster808@gmail.com >
(cherry picked from commit b135007c8ff43c18dd0593b5115d46dc6362675f)
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-02-05 07:37:06 -05:00
730e44900a
proftpd: Fix CVE-2023-51713 Out-of-bounds buffer read
...
Upstream-Status: Backport from https://github.com/proftpd/proftpd/commit/97bbe68363ccf2de0c07f67170ec64a8b4d62592
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-01-12 07:14:16 -05:00
9843839b23
samba: fix CVE-2023-42669
...
A vulnerability was found in Samba's "rpcecho" development server, a non-Windows
RPC server used to test Samba's DCE/RPC stack elements. This vulnerability stems
from an RPC function that can be blocked indefinitely. The issue arises because
the "rpcecho" service operates with only one worker in the main RPC task, allowing
calls to the "rpcecho" server to be blocked for a specified time, causing service
disruptions. This disruption is triggered by a "sleep()" call in the "dcesrv_echo_TestSleep()"
function under specific conditions. Authenticated users or attackers can exploit this
vulnerability to make calls to the "rpcecho" server, requesting it to block for a
specified duration, effectively disrupting most services and leading to a complete
denial of service on the AD DC. The DoS affects all other services as "rpcecho" runs
in the main RPC task.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-42669
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-01-12 07:14:16 -05:00
dd23a99303
strongswan: upgrade 5.9.6 -> 5.9.12
...
* Drop backport patch 0001-enum-Fix-compiler-warning.patch.
* Drop backport patch CVE-2022-40617.patch
* Update RDEPENDS to fix strongswan startup failures:
plugin 'mgf1': failed to load - mgf1_plugin_create not found and no plugin file available
plugin 'fips-prf': failed to load - fips_prf_plugin_create not found and no plugin file available
plugin 'kdf': failed to load - kdf_plugin_create not found and no plugin file available
plugin 'drbg': failed to load - drbg_plugin_create not found and no plugin file available
* Drop PACKAGECONFIG[scep] as scepclient has been removed.
* Add plugin-gcm to RDEPENDS as gcm plugin has been added to the default
plugins.
ChangeLog:
https://github.com/strongswan/strongswan/releases/tag/5.9.7
https://github.com/strongswan/strongswan/releases/tag/5.9.8
https://github.com/strongswan/strongswan/releases/tag/5.9.9
https://github.com/strongswan/strongswan/releases/tag/5.9.10
https://github.com/strongswan/strongswan/releases/tag/5.9.11
https://github.com/strongswan/strongswan/releases/tag/5.9.12
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-01-12 07:14:16 -05:00
52e23d3fcd
wireshark: fix CVE-2022-4345 multiple (BPv6, OpenFlow, and Kafka protocol) dissector infinite loops
...
Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/39db474f80af87449ce0f034522dccc80ed4153f
Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-01-12 07:14:16 -05:00
e80ffdd368
wireshark: fix CVE-2023-1992 RPCoRDMA dissector crash
...
Upstream-Status: Backport from https://gitlab.com/colin.mcinnes/wireshark/-/commit/3c8be14c827f1587da3c2b3bb0d9c04faff5741
Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-01-12 07:14:16 -05:00
402affcc07
squid: fix CVE-2023-46847 Denial of Service in HTTP Digest Authentication
...
Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2023-12-13 13:35:51 -05:00
ad3dc46c87
samba: fix CVE-2023-4091
...
A vulnerability was discovered in Samba, where the flaw allows SMB clients to
truncate files, even with read-only permissions when the Samba VFS module
"acl_xattr" is configured with "acl_xattr:ignore system acls = yes". The SMB
protocol allows opening files when the client requests read-only access but
then implicitly truncates the opened file to 0 bytes if the client specifies
a separate OVERWRITE create disposition request. The issue arises in configurations
that bypass kernel file system permissions checks, relying solely on Samba's permissions.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-4091
Fix is patched to the function call smbd_check_access_rights_fsp() of open_file(),
But in samba_4.14.14 smbd_check_access_rights() is used, from samba_4.15.0 onwards
smbd_check_access_rights() was replaced with smbd_check_access_rights_fsp() and
samba_4.14.14 is still vulnerable through smbd_check_access_rights().
Ref:
https://github.com/samba-team/samba/commit/3f61369d153419158c0f223e6f81c0bb07275833
https://github.com/samba-team/samba/commit/26dc10bdb2cff3eece4a2874931b4058f9f87d68
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2023-12-13 13:35:51 -05:00
cdab5037c9
frr: Fix for multiple CVE's
...
Backport the below CVE fixes.
CVE-2023-38406: https://security-tracker.debian.org/tracker/CVE-2023-38406
CVE-2023-38407: https://security-tracker.debian.org/tracker/CVE-2023-38407
CVE-2023-46752: https://security-tracker.debian.org/tracker/CVE-2023-46752
CVE-2023-46753: https://security-tracker.debian.org/tracker/CVE-2023-46753
CVE-2023-47234: https://security-tracker.debian.org/tracker/CVE-2023-47234
CVE-2023-47235: https://security-tracker.debian.org/tracker/CVE-2023-47235
Signed-off-by: Narpat Mali <narpat.mali@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2023-12-13 13:35:51 -05:00
866d658c9e
meta-networking: Drop broken BBCLASSEXTEND variants
...
The command "bitbake universe -c fetch" currently throws a ton of warnings
as there are many 'impossible' dependencies.
In some cases these variants may never have worked and were just added by copy
and paste of recipes. In some cases they once clearly did work but became
broken somewhere along the way. Users may also be carrying local bbappend files
which add further BBCLASSEXTEND.
Having universe fetch work without warnings is desireable so clean up the broken
variants. Anyone actually needing something dropped here can propose adding it
and the correct functional dependencies back quite easily. This also then
ensures we're not carrying or fixing things nobody uses.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit e1b332f2efyoann.congal@smile.fr >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2023-11-17 10:48:54 -05:00
a7e6f56a68
traceroute: upgrade 2.1.0 -> 2.1.3
...
This upgrade incorporates the CVE-2023-46316 fix and other bug fixes.
Changelog:
----------
- Interpret ipv4-mapped ipv6 addresses (::ffff:A.B.C.D) as true ipv4.
- Return back more robast poll(2) loop handling.
- Fix unprivileged ICMP tracerouting with Linux kernel >= 6.1 (Eric Dumazet, SF bug #14 )
- Fix command line parsing in wrappers.
References:
https://security-tracker.debian.org/tracker/CVE-2023-46316
https://sourceforge.net/projects/traceroute/files/traceroute/traceroute-2.1.3/
Signed-off-by: Narpat Mali <narpat.mali@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2023-11-14 18:50:30 -05:00
65cacf8258
open-vm-tools: fix CVE-2023-34058
...
A flaw was found in open-vm-tools. This flaw allows a malicious actor that
has been granted Guest Operation Privileges in a target virtual machine to
elevate their privileges if that target virtual machine has been assigned
a more privileged Guest Alias.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2023-34058
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com >
[minor fixup]
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2023-11-14 18:49:53 -05:00
0b1520a35c
open-vm-tools: fix CVE-2023-20900
...
A malicious actor that has been granted Guest Operation Privileges
https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID
-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine
may be able to elevate their privileges if that target virtual machine
has been assigned a more privileged Guest Alias https://vdc-download .
vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31
e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-20900
https://security-tracker.debian.org/tracker/CVE-2023-20900
Signed-off-by: Narpat Mali <narpat.mali@windriver.com >
[Minor fixup]
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2023-11-14 18:44:48 -05:00
579558c87f
mbedtls: upgrade 3.4.0 -> 3.5.0
...
* Includes security fix for CVE-2023-43615 - Buffer overread in TLS stream cipher suites
* Includes security fix for CVE-2023-45199 - Buffer overflow in TLS handshake parsing with ECDH
* Includes aesce compilation fixes
Full changelog: https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.5.0
The extra patch fixes x86 32-bit builds.
Signed-off-by: Beniamin Sandu <beniaminsandu@gmail.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2023-11-03 10:49:47 -04:00
79a6f60dab
mbedtls: upgrade 2.28.2 -> 2.28.5
...
This release includes security fix for CVE-2023-43615.
Changelog:
https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-2.28.5
Signed-off-by: Yi Zhao <yi.zhao@windriver.com >
[Minor tweak to get it to apply]
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2023-10-17 09:07:38 -04:00
1d0d7f6e77
mbedtls: set up /usr/bin/hello as alternative
...
As mbedtls installs this rather generically-named /usr/bin/hello binary,
it conflicts with the one provided by lmbench, hence set it up as an
alternative to avoid conflicts when both are installed to rootfs or SDK.
Signed-off-by: Denys Dmytriyenko <denis@denix.org >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2023-10-17 08:52:32 -04:00
8808a69b6c
mosquitto: add missing Upstream-Status
...
Signed-off-by: Martin Jansa <martin.jansa@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2023-10-17 08:51:15 -04:00
Colin McAllister
Wang Mingyu
Fabrice Aeschbacher
Zhang Peng
Haixiao Yan
Yi Zhao
Mingli Yu
Rohini Sangam
Peter Marko
Jiaying Song
Vijay Anusuri
Divya Chellam
Poonam Jadhav
Meenali Gupta
Yogita Urade
Hitendra Prajapati
Ashish Sharma
Soumya Sambu
Li Wang
Archana Polampalli
Vivek Kumbhar
Narpat Mali
Richard Purdie
Beniamin Sandu
Yi Zhao
Denys Dmytriyenko
Martin Jansa