46091f4925
open-vm-tools: fix CVE-2025-41244
...
VMware Aria Operations and VMware Tools contain a local privilege
escalation vulnerability. A malicious local actor with non-administrative
privileges having access to a VM with VMware Tools installed and managed
by Aria Operations with SDMP enabled may exploit this vulnerability
to escalate privileges to root on the same VM.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-41244
Upstream-patch:
https://github.com/vmware/open-vm-tools/commit/7ed196cf01f8acd09011815a605b6733894b8aab
Signed-off-by: Rajeshkumar Ramasamy <rajeshkumar.ramasamy@windriver.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-10-30 14:43:30 +08:00
065ff23049
dovecot: patch CVE-2022-30550
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-30550
Pick the commit referenced in https://www.openwall.com/lists/oss-security/2022/07/08/1
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-10-06 16:10:53 +08:00
64981bc057
civetweb: patch CVE-2025-55763
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-55763
Pick the relevant commit from https://github.com/civetweb/civetweb/pull/1347/
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com >
2025-10-06 16:10:34 +08:00
adcb6e9841
ssmping: Use debian mirror for SRC_URI
...
Original URI is not accessible anymore
Drop md5sum
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit ceb9160341anuj.mittal@intel.com >
2025-09-23 16:30:15 +08:00
9a3078e6fe
rp-pppoe: update SRC_URI
...
Upstream repository url changed.
Fixes unsuccessful fetch warning.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit c400aca52aanuj.mittal@intel.com >
2025-09-23 16:30:15 +08:00
429e7401a2
nng: Rename default branch of github.com:nanomsg/nng.git
...
Default branch is renamed from `master` to `main`. Commitshas are the
same.
Signed-off-by: Jeroen Knoops <jeroen.knoops@philips.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 58679b6a51anuj.mittal@intel.com >
2025-09-23 16:30:14 +08:00
371879bee7
geoip: fix do_fetch error
...
Change the SRC_URI to the correct value due to the following error:
ERROR: geoip-1.6.12-r0 do_fetch: Bitbake Fetcher Error: FetchError('Unable to fetch URL from any source.', 'http://sources.openembedded.org/GeoIP.dat.20181205.gz;apply=no;name=GeoIP-dat ;')
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit aadc2ac9dcanuj.mittal@intel.com >
2025-09-23 16:30:14 +08:00
c29a18fa39
mbedtls: drop tag parameter from SRC_URI.
...
Signed-off-by: kjlau0112 <karn.jye.lau@intel.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
2025-08-18 08:35:05 -07:00
ba84c52d55
libcoap: patch CVE-2024-31031
...
Pick commit [1] from [2] which fixes [3] as listed in [4].
[1] https://github.com/obgm/libcoap/commit/214665ac4b44b1b6a7e38d4d6907ee835a174928
[2] https://github.com/obgm/libcoap/pull/1352
[3] https://github.com/obgm/libcoap/issues/1351
[4] https://nvd.nist.gov/vuln/detail/CVE-2024-31031
Signed-off-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-08-02 13:37:04 -04:00
21e370fd3c
open-vm-tools: fix CVE-2025-22247
...
VMware Tools contains an insecure file handling vulnerability.
\xa0A malicious actor with non-administrative privileges on a
guest VM may tamper the local files to trigger insecure file
operations within that VM.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-22247
Upstream patch: Backport from https://github.com/vmware/open-vm-tools/blob/CVE-2025-22247.patch/CVE-2025-22247-1230-1250-VGAuth-updates.patch
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-08-02 13:37:04 -04:00
2c9126bd0d
mbedtls: upgrade 3.6.3.1 -> 3.6.4
...
Fixes several security vulnerabilities:
CVE-2025-49601, CVE-2025-49600, CVE-2025-52496,
CVE-2025-47917, CVE-2025-48965, CVE-2025-52497,
and CVE-2025-49087
The framework directory has been changed into a git submodule.[1][2]
The recipe now uses Git Submodule Fetcher (gitsm)
Changelog:
https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.4
[1] https://github.com/Mbed-TLS/mbedtls/commit/8cf5666a174237998a7965e284d7ba8c1655d16d
[2] https://github.com/Mbed-TLS/mbedtls/commit/c90c6d8ff787ab8787d9373b0e662a95ed1f4dae
Signed-off-by: Guðni Már Gilbert <gudni.m.g@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-08-02 13:37:04 -04:00
6dedea4262
mbedtls: upgrade 3.6.3 -> 3.6.3.1
...
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-08-02 13:34:07 -04:00
fb6424156a
postfix: fix rootfs file difference
...
Rootfs file differs with the same project configure, add preliminary
setting to avoid this.
Signed-off-by: Jinfeng Wang <jinfeng.wang.cn@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-08-02 13:13:14 -04:00
1e80bb4b03
proftpd: Fix CVE-2023-51713
...
Upstream-Status: Backport from https://github.com/proftpd/proftpd/commit/97bbe68363ccf2de0c07f67170ec64a8b4d62592
Link: https://git.openembedded.org/meta-openembedded/commit/?h=kirkstone&id=730e44900a0a86265bad93a16b5a5ff344a07266
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-08-02 13:13:06 -04:00
4a58c21334
tcpreplay: fix CVE-2024-22654
...
tcpreplay v4.4.4 was discovered to contain an infinite loop via the tcprewrite function at get.c.
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-07-10 20:13:26 -04:00
6885bcddd4
wireshark: upgrade 4.2.9 -> 4.2.12
...
releasenote:
https://www.wireshark.org/docs/relnotes/wireshark-4.2.12.html
https://www.wireshark.org/docs/relnotes/wireshark-4.2.11.html
https://www.wireshark.org/docs/relnotes/wireshark-4.2.10.html
Includes security fix CVE-2025-5601
License-Update: Update GPL copies for FSF no longer having an address
Link: https://github.com/wireshark/wireshark/commit/18e4db97c424c11cb26fa7fef97b95dd3d001bb1
The 4.2.9 was not longer available at the original SRC_URI.
At the new SRC_URI all version of the wireshark releases are available.
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-07-10 20:05:56 -04:00
40c9f33ad2
chrony: use inherit_defer for conditional inherit of useradd
...
[ Upstream commit 63df976d8eafenkart@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Clayton Casciato <majortomtosourcecontrol@gmail.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-06-23 16:57:53 -04:00
491671faee
proftpd: Fix CVE-2024-57392
...
Upstream-Status: Backport from https://github.com/proftpd/proftpd/commit/981a37916fdb7b73435c6d5cdb01428b2269427d
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-05-21 09:17:27 -04:00
1d4fbb2b77
openvpn: upgrade 2.6.12 -> 2.6.14
...
This includes CVE-fix for CVE-2025-2704
Changelog:
==========
https://github.com/OpenVPN/openvpn/releases
For full details, refer to:
https://github.com/OpenVPN/openvpn/compare/v2.6.12...v2.6.14
Signed-off-by: Divya Chellam <divya.chellam@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-04-16 20:33:50 -04:00
2ae4880410
mbedtls: 3.6.2 -> 3.6.3
...
ChangeLog:
https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.3
Remove mbedtls-framework repository, as the framework is now added
as a flat directory rather than a submodule[1][2].
[1] https://github.com/Mbed-TLS/mbedtls/commit/b41194ce7f2fda63bf5959588631eba73c5c621e
[2] https://github.com/Mbed-TLS/mbedtls/commit/2c824b4fe5dab7e1526560be203bf705857e372a
Signed-off-by: Yi Zhao <yi.zhao@windriver.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Yogita Urade <yogita.urade@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-04-16 20:33:47 -04:00
5675f4481b
mbedtls: upgrade 2.28.9 -> 2.28.10
...
ChangeLog
https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-2.28.10
Signed-off-by: Yi Zhao <yi.zhao@windriver.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Yogita Urade <yogita.urade@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-04-16 20:33:43 -04:00
95d57ab55b
fwknop: Specify target locations of gpg and wget
...
This fixes emitting buildpaths into binary and also
fixes the issue where these tools wont exist on
the paths they were found on build machine
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Armin Kuster <akuster@mvista.com >
2025-04-16 20:30:24 -04:00
4b7999ed5d
fetchmail: disable rpath to fix buildpaths warning.
...
There was an error with the last modification to the buildpaths warning, which could cause segment error.
fix the following warning about buildpath:
WARNING: fetchmail-6.4.38-r0 do_package_qa: QA Issue: File /usr/bin/fetchmail in package fetchmail contains reference to TMPDIR [buildpaths]
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Armin Kuster <akuster@mvista.com >
2025-04-16 20:30:24 -04:00
c348e10438
fetchmail: Fix buildpaths warning.
...
WARNING: fetchmail-6.4.38-r0 do_package_qa: QA Issue: File /usr/bin/fetchmail in package fetchmail contains reference to TMPDIR [buildpaths]
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Armin Kuster <akuster@mvista.com >
2025-04-16 20:30:24 -04:00
a627269b8a
keepalived: Make build reproducible
...
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Armin Kuster <akuster@mvista.com >
2025-04-16 20:30:23 -04:00
0242b8f2bd
rdist: Fix contains reference to TMPDIR [buildpaths] warning
...
Pass OE cflags to makefile
WARNING: rdist-6.1.5-r0 do_package_qa: QA Issue: File /usr/bin/.debug/rdistd in package rdist-dbg contains reference to TMPDIR
File /usr/bin/.debug/rdist in package rdist-dbg contains reference to TMPDIR [buildpaths]
Signed-off-by: alperak <alperyasinak1@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Armin Kuster <akuster@mvista.com >
2025-04-16 20:30:23 -04:00
829fa434c3
blueman: Fix buildpathe issue with cython generated code
...
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Cc: Markus Volk <f_l_k@t-online.de >
Signed-off-by: Armin Kuster <akuster@mvista.com >
2025-04-16 20:30:23 -04:00
57b939762c
wolfssl: Add packageconfig for reproducible build
...
Make this option turned on by default
Fixes
WARNING: wolfssl-5.7.2-r0 do_package_qa: QA Issue: File /usr/lib/libwolfssl.so.42.2.0 in package wolfssl contains reference to TMPDIR [buildpaths]
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Armin Kuster <akuster@mvista.com >
2025-04-16 20:30:02 -04:00
cd1aa14313
wireshark: upgrade 4.2.7 -> 4.2.9
...
Fixes CVE-2024-11595 CVE-2024-11596
Removed CVE-2024-9781.patch which is already fixed in 4.2.8 version
Release notes:
https://www.wireshark.org/docs/relnotes/wireshark-4.2.8.html
https://www.wireshark.org/docs/relnotes/wireshark-4.2.9.html
Reference:
https://www.wireshark.org/security/wnpa-sec-2024-15.html
https://www.wireshark.org/security/wnpa-sec-2024-14.html
https://www.wireshark.org/security/wnpa-sec-2024-13.html
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-03-23 15:29:23 -04:00
3e3de7632e
wolfssl: Upgrade 5.7.0 -> 5.7.2
...
The upgrade includes many vulnerability fixes, new features and
inhancements, refer to:
https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.2-stable
Signed-off-by: Sofiane HAMAM <sofiane.hamam@smile.fr >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-03-23 15:27:16 -04:00
7bc1db1659
Wolfssl: add ptest
...
Add ptest for Wolfssl package.
Set IMAGE_ROOTFS_EXTRA_SPACE:virtclass-mcextend-wolfssl to 700M
enough to avoid a "No space left on device".
BEGIN: /usr/lib/wolfssl/ptest
Wolfssl ptest logs are stored in /tmp/wolfss_temp.qvuQ9h/ptest.log
Test script returned: 0
unit_test: Success for all configured tests.
PASS: Wolfssl
DURATION: 7
END: /usr/lib/wolfssl/ptest
Signed-off-by: Sofiane HAMAM <sofiane.hamam@smile.fr >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-03-23 15:27:08 -04:00
454cc11317
unbound: Fix CVE-2024-8508
...
Malicious upstreams responses with very large RRsets can cause Unbound
to spend a considerable time applying name compression to downstream
replies. This can lead to degraded performance and eventually denial of
service in well orchestrated attacks.
Reference: https://nvd.nist.gov/vuln/detail/cve-2024-8508
Signed-off-by: Virendra Thakur <virendrak@kpit.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-03-07 19:40:44 -05:00
dd3dca0d01
ebtables: Remove the dependecy on bash
...
Rewrite ebtables-legacy-save to avoid using bashisms.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-03-03 08:03:37 -05:00
d7e5d4796c
mdio-tools: fix mdio-netlink kernel module reproducibility
...
mdio-netlink source make reference to ${S}/.. which breaks
-fdebug-prefix-map and results in the full TMPDIR path being present in
the -dbg package and, also, change a related CRC in the main package.
This changes ${S} to enclose the whole SRC_URI repo and adapt relative paths to
build (MODULES_MODULE_SYMVERS_LOCATION)
This make mdio-netlink reproducible and fixes this warning:
WARNING: mdio-netlink-1.3.1-r0 do_package_qa: QA Issue: File /lib/modules/6.6.29-yocto-standard/updates/.debug/mdio-netlink.ko in package mdio-netlink-dbg contains reference to TMPDIR [buildpaths]
Signed-off-by: Yoann Congal <yoann.congal@smile.fr >
Reviewed-by: Alexandre Truong <alexandre.truong@smile.fr >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit d161de0b00akuster808@gmail.com >
2025-02-04 14:41:20 -08:00
19bb449400
wireshark 4.2.7: Fix CVE-2024-9781
...
Upstream Repository: https://gitlab.com/wireshark/wireshark.git
Bug Details: https://nvd.nist.gov/vuln/detail/CVE-2024-9781
Type: Security Fix
CVE: CVE-2024-9781
Score: 7.8
Patch: https://gitlab.com/wireshark/wireshark/-/commit/cad248ce3bf5
Signed-off-by: Shubham Pushpkar <spushpka@cisco.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-01-20 19:26:03 -05:00
a000fcb1b5
chrony: fix do_fetch error
...
Change the SRC_URI to the correct value due to the following error:
WARNING: chrony-4.5-r0.wr2401 do_fetch: Failed to fetch URL https://download.tuxfamily.org/chrony/chrony-4.5.tar.gz , attempting MIRRORS if available
Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-01-20 19:25:07 -05:00
c04b722e9b
ndisc6: Fix reproducible build
...
includes the CFLAGS used to build the package in
the binary via PACKAGE_CONFIGURE_INVOCATION which then includes the
absolute build path via (eg.) the -ffile-prefix-map flag.
Here we remove using variables like PACKAGE_CONFIGURE_INVOCATION in code
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-12-15 14:14:43 -05:00
6d4f8294b4
ndisc: Remove buildpaths from binaries
...
configure emits its arguments into binaries via PACKAGE_CONFIGURE_INVOCATION
therefore edit the paths from this in generated config.h before it gets into
binaries.
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-12-15 14:14:39 -05:00
3b0f220870
mosquitto: upgrade 2.0.19 -> 2.0.20
...
Changelog:
==========
Broker:
- Fix QoS 1 / QoS 2 publish incorrectly returning "no subscribers".
Closes #3128 .
- Open files with appropriate access on Windows.
- Don't allow invalid response topic values.
- Fix some strict protocol compliance issues.
Client library:
- Fix cmake build on OS X.
Build:
- Fix build on NetBSD
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Bruno VERNAY <bruno.vernay@se.com >
Signed-off-by: Hugo SIMELIERE <hsimeliere.opensource@witekio.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-12-15 14:05:30 -05:00
2d019956a6
mosquitto: upgrade 2.0.18 -> 2.0.19
...
- Solves CVE-2024-8376
- removed 1571.patch and 2894.patch, already applied in v2.0.19
https://github.com/eclipse/mosquitto/blob/v2.0.19/ChangeLog.txt
Signed-off-by: Fabrice Aeschbacher <fabrice.aeschbacher@siemens.com >
Reviewed-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Bruno VERNAY <bruno.vernay@se.com >
Signed-off-by: Hugo SIMELIERE <hsimeliere.opensource@witekio.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-12-15 14:05:20 -05:00
df0a87ca52
frr: fix CVE-2024-31949
...
CVE-2024-31949:
In FRRouting (FRR) through 9.1, an infinite loop can occur when receiving a MP/GR
capability as a dynamic capability because malformed data results in a pointer not advancing.
Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2024-31949 ]
Upstream patches:
[https://github.com/FRRouting/frr/commit/30a332dad86fafd2b0b6c61d23de59ed969a219b ]
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-12-15 13:57:40 -05:00
2d7769f90b
frr: fix CVE-2024-31948
...
CVE-2024-31948:
In FRRouting (FRR) through 9.1, an attacker using a malformed Prefix SID attribute
in a BGP UPDATE packet can cause the bgpd daemon to crash.
Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2024-31948 ]
Upstream patches:
[https://github.com/FRRouting/frr/commit/ba6a8f1a31e1a88df2de69ea46068e8bd9b97138 ]
[https://github.com/FRRouting/frr/commit/babb23b74855e23c987a63f8256d24e28c044d07 ]
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-12-15 13:57:37 -05:00
483946a97b
frr: fix CVE-2024-31951
...
CVE-2024-31951:
In the Opaque LSA Extended Link parser in FRRouting (FRR) through 9.1, there can be a
buffer overflow and daemon crash in ospf_te_parse_ext_link for OSPF LSA packets during
an attempt to read Segment Routing Adjacency SID subTLVs (lengths are not validated).
Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2024-31951 ]
Upstream patches:
[https://github.com/FRRouting/frr/commit/5557a289acdaeec8cc63ffc97b5c2abf6dee7b3a ]
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-12-15 13:57:33 -05:00
327470f000
frr: fix CVE-2024-31950
...
CVE-2024-31950:
In FRRouting (FRR) through 9.1, there can be a buffer overflow and daemon crash in
ospf_te_parse_ri for OSPF LSA packets during an attempt to read Segment Routing subTLVs
(their size is not validated).
Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2024-31950 ]
Upstream patches:
[https://github.com/FRRouting/frr/commit/f69d1313b19047d3d83fc2b36a518355b861dfc4 ]
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-12-15 13:57:29 -05:00
9c352814e4
frr: fix CVE-2024-34088
...
CVE-2024-34088:
In FRRouting (FRR) through 9.1, it is possible for the get_edge() function in ospf_te.c
in the OSPF daemon to return a NULL pointer. In cases where calling functions do not
handle the returned NULL value, the OSPF daemon crashes, leading to denial of service.
Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2024-34088 ]
Upstream patches:
[https://github.com/FRRouting/frr/commit/8c177d69e32b91b45bda5fc5da6511fa03dc11ca ]
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-12-15 13:57:26 -05:00
b8d1a14f7f
freeradius: upgrade 3.2.3 -> 3.2.5
...
ChangeLog:
https://github.com/FreeRADIUS/freeradius-server/releases/tag/release_3_2_4
https://github.com/FreeRADIUS/freeradius-server/releases/tag/release_3_2_5
Security fixes:
CVE-2024-3596:
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a
local attacker who can modify any valid Response (Access-Accept,
Access-Reject, or Access-Challenge) to any other response using a
chosen-prefix collision attack against MD5 Response Authenticator
signature.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-3596
https://www.freeradius.org/security/
https://www.blastradius.fail/
https://www.inkbridgenetworks.com/web/content/2557?unique=47be02c8aed46c53b0765db185320249ad873d95
(master rev: 28d82d17c8yi.zhao@windriver.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-11-24 17:38:31 -05:00
3d234d9a12
openvpn: upgrade 2.6.10 -> 2.6.12
...
ChangeLog:
https://github.com/OpenVPN/openvpn/blob/v2.6.12/Changes.rst
Security fixes:
CVE-2024-4877: Windows: harden interactive service pipe.
Security scope: a malicious process with "some" elevated privileges
(SeImpersonatePrivilege) could open the pipe a second time,
tricking openvn GUI into providing user credentials (tokens),
getting full access to the account openvpn-gui.exe runs as.
CVE-2024-5594: control channel: refuse control channel messages with
nonprintable characters in them.
Security scope: a malicious openvpn peer can send garbage to openvpn log,
or cause high CPU load.
CVE-2024-28882: only call schedule_exit() once (on a given peer).
Security scope: an authenticated client can make the server "keep the
session" even when the server has been told to disconnect this client.
Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com >
[Drop CVE-2024-28882 patch not yet in stable]
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-11-24 17:37:58 -05:00
6c870913b8
openvpn: fix CVE-2024-28882
...
CVE-2024-28882: OpenVPN in a server role accepts multiple exit
notifications from authenticated clients which will extend the
validity of a closing session
References:
https://community.openvpn.net/openvpn/wiki/CVE-2024-28882
Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-11-09 14:51:28 -05:00
98e1f972bd
squid: conditionally set status of CVE-2024-45802
...
According to [1] the ESI feature implementation in squid is vulnerable
without any fix available.
NVD says it's fixed in 6.10, however the change in this release only
disables ESI by default (which we always did via PACKAGECONFIG).
Commit in master branch related to this CVE is [2].
Title is "Remove Edge Side Include (ESI) protocol" and it's also what it
does. So there will never be a fix for these ESI vulnerabilities.
We should not break features in LTS branch and cannot fix this problem.
So ignrore this CVE based on set PACKAGECONFIG which should remove it
from reports for most users. Thos who need ESI need to assess the risk
themselves.
[1] https://github.com/squid-cache/squid/security/advisories/GHSA-f975-v7qw-q7hj
[2] https://github.com/squid-cache/squid/commit/5eb89ef3d828caa5fc43cd8064f958010dbc8158
Signed-off-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-11-09 14:44:28 -05:00
ea99328a06
tcpreplay: fix CVE-2023-43279
...
Null Pointer Dereference in mask_cidr6 component at cidr.c in Tcpreplay
4.4.4 allows attackers to crash the application via crafted tcprewrite
command.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-43279
Upstream patches:
https://github.com/appneta/tcpreplay/pull/860/commits/963842ceca79e97ac3242448a0de94fb901d3560
Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2024-11-09 14:41:32 -05:00
Rajeshkumar Ramasamy
Gyorgy Sarvari
Khem Raj
Wang Mingyu
Jeroen Knoops
kjlau0112
Peter Marko
Hitendra Prajapati
Guðni Már Gilbert
Jinfeng Wang
Vijay Anusuri
Archana Polampalli
Clayton Casciato
Divya Chellam
Yi Zhao
alperak
Sofiane HAMAM
Virendra Thakur
Peter Kjellerstedt
Yoann Congal
Shubham Pushpkar
Jiaying Song
Fabrice Aeschbacher
Zhang Peng
Haixiao Yan