mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-01-12 03:24:08 +00:00
Code Issues Projects Releases Wiki Activity
24,458 Commits 63 Branches 0 Tags
3f9340a9241d497753b330d90d6a3d8332c1ba7f
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Stefan Ghinea 3f9340a924 mbedtls: upgrade to 2.28.2 to fix CVE-2022-46392, CVE-2022-46393 
An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0.
An adversary with access to precise enough information about memory
accesses (typically, an untrusted operating system attacking a secure
enclave) can recover an RSA private key after observing the victim
performing a single private-key operation, if the window size
(MBEDTLS_MPI_WINDOW_SIZE) used for the exponentiation is 3 or smaller.

An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0.
There is a potential heap-based buffer overflow and heap-based buffer
over-read in DTLS if MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and
MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX.

References:
https://nvd.nist.gov/vuln/detail/CVE-2022-46392
https://nvd.nist.gov/vuln/detail/CVE-2022-46393

Upstream patches:
https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.2

Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 2ab113e8be)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2023-03-21 14:37:51 -04:00
contrib
pw-am.sh: update to new patcwork system
2022-02-28 08:39:26 -08:00
meta-filesystems
aufs-util: Fix build with large file support enabled systems
2022-12-20 10:34:28 -05:00
meta-gnome
gnome-text-editor: Add missing libpcre build time depenedency
2022-11-25 10:48:25 -05:00
meta-initramfs
meta-openemnedded: Add myself as langdale maintainer
2022-10-22 15:59:34 -07:00
meta-multimedia
mpd: Upgrade to 0.23.12 release
2023-03-04 07:24:09 -05:00
meta-networking
mbedtls: upgrade to 2.28.2 to fix CVE-2022-46392, CVE-2022-46393
2023-03-21 14:37:51 -04:00
meta-oe
nodejs: Upgrade 16.19.0 -> 16.19.1
2023-03-12 11:51:57 -04:00
meta-perl
meta-openemnedded: Add myself as langdale maintainer
2022-10-22 15:59:34 -07:00
meta-python
python3-pillow: add tk to RDEPENDS ptest pkg only if x11 in DISTRO_FEATURES
2023-02-22 16:11:27 -05:00
meta-webserver
apache2: upgrade 2.4.55 -> 2.4.56
2023-03-16 08:04:05 -04:00
meta-xfce
xfce4-verve-plugin: fix do_configure faiure about missing libpcre
2022-11-25 10:48:09 -05:00
.gitignore
.gitignore: add *.pyc and *.pyo
2019-06-15 16:45:33 -07:00
COPYING.MIT
add README and license for this layer
2011-02-13 16:47:32 +01:00
README
meta-openemnedded: Add myself as langdale maintainer
2022-10-22 15:59:34 -07:00

README 

Collection of layers for the OE-core universe

Main layer maintainer: Armin Kuster <akuster808@gmail.com>

This repository is a collection of layers to suppliment OE-Core
with additional packages, Each layer have designated maintainer
Please see the respective READMEs in the layer subdirectories
Reference in New Issue View Git Blame Copy Permalink
Description
No description provided
Readme 115 MiB
Languages
BitBake 84.3%
Shell 6.4%
C 3.1%
Roff 2.3%
NASL 2%
Other 1.8%