And the rest of the CVEs: On 21 Jan 2024, at 11:18, Steve Sakoman via lists.yoctoproject.org <steve=sakoman....@lists.yoctoproject.org> wrote: > CVE-2023-25584 (CVSS3: 7.1 HIGH): > binutils:binutils-cross-testsuite:binutils-cross-x86_64:binutils-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25584 *
Part of 2.40, CPE fix sent to NIST. > CVE-2023-42363 (CVSS3: 5.5 MEDIUM): busybox > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42363 * > CVE-2023-42364 (CVSS3: 5.5 MEDIUM): busybox > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42364 * > CVE-2023-42365 (CVSS3: 5.5 MEDIUM): busybox > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42365 * > CVE-2023-42366 (CVSS3: 5.5 MEDIUM): busybox > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42366 * Four memory usage bugs in awk, all unfixed upstream currently. > CVE-2023-48795 (CVSS3: 5.9 MEDIUM): libssh2:libssh2-native:openssh > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-48795 * Fixed upstream in https://github.com/libssh2/libssh2/commit/d34d9258b8420b19ec3f97b4cc5bf7aa7d98e35a, needs a backport. > CVE-2023-51384 (CVSS3: 5.5 MEDIUM): openssh > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-51384 * > CVE-2023-51385 (CVSS3: 6.5 MEDIUM): openssh > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-51385 * These are part of openssh 9.6, which Tim sent a patch for already. > CVE-2023-51767 (CVSS3: 7.0 HIGH): openssh > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-51767 * This is a RowHammer attack against OpenSSH, but https://bugzilla.mindrot.org/show_bug.cgi?id=3656 discusses it further and it’s incredibly difficult to exploit in the real world with an unmodified openssh. Ross
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#194187): https://lists.openembedded.org/g/openembedded-core/message/194187 Mute This Topic: https://lists.openembedded.org/mt/103890439/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-