Hi Armin, Master is not patched, CVE fix is patched in tcpreplay master and 4.4.4 version which is yet to release.
Regards, Archana ________________________________ From: akuster808 <akuster...@gmail.com> Sent: Tuesday, June 6, 2023 5:45 PM To: Polampalli, Archana <archana.polampa...@windriver.com>; openembedded-devel@lists.openembedded.org <openembedded-devel@lists.openembedded.org> Cc: G Pillai, Hari <hari.gpil...@windriver.com> Subject: Re: [oe][meta-networking][kirkstone][PATCH 1/1] tcpreplay: fix CVE-2023-27783 CAUTION: This email comes from a non Wind River email account! Do not click links or open attachments unless you recognize the sender and know the content is safe. On 6/5/23 4:54 AM, Polampalli, Archana via lists.openembedded.org wrote: > An issue found in TCPreplay tcprewrite v.4.4.3 allows a remote attacker to > cause a denial > of service via the tcpedit_dlt_cleanup function at plugins/dlt_plugins.c. Thanks for the fix. Master will need these fixes. If master is patched, then we can update tcpreplay to 4.4.3 all the way to kirkstone since this is a bug fix only update and then all the versions will be the same. - Armin > > Signed-off-by: Archana Polampalli <archana.polampa...@windriver.com> > --- > .../tcpreplay/tcpreplay/CVE-2023-27783.patch | 29 +++++++++++++++++++ > .../tcpreplay/tcpreplay_4.4.2.bb | 4 ++- > 2 files changed, 32 insertions(+), 1 deletion(-) > create mode 100644 > meta-networking/recipes-support/tcpreplay/tcpreplay/CVE-2023-27783.patch > > diff --git > a/meta-networking/recipes-support/tcpreplay/tcpreplay/CVE-2023-27783.patch > b/meta-networking/recipes-support/tcpreplay/tcpreplay/CVE-2023-27783.patch > new file mode 100644 > index 000000000..59adff615 > --- /dev/null > +++ b/meta-networking/recipes-support/tcpreplay/tcpreplay/CVE-2023-27783.patch > @@ -0,0 +1,29 @@ > +From e831aad6d48874abab6efa37d4460da2be3ac765 Mon Sep 17 00:00:00 2001 > +From: Marsman1996 <lqliuyu...@outlook.com> > +Date: Wed Mar 1 14:48:48 2023 +0800 > +Subject: [PATCH] dlt_jnpr_ether_cleanup: check subctx before cleanup > + > +CVE: CVE-2023-27783 > +Upstream-Status: Backport > [https://github.com/appneta/tcpreplay/commit/7aca59e4fc96fc1d0e43a3d64b2f9fc9a46b6ca8] > + > +Signed-off-by: Archana Polampalli <archana.polampa...@windriver.com> > +--- > + src/tcpedit/plugins/dlt_jnpr_ether/jnpr_ether.c | 3 ++- > + 1 file changed, 2 insertions(+), 1 deletion(-) > + > +diff --git a/src/tcpedit/plugins/dlt_jnpr_ether/jnpr_ether.c > b/src/tcpedit/plugins/dlt_jnpr_ether/jnpr_ether.c > +index e282ef4..98b67e9 100644 > +--- a/src/tcpedit/plugins/dlt_jnpr_ether/jnpr_ether.c > ++++ b/src/tcpedit/plugins/dlt_jnpr_ether/jnpr_ether.c > +@@ -168,7 +168,8 @@ dlt_jnpr_ether_cleanup(tcpeditdlt_t *ctx) > + jnpr_ether_config_t *config; > + > + config = (jnpr_ether_config_t *)ctx->encoder->config; > +- tcpedit_dlt_cleanup(config->subctx); > ++ if (config->subctx != NULL) > ++ tcpedit_dlt_cleanup(config->subctx); > + safe_free(plugin->config); > + plugin->config = NULL; > + plugin->config_size = 0; > +-- > +2.40.0 > diff --git a/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.2.bb > b/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.2.bb > index 165a0e735..ccff19f16 100644 > --- a/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.2.bb > +++ b/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.2.bb > @@ -7,7 +7,9 @@ SECTION = "net" > LICENSE = "GPL-3.0-only" > LIC_FILES_CHKSUM = > "file://docs/LICENSE;md5=10f0474a2f0e5dccfca20f69d6598ad8" > > -SRC_URI = > "https://github.com/appneta/tcpreplay/releases/download/v${PV}/tcpreplay-${PV}.tar.gz"; > +SRC_URI = > "https://github.com/appneta/tcpreplay/releases/download/v${PV}/tcpreplay-${PV}.tar.gz > \ > + file://CVE-2023-27783.patch \ > + " > > SRC_URI[sha256sum] = > "5b272cd83b67d6288a234ea15f89ecd93b4fadda65eddc44e7b5fcb2f395b615" > > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#103204): https://lists.openembedded.org/g/openembedded-devel/message/103204 Mute This Topic: https://lists.openembedded.org/mt/99336397/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
