Thanks for confirming.
Regards,
Soumya
From: Vijay Anusuri
Sent: Tuesday, May 28, 2024 2:54 PM
To: Sambu, Soumya
Cc: Marko, Peter ;
openembedded-core@lists.openembedded.org
Subject: Re: [OE-core][kirkstone][PATCH 1/1] util-linux: Fix CVE-2024-28085
CAUTION:
From: Soumya Sambu
Addresses the security issues - CVE-2024-32002, CVE-2024-32004,
CVE-2024-32020,CVE-2024-32021 and CVE-2024-32465
Changelog:
==
https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.44.1.txt
Signed-off-by: Soumya Sambu
---
From: Soumya Sambu
CVE-2023-50230:
BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code
Execution Vulnerability. This vulnerability allows network-adjacent
attackers to execute arbitrary code on affected installations of BlueZ.
User interaction is required to exploit this
From: Soumya Sambu
ncurses 6.4-20230610 has a NULL pointer dereference in tgetstr in
tinfo/lib_termcap.c.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-45918
Signed-off-by: Soumya Sambu
---
.../ncurses/files/CVE-2023-45918.patch| 180 ++
From: Soumya Sambu
ncurses 6.4-20230610 has a NULL pointer dereference in tgetstr in
tinfo/lib_termcap.c.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-45918
Signed-off-by: Soumya Sambu
---
.../ncurses/files/CVE-2023-45918.patch| 180 ++
Hi Peter,
Thank you for providing the details.
Based on the information regarding the vulnerability report and the commit
history provided, it appears that our code is indeed vulnerable as the commit
introducing the vulnerability still exists in our codebase.
Our util-linux version in the
From: Soumya Sambu
wall in util-linux through 2.40, often installed with setgid
tty permissions, allows escape sequences to be sent to other
users' terminals through argv. (Specifically, escape sequences
received from stdin are blocked, but escape sequences received
from argv are not blocked.)
From: Soumya Sambu
An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of
header data by sending an excessive number of CONTINUATION frames.
Maintaining HPACK state requires parsing and processing all HEADERS
and CONTINUATION frames on a connection. When a request's headers
exceed
From: Soumya Sambu
nghttp2 is an implementation of the Hypertext Transfer Protocol
version 2 in C. The nghttp2 library prior to version 1.61.0 keeps
reading the unbounded number of HTTP/2 CONTINUATION frames even
after a stream is reset to keep HPACK context in sync. This
causes excessive CPU
From: Soumya Sambu
Signed-off-by: Soumya Sambu
---
meta/recipes-core/ovmf/ovmf_git.bb | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/meta/recipes-core/ovmf/ovmf_git.bb
b/meta/recipes-core/ovmf/ovmf_git.bb
index 3dc031d3b6..9463ec148b 100644
---
From: Soumya Sambu
Upgrade to latest 1.22.x release [1]:
$git log --oneline go1.22.0..go1.22.1
db6097f8cb (tag: go1.22.1, origin/release-branch.go1.22)
[release-branch.go1.22] go1.22.1
041a47712e [release-branch.go1.22] net/textproto, mime/multipart: avoid
unbounded read in MIME header
From: Soumya Sambu
Changelog:
==
42.0.4 - 2024-02-20
* Fixed a null-pointer-dereference and segfault that could occur
when creating a PKCS#12 bundle. Credit to Alexander-Programming for
reporting the issue. CVE-2024-26130
* Fixed ASN.1 encoding for PKCS7/SMIME signed messages. The fields
From: Soumya Sambu
Includes security fixes for - CVE-2023-4408, CVE-2023-5517,
CVE-2023-5679, CVE-2023-50868 and CVE-2023-50387
Changelog:
=
https://gitlab.isc.org/isc-projects/bind9/-/blob/v9.18.24/CHANGES
Signed-off-by: Soumya Sambu
---
.../bind/{bind_9.18.19.bb => bind_9.18.24.bb}
From: Soumya Sambu
Changelog:
=
9.18.24:
- Fix case insensitive setting for isc_ht hashtable.
[GL #4568]
9.18.23:
- Specific DNS answers could cause a denial-of-service
condition due to DNS validation taking a long time.
(CVE-2023-50387) [GL
From: Soumya Sambu
This includes fix for CVE-2023-7207.
Drop all submitted patches.
Apply a patch from git to fix the build with clang.
[ YOCTO #11674 ]
$git log --oneline release_2_13..v2.14
4a41909 (HEAD, tag: v2.14) Version 2.14
6f9e5d3 Update NEWS
807b3ea Use GNU ls algorithm for
From: Soumya Sambu
Serial tty is hung after reset command -
$echo "test " >> /dev/ttyS0
test
$stty -a < /dev/ttyS0
speed 115200 baud; rows 34; columns 153; line = 0;
intr = ^C; quit = ^\; erase = ^?; kill = ^U; eof = ^D; eol = ; eol2 =
; swtch = ;
start = ^Q; stop = ^S; susp = ^Z; rprnt = ^R;
From: Soumya Sambu
A malicious HTTP sender can use chunk extensions to cause a receiver
reading from a request or response body to read many more bytes from
the network than are in the body. A malicious HTTP client can further
exploit this to cause a server to automatically read a large amount
From: Soumya Sambu
This includes security fix for CVE-2023-47038
Changes:
https://metacpan.org/release/PEVANS/perl-5.34.3/changes
Signed-off-by: Soumya Sambu
---
.../0001-Makefile-check-the-file-if-patched-or-not.patch | 4 ++--
.../perl-cross/{perlcross_1.3.7.bb => perlcross_1.5.2.bb}
, can you rebase (and check if this is
still needed)?
On 08/12/2023 10:42:15+, Soumya via lists.openembedded.org wrote:
> From: Soumya Sambu
>
> These CVEs affect path handling on Windows.
>
> References:
> https://nvd.nist.gov/vuln/detail/CVE-2023-45283
> https://nvd.nis
From: Soumya Sambu
These CVEs affect path handling on Windows.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-45283
https://nvd.nist.gov/vuln/detail/CVE-2023-45284
Signed-off-by: Soumya Sambu
---
meta/recipes-devtools/go/go-1.20.10.inc | 3 +++
1 file changed, 3 insertions(+)
diff
From: Soumya Sambu
These CVEs affect path handling on Windows.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-45283
https://nvd.nist.gov/vuln/detail/CVE-2023-45284
https://security-tracker.debian.org/tracker/CVE-2023-45283
https://security-tracker.debian.org/tracker/CVE-2023-45284
From: Soumya Sambu
License-update: file removed upstream
Drop patch as issue fixed upstream.
Changelog:
===
1.9.15p2
* Fixed a bug on BSD systems where sudo would not restore the
terminal settings on exit if the terminal had parity enabled.
GitHub issue #326.
1.9.15p1
* Fixed
From: Soumya Sambu
Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187
allowed a remote attacker to perform an out of bounds memory write via
a crafted HTML page.
Removed CVE-2023-5129.patch as CVE-2023-5129 is duplicate of CVE-2023-4863.
CVE: CVE-2023-4863
References:
From: Soumya Sambu
Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187
allowed a remote attacker to perform an out of bounds memory write via
a crafted HTML page.
Removed CVE-2023-5129.patch as CVE-2023-5129 is duplicate of CVE-2023-4863.
CVE: CVE-2023-4863
References:
From: Soumya Sambu
Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187
allowed a remote attacker to perform an out of bounds memory write via
a crafted HTML page.
Removed CVE-2023-5129.patch as CVE-2023-5129 is duplicate of CVE-2023-4863.
CVE: CVE-2023-4863
References:
Sure Martin.
Regards,
Soumya
From: Martin Jansa
Sent: Thursday, November 2, 2023 12:35 PM
To: Sambu, Soumya
Cc: st...@sakoman.com ;
openembedded-core@lists.openembedded.org
Subject: Re: [OE-core][kirkstone 3/3] libwebp: Fix CVE-2023-4863
CAUTION: This email
Hi Martin, Steve,
Debian has mentioned
https://chromium.googlesource.com/webm/libwebp.git/+/95ea5226c870449522240ccff26f0b006037c520%5E%21/#F0
as followup commit for CVE-2023-4863 [Reference:
https://security-tracker.debian.org/tracker/CVE-2023-4863].
This commit was suggested in Bugzilla
From: Soumya Sambu
Heap buffer overflow in WebP in Google Chrome prior to
116.0.5845.187 allowed a remote attacker to perform an
out of bounds memory write via a crafted HTML page.
CVE: CVE-2023-4863
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-4863
Thank you for your submission. Patchtest identified one
or more issues with the patch. Please see the log below for
more information:
---
Testing patch
/home/patchtest/share/mboxes/kirkstone-v2-1-1-libwebp-Fix-CVE-2023-4863.patch
FAIL: test CVE presence in commit message: A CVE tag should be
From: Soumya Sambu
Heap buffer overflow in WebP in Google Chrome prior to
116.0.5845.187 allowed a remote attacker to perform an
out of bounds memory write via a crafted HTML page.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-4863
Thank you for your submission. Patchtest identified one
or more issues with the patch. Please see the log below for
more information:
---
Testing patch
/home/patchtest/share/mboxes/kirkstone-v2-1-1-libwebp-Fix-CVE-2023-4863.patch
FAIL: test CVE presence in commit message: A CVE tag should be
From: Soumya Sambu
Heap buffer overflow in WebP in Google Chrome prior to
116.0.5845.187 allowed a remote attacker to perform an
out of bounds memory write via a crafted HTML page.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-4863
CAUTION: This email comes from a non Wind River email account!
Do not click links or open attachments unless you recognize the sender and know
the content is safe.
On Tue, 2023-10-31 at 04:37 +, Soumya via lists.openembedded.org
wrote:
> From: Soumya Sambu
>
> Heap buffer overflo
Thank you for your submission. Patchtest identified one
or more issues with the patch. Please see the log below for
more information:
---
Testing patch
/home/patchtest/share/mboxes/kirkstone-1-1-libwebp-Fix-CVE-2023-4863.patch
FAIL: test CVE presence in commit message: A CVE tag should be
From: Soumya Sambu
Heap buffer overflow in WebP in Google Chrome prior to
116.0.5845.187 allowed a remote attacker to perform an
out of bounds memory write via a crafted HTML page.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-4863
From: Soumya Sambu
A flaw was found in the QEMU virtual crypto device while handling
data encryption/decryption requests in virtio_crypto_handle_sym_req.
There is no check for the value of `src_len` and `dst_len` in
virtio_crypto_sym_op_helper, potentially leading to a heap buffer
overflow when
From: Soumya Sambu
Adresses CVE-2023-4813, CVE-2023-4806, CVE-2023-5156. Added these to
CVE_CHECK_IGNORE
to avoid in cve-check reports since the recipe version did not change.
These are the complete list of changes this brings
* 73d4ce728a Document CVE-2023-4806 and CVE-2023-5156 in NEWS
*
CAUTION: This email comes from a non Wind River email account!
Do not click links or open attachments unless you recognize the sender and know
the content is safe.
-Original Message-
From: openembedded-core@lists.openembedded.org
On Behalf Of Soumya via
lists.openembedded.org
Sent
From: Soumya Sambu
Adresses CVE-2023-4813, CVE-2023-4806
These are the complete list of changes this brings
* 73d4ce728a Document CVE-2023-4806 and CVE-2023-5156 in NEWS
* 17092c0311 Fix leak in getaddrinfo introduced by the fix for CVE-2023-4806
[BZ #30843]*
* 762a747fae io: Fix record
From: Soumya Sambu
shadow-utils: possible password leak during passwd(1) change
Signed-off-by: Soumya Sambu
---
.../shadow/files/CVE-2023-4641-0001.patch | 36 +
.../shadow/files/CVE-2023-4641-0002.patch | 147 ++
meta/recipes-extended/shadow/shadow.inc |
From: Soumya Sambu
The html/template package does not apply the proper rules for handling
occurrences of " contexts. This may cause the template parser to improperly
consider script contexts to be terminated early, causing actions to be
improperly escaped. This could be leveraged to perform an
From: Soumya Sambu
Xmlsoft Libxml2 v2.11.0 was discovered to contain a global buffer overflow via
the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability
allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML
file.
References:
From: Soumya Sambu
Backport patch to fix CVE-2023-29491.
Signed-off-by: Soumya Sambu
---
.../ncurses/files/CVE-2023-29491.patch| 464 ++
.../ncurses/ncurses_6.3+20220423.bb | 1 +
2 files changed, 465 insertions(+)
create mode 100644
From: Soumya Sambu
Extremely large RSA keys in certificate chains can cause a
client/server to expend significant CPU time verifying
signatures. With fix, the size of RSA keys transmitted
during handshakes is restricted to <= 8192 bits. Based on
a survey of publicly trusted RSA keys, there are
From: Soumya Sambu
fuzz_variant_binary_byteswap: Heap-buffer-overflow in
g_variant_serialised_get_child
fuzz_variant_text: Timeout in fuzz_variant_text
Signed-off-by: Soumya Sambu
---
.../glib-2.0/glib-2.0/CVE-2023-32636.patch| 50 ++
.../glib-2.0/glib-2.0/CVE-2023-32643.patch|
From: Soumya Sambu
GVariant offset table entry size is not checked in is_normal()
g_variant_byteswap() can take a long time with some non-normal inputs
Signed-off-by: Soumya Sambu
---
.../glib-2.0/glib-2.0/CVE-2023-29499.patch| 291 ++
From: Soumya Sambu
GVariant deserialisation does not match spec for non-normal data
Signed-off-by: Soumya Sambu
---
.../glib-2.0/CVE-2023-32665-0001.patch| 104 +
.../glib-2.0/CVE-2023-32665-0002.patch| 211 +
.../glib-2.0/CVE-2023-32665-0003.patch| 418
asked you what wharset to use,
so the patch doesn't apply. Can you resend?
On 14/07/2023 03:25:10+, Soumya via lists.openembedded.org wrote:
> HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available
> standalone on CPAN, has an insecure default TLS configuration where
&
HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available
standalone on CPAN, has an insecure default TLS configuration where
users must opt in to verify certificates.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-31486
Upstream patches:
There exists a use after free/double free in libwebp. An attacker can
use the ApplyFiltersAndEncode() function and loop through to free
best.bw and assign best = trial pointer. The second loop will then
return 0 because of an Out of memory error in VP8 encoder, the pointer
is still assigned to
HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available
standalone on CPAN, has an insecure default TLS configuration where
users must opt in to verify certificates.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-31486
Upstream patches:
HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available
standalone on CPAN, has an insecure default TLS configuration where
users must opt in to verify certificates.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-31486
Upstream patches:
CPAN.pm before 2.35 does not verify TLS certificates when downloading
distributions over HTTPS.
HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and
available standalone on CPAN, has an insecure default TLS
configuration where users must opt in to verify certificates.
References:
CPAN.pm before 2.35 does not verify TLS certificates when downloading
distributions over HTTPS.
Signed-off-by: Soumya
---
.../perl/files/CVE-2023-31484.patch | 29 +++
meta/recipes-devtools/perl/perl_5.36.1.bb | 1 +
2 files changed, 30 insertions(+)
create mode
-core@lists.openembedded.org>
Subject: Re: [OE-core] [PATCH] perl: fix CVE-2023-31484
CAUTION: This email comes from a non Wind River email account!
Do not click links or open attachments unless you recognize the sender and know
the content is safe.
On Mon, 2023-06-05 at 17:46 +,
: This email comes from a non Wind River email account!
Do not click links or open attachments unless you recognize the sender and know
the content is safe.
On Mon, 2023-06-05 at 17:46 +, Soumya via lists.openembedded.org
wrote:
> CPAN.pm before 2.35 does not verify TLS certificates w
CPAN.pm before 2.35 does not verify TLS certificates when downloading
distributions over HTTPS.
Signed-off-by: Soumya
---
.../perl/files/CVE-2023-31484.patch | 29 +++
meta/recipes-devtools/perl/perl_5.34.1.bb | 1 +
2 files changed, 30 insertions(+)
create mode
CPAN.pm before 2.35 does not verify TLS certificates when downloading
distributions over HTTPS.
Signed-off-by: Soumya
---
.../perl/files/CVE-2023-31484.patch | 29 +++
meta/recipes-devtools/perl/perl_5.34.1.bb | 1 +
2 files changed, 30 insertions(+)
create mode
HTTP::Tiny 0.082, a Perl core module since 5.13.9 and available standalone on
CPAN,
has an insecure default TLS configuration where users must opt in to verify
certificates.
Signed-off-by: Soumya
---
.../perl/files/CVE-2023-31486.patch | 89 +++
59 matches
Mail list logo