summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* bind: CVE-2016-1285 CVE-2016-1286daisy-eneaSona Sarmadi2016-04-085-0/+572
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | CVE-2016-1285 bind: malformed packet sent to rndc can trigger assertion failure CVE-2016-1286 bind: malformed signature records for DNAME records can trigger assertion failure [YOCTO #9400] External References: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1285 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1286 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1285 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1286 References to the Upstream commits and Security Advisories: CVE-2016-1285: https://kb.isc.org/article/AA-01352 https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=patch; h=31e4657cf246e41d4c5c890315cb6cf89a0db25a CVE-2016-1286_1: https://kb.isc.org/article/AA-01353 https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=patch; h=76c3c9fe9f3f1353b47214b8f98b3d7f53e10bc7 CVE-2016-1286_2: https://kb.isc.org/article/AA-01353 https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=patch; h=ce3cd91caee698cb144e1350c6c78292c6be6339 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Tudor Florea <tudor.florea@enea.com> Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
* bind: CVE-2015-8461Sona Sarmadi2016-04-082-1/+47
| | | | | | | | | | | | | | | | Fixes a race condition when handling socket errors can lead to an assertion failure in resolver.c Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8461 Patch is backported from: http://git.yoctoproject.org/cgit/cgit.cgi/poky/patch /?id=12cdd6d2b3a6d351ea09799be38e6ddd4c041c17 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Tudor Florea <tudor.florea@enea.com> Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
* bind: CVE-2015-8704Sona Sarmadi2016-04-082-0/+49
| | | | | | | | | | | | | | A buffer size check used to guard against overflow could cause named to exit with an INSIST failure In apl_42.c. References: https://kb.isc.org/article/AA-01335 https://kb.isc.org/article/AA-00913 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8704 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Tudor Florea <tudor.florea@enea.com> Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
* bind: CVE-2015-8000Sona Sarmadi2016-04-082-0/+195
| | | | | | | | | | | | | | | | | | | Fixes a denial of service in BIND. An error in the parsing of incoming responses allows some records with an incorrect class to be accepted by BIND instead of being rejected as malformed. This can trigger a REQUIRE assertion failure when those records are subsequently cached. References: http://www.openwall.com/lists/oss-security/2015/12/15/14 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8000 https://bugzilla.redhat.com/attachment.cgi?id=1105581 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Huimin She <huimin.she@enea.com> Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
* bind: CVE-2015-1349 CVE-2015-4620 CVE-2015-5722Sona Sarmadi2016-04-084-0/+589
| | | | | | | | | | | | | | | | | | | | | CVE-2015-1349: https://kb.isc.org/article/AA-01235/0/CVE-2015-1349%3A- A-Problem-with-Trust-Anchor-Management-Can-Cause-named-to-Crash.html CVE-2015-4620 https://kb.isc.org/article/AA-01267/0/CVE-2015-4620%3A- Specially-Constructed-Zone-Data-Can-Cause-a-Resolver-to-Crash-when-Validating.html CVE-2015-5722 https://kb.isc.org/article/AA-01287/0/CVE-2015-5722%3A- Parsing-malformed-keys-may-cause-BIND-to-exit-due-to-a-failed-assertion-in-buffer.c.html (From OE-Core rev: d3af844b05e566c2188fc3145e66a9826fed0ec8) Reference: https://kb.isc.org/category/74/0/10/Software-Products/BIND9/Security-Advisories/ Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
* SSL/TLS: CVE-2016-0800Sona Sarmadi2016-03-072-0/+112
| | | | | | | | | | | | | Cross-protocol attack on TLS using SSLv2 (DROWN) Mitigation for CVE-2016-0800 References: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0800 https://git.openssl.org/?p=openssl.git;a=patch;h=56f1acf5ef8a432992497a04792ff4b3b2c6f286 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Tudor Florea <tudor.florea@enea.com>
* eglibc: CVE-2015-7547Sona Sarmadi2016-03-012-0/+598
| | | | | | | | | | | | | Fixes getaddrinfo stack-based buffer overflow References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7547 https://sourceware.org/bugzilla/show_bug.cgi?id=18665 https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html https://sourceware.org/ml/libc-alpha/2016-02/msg00418.html Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Tudor Florea <tudor.florea@enea.com>
* patch: fix CVE-2015-1196Robert Yang2015-09-092-0/+201
| | | | | | | | | | | | | | | | | | | | | A directory traversal flaw was reported in patch: References: http://www.openwall.com/lists/oss-security/2015/01/18/6 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775227 https://bugzilla.redhat.com/show_bug.cgi?id=1182154 [YOCTO #7182] (From OE-Core rev: 4c389880dc9c6221344f7aed221fe8356e8c2056) (From OE-Core rev: e2032c5788f7a77aa0e4e8545b550551c23a25fb) Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
* gnutls: CVE-2015-0282Sona Sarmadi2015-09-092-0/+488
| | | | | | | | | | | | Fixes RSA PKCS#1 signature verification forgery References http://www.gnutls.org/security.html#GNUTLS-SA-2015-1 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0282 https://www.debian.org/security/2015/dsa-3191 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
* cpio: fix CVE-2015-1197Sona Sarmadi2015-08-122-0/+155
| | | | | | | | | | | | | | | Fixes directory traversal vulnerability via symlinks Initial report: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774669 Upstream report: https://lists.gnu.org/archive/html/bug-cpio/2015-01/msg00000.html Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1197 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
* cpio: Fix memory overrun on reading improperly created link recordsSona Sarmadi2015-08-122-0/+221
| | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Bian Naimeng <biannm@cn.fujitsu.com> http://git.savannah.gnu.org/cgit/cpio.git/commit/?id=746f3ff670dcfcdd28fcc990e79cd6fccc7ae48d * src/copyin.c (get_link_name): New function. (list_file, copyin_link): use get_link_name * tests/symlink-bad-length.at: New file. * tests/symlink-long.at: New file. * tests/Makefile.am: Add new files. * tests/testsuite.at: Likewise. See http://lists.gnu.org/archive/html/bug-cpio/2014-11/msg00007.html Upstream-Status: Backport Signed-off-by: Sergey Poznyakoff <gray@gnu.org.ua> Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
* bind9.9.5: CVE-2015-5477Sona Sarmadi2015-08-042-0/+46
| | | | | | | | | | | Fixes a flaw in the way BIND handled requests for TKEY DNS resource records. References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5477 https://kb.isc.org/article/AA-01272 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
* qemu: remove patch already appliedTudor Florea2015-07-212-48/+2
| | | | | | This fix a build issue for qemu package Signed-off-by: Tudor Florea <tudor.florea@enea.com>
* openssl: upgrade to 1.0.1pTudor Florea2015-07-102-38/+2
| | | | | | | This upgrade fixes CVE-2015-1793 Removed openssl-fix-link.patch. The linking issue has been fixed in openssl. Signed-off-by: Tudor Florea <tudor.florea@enea.com>
* python: Backport CVE-2013-1752 fix from upstreamTudor Florea2015-07-075-0/+385
| | | | | | | | | | | | | | | | | This back ported patch fixes CVE-2013-1752 for ftplib,imaplib,nntplib and poplib References: http://bugs.python.org/issue16038 http://bugs.python.org/issue16039 http://bugs.python.org/issue16040 http://bugs.python.org/issue16041 https://access.redhat.com/security/cve/CVE-2013-1752 The ftplib,imaplib,nntplib and poplib modules doesn't limit the amount of read data in its call to readline(). The modules should be modified to use limited readline() with _MAXLINE. Signed-off-by: Tudor Florea <tudor.florea@enea.com>
* python: Backport CVE-2013-1752 fix from upstreamTudor Florea2015-07-072-0/+46
| | | | | | | | | | | | | | This back ported patch fixes CVE-2013-1752 for httplib References: http://bugs.python.org/issue16037 https://access.redhat.com/security/cve/CVE-2013-1752 The httplib module / package can read arbitrary amounts of data from its socket when it's parsing the HTTP header. This may lead to issues when a user connects to a broken HTTP server or something that isn't a HTTP at all Signed-off-by: Tudor Florea <tudor.florea@enea.com>
* binutils: Fix building nativesdk binutils with gcc 4.9Tudor Florea2015-07-073-0/+221
| | | | | | | | | | Patches explain the issue in detail but this is exposed with gcc 4.9 in binutils 2.24 This is from upstream daisy [474ea6b826b53cb1e4e01a262683091f6c9d9309 ] Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Tudor Florea <tudor.florea@enea.com>
* openssl: Upgrade to 1.0.1o to address some CVEsTudor Florea2015-07-072-10/+9
| | | | | | | | | | | | | | | | | | | | | | | Upgrade from 1.0.1m to 1.0.1n addresses following vulnerabilities: CVE-2015-4000, DHE man-in-the-middle protection (Logjam) CVE-2015-1788, Malformed ECParameters causes infinite loop CVE-2015-1789, Exploitable out-of-bounds read in X509_cmp_time CVE-2015-1790, PKCS7 crash with missing EnvelopedContent CVE-2015-1791, Race condition handling NewSessionTicket CVE-2015-1792, CMS verify infinite loop with unknown hash function Upgrade from 1.0.1n to 1.0.1o fixes ABI compatibility issues: Fix HMAC ABI incompatibility. The previous version introduced an ABI incompatibility in the handling of HMAC. The previous ABI has now been restored. References: http://openssl.org/news/secadv_20150611.txt https://github.com/openssl/openssl/blob/OpenSSL_1_0_1-stable/CHANGES Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Tudor Florea <tudor.florea@enea.com>
* qemu: CVE-2014-7840Tudor Florea2015-07-072-1/+59
| | | | | | | | | | Fixes insufficient parameter validation during ram load Reference https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7840 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Tudor Florea <tudor.florea@enea.com>
* qemu: fixed multiple CVEsTudor Florea2015-07-075-1/+237
| | | | | | | | | | | | | | | | | CVE-2015-3456, fdc: out-of-bounds fifo buffer memory access CVE-2014-5263, missing field list terminator in vmstate_xhci_event CVE-2014-3689, vmware_vga: insufficient parameter validation in rectangle functions CVE-2014-7815, vnc: insufficient bits_per_pixel from the client sanitization References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3456 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5263 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3689 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7815 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Tudor Florea <tudor.florea@enea.com>
* curl: CVE-2014-8150Tudor Florea2015-07-072-0/+37
| | | | | | | | | | | | | | CVE-2014-8150, URL request injection: When libcurl sends a request to a server via a HTTP proxy, it copies the entire URL into the request and sends if off. Reference http://curl.haxx.se/docs/adv_20150108B.html Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Tudor Florea <tudor.florea@enea.com>
* curl: CVE-2014-3707Tudor Florea2015-07-072-0/+403
| | | | | | | | | | | | | CVE-2014-3707, libcurl duphandle read out of bounds libcurl's function curl_easy_duphandle() has a bug that can lead to libcurl eventually sending off sensitive data that was not intended for sending. Reference http://curl.haxx.se/docs/adv_20141105.html Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Tudor Florea <tudor.florea@enea.com>
* curl: Security Advisory - curl - CVE-2014-3620Tudor Florea2015-07-072-0/+70
| | | | | | | | | | | | | | | | libcurl wrongly allows cookies to be set for Top Level Domains (TLDs), thus making them apply broader than cookies are allowed. This can allow arbitrary sites to set cookies that then would get sent to a different and unrelated site or domain. (From OE-Core rev: ddbaade8afbc9767583728bfdc220639203d6853) (From OE-Core rev: 13bb2ee98cfd159455e459501dda280a78cb5a3b) Signed-off-by: Chong Lu <Chong.Lu@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Tudor Florea <tudor.florea@enea.com>
* curl: Security Advisory - curl - CVE-2014-3613Tudor Florea2015-07-072-0/+270
| | | | | | | | | | | | | | | | By not detecting and rejecting domain names for partial literal IP addresses properly when parsing received HTTP cookies, libcurl can be fooled to both sending cookies to wrong sites and into allowing arbitrary sites to set cookies for others. (From OE-Core rev: 985ef933208da1dd1f17645613ce08e6ad27e2c1) (From OE-Core rev: dbbda31ca0a29c930f3078635ae7c5a41d933b58) Signed-off-by: Chong Lu <Chong.Lu@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Tudor Florea <tudor.florea@enea.com>
* qemu-slirp: CVE-2014-3640Sona Sarmadi2015-07-062-1/+47
| | | | | | | | | Fixes a NULL pointer deref in sosendto() References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3640 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
* python: CVE-2014-7185Sona Sarmadi2015-07-062-0/+76
| | | | | | | | | | | | | Fixes buffer() integer overflow leading to out of bounds read This bug is only an issue if offset and size arguments are untrusted. The buffer() was removed from Python 3 and hence Python 3 was not affected by this issue. Reference http://openwall.com/lists/oss-security/2014/09/25/47 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
* gnutls: patch for CVE-2014-3466 backportedValentin Popa2015-07-062-0/+31
| | | | | | | | | | | Backported patch for CVE-2014-3466. This patch is for daisy. (From OE-Core rev: ca2773b19db4881abe5244c373d94ff05cd2684f) Signed-off-by: Valentin Popa <valentin.popa@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
* qemu: upgrade to 1.7.2Sona Sarmadi2015-07-061-2/+2
| | | | | | | | | | | | | | The upgrade addresses following CVEs: CVE-2014-0222 CVE-2014-0223 CVE-2014-0142 CVE-2014-0143 CVE-2014-0144 CVE-2014-0145 CVE-2014-0146 CVE-2014-0147 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
* openssl: Upgrade to 1.0.1mBrendan Le Foll2015-07-067-157/+121
| | | | | | | | | | | | | | | | | Security update, some patches modified to apply correctly mostly due to upstream changing indentation/styling * configure-targets.patch updated * fix-cipher-des-ede3-cfb1.patch updated * openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch updated * openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch removed as no merged with 3942e7d9ebc262fa5c5c42aba0167e06d981f004 in upstream (From OE-Core rev: 248dec5e550cfcaaaa479a5bff9b79ba5cd0765d) Signed-off-by: Brendan Le Foll <brendan.le.foll@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
* openssl: Upgrade to 1.0.1jSona Sarmadi2015-07-063-23/+35
| | | | Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
* e2fsprogs: CVE-2015-0247Sona Sarmadi2015-07-062-0/+59
| | | | | | | | | | Fixes input sanitization errors. References http://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=f66e6ce4 http://www.ocert.org/advisories/ocert-2015-002.html Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
* openssl: multiple CVEs fixesSona Sarmadi2015-07-069-0/+3817
| | | | | | | | | | | | | | | | | | This patch addresses following CVEs: CVE-2014-3569 CVE-2015-0204 CVE-2015-0205 CVE-2014-8275 CVE-2014-3571 CVE-2014-3570 Additional two patches (0004 & 0005) which were needed for CVE-2014-8275 have been backported from 1.0.1 stable (OpenSSL_1_0_1-stable) branch. Reference https://www.openssl.org/news/secadv_20150108.txt Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
* python: Disables SSLv3Sona Sarmadi2015-07-062-0/+38
| | | | | | | | | | | | | | | | | | | | This is related to "SSLv3 POODLE vulnerability" CVE-2014-3566 Building python without SSLv3 support when openssl is built without any support for SSLv3 (e.g. by adding EXTRA_OECONF = " -no-ssl3" in the openssl recipes). Backport from: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768611#22 [python2.7-nossl3.patch] only Modules/_ssl.c is backported. References: https://bugzilla.yoctoproject.org/show_bug.cgi?id=7015 https://bugzilla.yoctoproject.org/show_bug.cgi?id=6843 http://bugs.python.org/issue22638 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
* python: CVE-2014-4616Sona Sarmadi2015-07-062-0/+28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix for _json module arbitrary process memory read vulnerability http://bugs.python.org/issue21529 Python 2 and 3 are susceptible to arbitrary process memory reading by a user or adversary due to a bug in the _json module caused by insufficient bounds checking. The sole prerequisites of this attack are that the attacker is able to control or influence the two parameters of the default scanstring function: the string to be decoded and the index. The bug is caused by allowing the user to supply a negative index value. The index value is then used directly as an index to an array in the C code; internally the address of the array and its index are added to each other in order to yield the address of the value that is desired. However, by supplying a negative index value and adding this to the address of the array, the processor's register value wraps around and the calculated value will point to a position in memory which isn't within the bounds of the supplied string, causing the function to access other parts of the process memory. Signed-off-by: Benjamin Peterson <benjamin@python.org> Applied to python-native recipe in order to fix the above mentioned vulnerability. Upstream-Status: Backport Signed-off-by: Daniel BORNAZ <daniel.bornaz@enea.com> Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
* elfutils: CVE-2014-9447Sona Sarmadi2015-07-062-0/+51
| | | | | | | | | | | | directory traversal in read_long_names() Reference https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9447 Upstream commit with the analysis: https://git.fedorahosted.org/cgit/elfutils.git/commit/?id=147018e729e7c22eeabf15b82d26e4bf68a0d18e Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
* elfutils: CVE-2014-9447Sona Sarmadi2015-07-062-1/+53
| | | | | | | | | | | | directory traversal in read_long_names() Reference https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9447 Upstream commit with the analysis: https://git.fedorahosted.org/cgit/elfutils.git/commit/?id=147018e729e7c22eeabf15b82d26e4bf68a0d18e Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
* coreutils: parse-datetime: CVE-2014-9471Sona Sarmadi2015-07-062-0/+41
| | | | | | | | | Memory corruption flaw in parse_datetime() Reference https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9471 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
* libpng16: CVE-2015-0973Sona Sarmadi2015-07-062-0/+48
| | | | | | | | | | | | | | | Fixes CVE-2015-0973 (duplicate of CVE-2014-9495), a heap-based overflow vulnerability in the png_combine_row() function of the libpng library, when very large interlaced images were used. Upstream patch: http://sourceforge.net/p/libpng/code/ci/dc294204b641373bc6eb603075a8b98f51a75dd8/ External Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0973 http://seclists.org/oss-sec/2014/q4/1133 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
* eglibc: CVE-2014-9402 denial of service in getnetbynameSona Sarmadi2015-07-062-0/+29
| | | | | | | | | | | | | | | | | | | | getnetbyname function in eglibc 2.21 and earlier will enter an infinite loop if the DNS backend is activated in the system Name Service Switch configuration, and the DNS resolver receives a positive answer while processing the networkname. Reference https://sourceware.org/bugzilla/show_bug.cgi?id=17630 Changes in the NEWS and ChangeLog files from the original upstream commit have been ignored Upstream commit that fixes this issue: https://sourceware.org/git/gitweb.cgi?p=glibc.git; h=11e3417af6e354f1942c68a271ae51e892b2814d Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
* eglibc: CVE-2012-3406 Stack overflow in vfprintfSona Sarmadi2015-07-062-0/+274
| | | | | | | | | | | | | | printf() unbound alloca() usage in case of positional parameters + many format specs Changes in the NEWS and ChangeLog files from the original upstream commit have been ignored References http://www.openwall.com/lists/oss-security/2012/07/11/5 https://sourceware.org/bugzilla/show_bug.cgi?id=16617 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
* eglibc: CVE-2014-7817 wordexp fails to honour WRDE_NOCMDSona Sarmadi2015-07-062-0/+165
| | | | | | | | | | | | Command execution in wordexp() with WRDE_NOCMD specified Changes in the NEWS and ChangeLog files from the original upstream commit have been ignored Reference https://sourceware.org/ml/libc-alpha/2014-11/msg00519.html Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
* eglibc: CVE-2014-5119 fixArmin Kuster2015-07-062-0/+241
| | | | | | | | | | | | | | | __gconv_translit_find: Disable function [BZ #17187] This functionality has never worked correctly, and the implementation contained a security vulnerability (CVE-2014-5119). (From OE-Core rev: 3f0a4551969798803e019435f1f4b5e8f88bea1a) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Tudor Florea <tudor.florea@enea.com>
* Qemu: CVE-2014-2894Sona Sarmadi2015-07-062-1/+48
| | | | | | | | | | Fixes an out of bounds memory access flaw in Qemu's IDE device model Reference http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2894 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
* binutils: several security fixesSona Sarmadi2015-07-069-0/+1148
| | | | | | | | | | | | CVE-2014-8484 CVE-2014-8485 CVE-2014-8501 CVE-2014-8502 CVE-2014-8503 CVE-2014-8504 CVE-2014-8737 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
* bind: fix for CVE-2014-8500Sona Sarmadi2015-07-062-0/+991
| | | | | | | | | | | | | | | | A denial of service flaw was found in the way BIND followed DNS delegations. A remote attacker could use a specially crafted zone containing a large number of referrals which, when looked up and processed, would cause named to use excessive amounts of memory or crash. External References: =================== https://kb.isc.org/article/AA-01216/74/CVE-2014-8500%3A-A-Defect-in-\ Delegation-Handling-Can-Be-Exploited-to-Crash-BIND.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8500 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
* Fix CVE-2014-3568Catalin Popeanga2015-07-062-0/+99
| | | | | | | | Fix no-ssl3 configuration option This patch is a backport from OpenSSL_1.0.1j. Signed-off-by: Catalin Popeanga <Catalin.Popeanga@enea.com>
* Fix CVE-2014-3567Catalin Popeanga2015-07-062-0/+32
| | | | | | | | Fix for session tickets memory leak. This patch is a backport from OpenSSL_1.0.1j. Signed-off-by: Catalin Popeanga <Catalin.Popeanga@enea.com>
* Fix CVE-2014-3513Catalin Popeanga2015-07-062-0/+211
| | | | | | | | Fix for SRTP Memory Leak This patch is a backport from OpenSSL_1.0.1j. Signed-off-by: Catalin Popeanga <Catalin.Popeanga@enea.com>
* Fix-CVE-2014-3566Catalin Popeanga2015-07-062-0/+500
| | | | | | | | OpenSSL_1.0.1 SSLV3 POODLE VULNERABILITY (CVE2014-3566) This patch is a backport from OpenSSL_1.0.1j. Signed-off-by: Catalin Popeanga <Catalin.Popeanga@enea.com>
* bash-Upgrade-shell-to-fix-the-ShellShockCatalin Popeanga2015-07-062-0/+109
| | | | Signed-off-by: Catalin Popeanga <Catalin.Popeanga@enea.com>