| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upgrade 1.0.1p --> 1.0.1t addresses following vulnerabilities:
CVE-2016-2107
CVE-2016-2108
CVE-2016-2105
CVE-2016-2106
CVE-2016-2109
CVE-2016-2176
Reference:
URL for the OpenSSL Security Advisory:
https://www.openssl.org/news/secadv/20160503.txt
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2016-1285 bind: malformed packet sent to rndc can trigger assertion failure
CVE-2016-1286 bind: malformed signature records for DNAME records can
trigger assertion failure
[YOCTO #9400]
External References:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1285
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1286
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1285
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1286
References to the Upstream commits and Security Advisories:
CVE-2016-1285: https://kb.isc.org/article/AA-01352
https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=patch;
h=31e4657cf246e41d4c5c890315cb6cf89a0db25a
CVE-2016-1286_1: https://kb.isc.org/article/AA-01353
https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=patch;
h=76c3c9fe9f3f1353b47214b8f98b3d7f53e10bc7
CVE-2016-1286_2: https://kb.isc.org/article/AA-01353
https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=patch;
h=ce3cd91caee698cb144e1350c6c78292c6be6339
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes a race condition when handling socket errors
can lead to an assertion failure in resolver.c
Reference:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8461
Patch is backported from:
http://git.yoctoproject.org/cgit/cgit.cgi/poky/patch
/?id=12cdd6d2b3a6d351ea09799be38e6ddd4c041c17
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cross-protocol attack on TLS using SSLv2 (DROWN)
Mitigation for CVE-2016-0800
References:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0800
https://git.openssl.org/?p=openssl.git;a=patch;h=56f1acf5ef8a432992497a04792ff4b3b2c6f286
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes following CVEs:
CVE-2016-0777 OpenSSH: Client Information leak due to use of roaming
connection feature
CVE-2016-0778 OpenSSH: Client buffer-overflow when using roaming
connections
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0777
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0778
Backported from:
http://git.yoctoproject.org/cgit/cgit.cgi/poky/patch/
?id=9845a542a76156adb5aef6fd33ad5bc5777acf64
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A buffer size check used to guard against overflow could
cause named to exit with an INSIST failure In apl_42.c.
References:
https://kb.isc.org/article/AA-01335
https://kb.isc.org/article/AA-00913
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8704
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
|
|
|
|
| |
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes a denial of service in BIND.
An error in the parsing of incoming responses allows some
records with an incorrect class to be accepted by BIND
instead of being rejected as malformed. This can trigger
a REQUIRE assertion failure when those records are subsequently
cached.
References:
http://www.openwall.com/lists/oss-security/2015/12/15/14
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8000
https://bugzilla.redhat.com/attachment.cgi?id=1105581
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Huimin She <huimin.she@enea.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes following vulnerabilities:
Certificate verify crash with missing PSS parameter (CVE-2015-3194)
X509_ATTRIBUTE memory leak (CVE-2015-3195)
References:
https://openssl.org/news/secadv/20151203.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3194
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3195
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
|
|
|
|
|
|
|
|
|
| |
three security fixes.
(From OE-Core rev: d3af844b05e566c2188fc3145e66a9826fed0ec8)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
|
|
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
|