summaryrefslogtreecommitdiffstats
path: root/meta
Commit message (Collapse)AuthorAgeFilesLines
* libpng16: CVE-2015-0973Sona Sarmadi2015-07-062-0/+48
| | | | | | | | | | | | | | | Fixes CVE-2015-0973 (duplicate of CVE-2014-9495), a heap-based overflow vulnerability in the png_combine_row() function of the libpng library, when very large interlaced images were used. Upstream patch: http://sourceforge.net/p/libpng/code/ci/dc294204b641373bc6eb603075a8b98f51a75dd8/ External Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0973 http://seclists.org/oss-sec/2014/q4/1133 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
* eglibc: CVE-2014-9402 denial of service in getnetbynameSona Sarmadi2015-07-062-0/+29
| | | | | | | | | | | | | | | | | | | | getnetbyname function in eglibc 2.21 and earlier will enter an infinite loop if the DNS backend is activated in the system Name Service Switch configuration, and the DNS resolver receives a positive answer while processing the networkname. Reference https://sourceware.org/bugzilla/show_bug.cgi?id=17630 Changes in the NEWS and ChangeLog files from the original upstream commit have been ignored Upstream commit that fixes this issue: https://sourceware.org/git/gitweb.cgi?p=glibc.git; h=11e3417af6e354f1942c68a271ae51e892b2814d Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
* eglibc: CVE-2012-3406 Stack overflow in vfprintfSona Sarmadi2015-07-062-0/+274
| | | | | | | | | | | | | | printf() unbound alloca() usage in case of positional parameters + many format specs Changes in the NEWS and ChangeLog files from the original upstream commit have been ignored References http://www.openwall.com/lists/oss-security/2012/07/11/5 https://sourceware.org/bugzilla/show_bug.cgi?id=16617 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
* eglibc: CVE-2014-7817 wordexp fails to honour WRDE_NOCMDSona Sarmadi2015-07-062-0/+165
| | | | | | | | | | | | Command execution in wordexp() with WRDE_NOCMD specified Changes in the NEWS and ChangeLog files from the original upstream commit have been ignored Reference https://sourceware.org/ml/libc-alpha/2014-11/msg00519.html Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
* eglibc: CVE-2014-5119 fixArmin Kuster2015-07-062-0/+241
| | | | | | | | | | | | | | | __gconv_translit_find: Disable function [BZ #17187] This functionality has never worked correctly, and the implementation contained a security vulnerability (CVE-2014-5119). (From OE-Core rev: 3f0a4551969798803e019435f1f4b5e8f88bea1a) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Tudor Florea <tudor.florea@enea.com>
* Qemu: CVE-2014-2894Sona Sarmadi2015-07-062-1/+48
| | | | | | | | | | Fixes an out of bounds memory access flaw in Qemu's IDE device model Reference http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2894 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
* binutils: several security fixesSona Sarmadi2015-07-069-0/+1148
| | | | | | | | | | | | CVE-2014-8484 CVE-2014-8485 CVE-2014-8501 CVE-2014-8502 CVE-2014-8503 CVE-2014-8504 CVE-2014-8737 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
* bind: fix for CVE-2014-8500Sona Sarmadi2015-07-062-0/+991
| | | | | | | | | | | | | | | | A denial of service flaw was found in the way BIND followed DNS delegations. A remote attacker could use a specially crafted zone containing a large number of referrals which, when looked up and processed, would cause named to use excessive amounts of memory or crash. External References: =================== https://kb.isc.org/article/AA-01216/74/CVE-2014-8500%3A-A-Defect-in-\ Delegation-Handling-Can-Be-Exploited-to-Crash-BIND.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8500 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
* Fix CVE-2014-3568Catalin Popeanga2015-07-062-0/+99
| | | | | | | | Fix no-ssl3 configuration option This patch is a backport from OpenSSL_1.0.1j. Signed-off-by: Catalin Popeanga <Catalin.Popeanga@enea.com>
* Fix CVE-2014-3567Catalin Popeanga2015-07-062-0/+32
| | | | | | | | Fix for session tickets memory leak. This patch is a backport from OpenSSL_1.0.1j. Signed-off-by: Catalin Popeanga <Catalin.Popeanga@enea.com>
* Fix CVE-2014-3513Catalin Popeanga2015-07-062-0/+211
| | | | | | | | Fix for SRTP Memory Leak This patch is a backport from OpenSSL_1.0.1j. Signed-off-by: Catalin Popeanga <Catalin.Popeanga@enea.com>
* Fix-CVE-2014-3566Catalin Popeanga2015-07-062-0/+500
| | | | | | | | OpenSSL_1.0.1 SSLV3 POODLE VULNERABILITY (CVE2014-3566) This patch is a backport from OpenSSL_1.0.1j. Signed-off-by: Catalin Popeanga <Catalin.Popeanga@enea.com>
* bash-Upgrade-shell-to-fix-the-ShellShockCatalin Popeanga2015-07-062-0/+109
| | | | Signed-off-by: Catalin Popeanga <Catalin.Popeanga@enea.com>
* Fix for OpenSSL security vulnerabilitiesSona Sarmadi2015-07-067-0/+303
| | | | | | | | | | 1) DTLS invalid fragment vulnerability (CVE-2014-0195) 2) DTLS recursion flaw (CVE-2014-0221) 3) SSL/TLS MITM vulnerability (CVE-2014-0224) 4) Anonymous ECDH denial of service (CVE-2014-3470) Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Maxin B. John <maxin.john@enea.com>
* initial commit for Enea Linux 4.0Adrian Dudau2014-06-263651-0/+348560
Migrated from the internal git server on the daisy-enea branch Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-05-29 05:54:24 +0000