| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
| |
Fixes input sanitization errors.
References
http://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=f66e6ce4
http://www.ocert.org/advisories/ocert-2015-002.html
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch addresses following CVEs:
CVE-2014-3569
CVE-2015-0204
CVE-2015-0205
CVE-2014-8275
CVE-2014-3571
CVE-2014-3570
Additional two patches (0004 & 0005) which were needed for CVE-2014-8275
have been backported from 1.0.1 stable (OpenSSL_1_0_1-stable) branch.
Reference
https://www.openssl.org/news/secadv_20150108.txt
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is related to "SSLv3 POODLE vulnerability" CVE-2014-3566
Building python without SSLv3 support when openssl is built without
any support for SSLv3 (e.g. by adding EXTRA_OECONF = " -no-ssl3" in
the openssl recipes).
Backport from:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768611#22
[python2.7-nossl3.patch] only Modules/_ssl.c is backported.
References:
https://bugzilla.yoctoproject.org/show_bug.cgi?id=7015
https://bugzilla.yoctoproject.org/show_bug.cgi?id=6843
http://bugs.python.org/issue22638
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix for _json module arbitrary process memory read vulnerability
http://bugs.python.org/issue21529
Python 2 and 3 are susceptible to arbitrary process memory reading
by a user or adversary due to a bug in the _json module caused by
insufficient bounds checking.
The sole prerequisites of this attack are that the attacker is able to control
or influence the two parameters of the default scanstring function: the string
to be decoded and the index. The bug is caused by allowing the user to supply
a negative index value. The index value is then used directly as an index to
an array in the C code; internally the address of the array and its index are
added to each other in order to yield the address of the value that is desired.
However, by supplying a negative index value and adding this to the address of
the array, the processor's register value wraps around and the calculated value
will point to a position in memory which isn't within the bounds of the
supplied string, causing the function to access other parts of the process
memory.
Signed-off-by: Benjamin Peterson <benjamin@python.org> Applied to
python-native recipe in order to fix the above mentioned vulnerability.
Upstream-Status: Backport
Signed-off-by: Daniel BORNAZ <daniel.bornaz@enea.com>
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
directory traversal in read_long_names()
Reference
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9447
Upstream commit with the analysis:
https://git.fedorahosted.org/cgit/elfutils.git/commit/?id=147018e729e7c22eeabf15b82d26e4bf68a0d18e
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
directory traversal in read_long_names()
Reference
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9447
Upstream commit with the analysis:
https://git.fedorahosted.org/cgit/elfutils.git/commit/?id=147018e729e7c22eeabf15b82d26e4bf68a0d18e
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
|
|
|
|
|
|
|
|
| |
Memory corruption flaw in parse_datetime()
Reference
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9471
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes CVE-2015-0973 (duplicate of CVE-2014-9495), a heap-based overflow
vulnerability in the png_combine_row() function of the libpng library,
when very large interlaced images were used.
Upstream patch:
http://sourceforge.net/p/libpng/code/ci/dc294204b641373bc6eb603075a8b98f51a75dd8/
External Reference:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0973
http://seclists.org/oss-sec/2014/q4/1133
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
getnetbyname function in eglibc 2.21 and earlier will
enter an infinite loop if the DNS backend is activated
in the system Name Service Switch configuration, and the
DNS resolver receives a positive answer while processing
the networkname.
Reference
https://sourceware.org/bugzilla/show_bug.cgi?id=17630
Changes in the NEWS and ChangeLog files from the original upstream
commit have been ignored
Upstream commit that fixes this issue:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;
h=11e3417af6e354f1942c68a271ae51e892b2814d
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
printf() unbound alloca() usage in case of positional
parameters + many format specs
Changes in the NEWS and ChangeLog files from the original upstream
commit have been ignored
References
http://www.openwall.com/lists/oss-security/2012/07/11/5
https://sourceware.org/bugzilla/show_bug.cgi?id=16617
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Command execution in wordexp() with WRDE_NOCMD specified
Changes in the NEWS and ChangeLog files from the original upstream
commit have been ignored
Reference
https://sourceware.org/ml/libc-alpha/2014-11/msg00519.html
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
__gconv_translit_find: Disable function [BZ #17187]
This functionality has never worked correctly, and the implementation
contained a security vulnerability (CVE-2014-5119).
(From OE-Core rev: 3f0a4551969798803e019435f1f4b5e8f88bea1a)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
|
|
|
|
|
|
|
|
|
|
| |
Fixes an out of bounds memory access flaw
in Qemu's IDE device model
Reference
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2894
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2014-8484
CVE-2014-8485
CVE-2014-8501
CVE-2014-8502
CVE-2014-8503
CVE-2014-8504
CVE-2014-8737
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A denial of service flaw was found in the way BIND followed DNS
delegations. A remote attacker could use a specially crafted zone
containing a large number of referrals which, when looked up and
processed, would cause named to use excessive amounts of memory
or crash.
External References:
===================
https://kb.isc.org/article/AA-01216/74/CVE-2014-8500%3A-A-Defect-in-\
Delegation-Handling-Can-Be-Exploited-to-Crash-BIND.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8500
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
|
|
|
|
|
|
|
| |
Fix no-ssl3 configuration option
This patch is a backport from OpenSSL_1.0.1j.
Signed-off-by: Catalin Popeanga <Catalin.Popeanga@enea.com>
|
|
|
|
|
|
|
|
| |
Fix for session tickets memory leak.
This patch is a backport from OpenSSL_1.0.1j.
Signed-off-by: Catalin Popeanga <Catalin.Popeanga@enea.com>
|
|
|
|
|
|
|
|
| |
Fix for SRTP Memory Leak
This patch is a backport from OpenSSL_1.0.1j.
Signed-off-by: Catalin Popeanga <Catalin.Popeanga@enea.com>
|
|
|
|
|
|
|
|
| |
OpenSSL_1.0.1 SSLV3 POODLE VULNERABILITY (CVE2014-3566)
This patch is a backport from OpenSSL_1.0.1j.
Signed-off-by: Catalin Popeanga <Catalin.Popeanga@enea.com>
|
|
|
|
| |
Signed-off-by: Catalin Popeanga <Catalin.Popeanga@enea.com>
|
|
|
|
|
|
|
|
|
|
| |
1) DTLS invalid fragment vulnerability (CVE-2014-0195)
2) DTLS recursion flaw (CVE-2014-0221)
3) SSL/TLS MITM vulnerability (CVE-2014-0224)
4) Anonymous ECDH denial of service (CVE-2014-3470)
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Maxin B. John <maxin.john@enea.com>
|
|
Migrated from the internal git server on the daisy-enea branch
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|