Commmon distro layer for Enea Linux https://git.enea.com/cgit/linux/meta-el-common.git/atom?h=pyro 2018-10-25T11:54:59+00:00 2018-10-25T11:54:59+00:00 Andreas Wellving andreas.wellving@enea.com 2018-09-11T08:09:27+00:00 urn:sha1:2057b91933875959294f823b12938d6cba6ea62b CVE: CVE-2017-16932 CVE-2017-5130 CVE-2017-7375 CVE-2017-7376 Libxml2 in the upstream pyro is 2.9.4 CVE-2017-7376: For the stable distribution (stretch), these problems have been fixed in version 2.9.4+dfsg1-2.2+deb9u1 CVE-2017-7375: stretch (security) 2.9.4+dfsg1-2.2+deb9u2 Reference: CVE-2017-16932 https://github.com/GNOME/libxml2/commit/899a5d9f0ed13b8e32449a08a361e0de127dd961 CVE-2017-5130 https://gitlab.gnome.org/GNOME/libxml2/commit/897dffbae322b46b83f99a607d527058a72c51ed CVE-2017-7375 https://gitlab.gnome.org/GNOME/libxml2/commit/90ccb58242866b0ba3edbef8fe44214a101c2b3e CVE-2017-7376 https://gitlab.gnome.org/GNOME/libxml2/commit/5dca9eea1bd4263bfa4d037ab2443de1cd730f7e Change-Id: Icf68eea8e0916be2bc9f3e844f7d38f6fae75300 Signed-off-by: Andreas Wellving <andreas.wellving@enea.com> Signed-off-by: Adrian Mangeac <adrian.mangeac@enea.com> 2017-11-24T14:06:10+00:00 Adrian Dudau adrian.dudau@enea.com 2017-11-22T09:33:21+00:00 urn:sha1:1b0e3b30bc27a98468c0f3e19e985e5fd992c650 These have been fixed already in upstream poky/pyro. Signed-off-by: Adrian Dudau <adrian.dudau@enea.com> 2017-09-26T13:38:55+00:00 Sona Sarmadi sona.sarmadi@enea.com 2017-09-21T11:57:06+00:00 urn:sha1:781e18aca10e772c75eed6246400a19b3adf4766 Out-of-bounds read in htmlParseTryOrFinish Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8872 Backported from: http://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?h=pyro&id=d2b60efe20f4d9dce03f8f351715b103a85b7338 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Adrian Dudau <adrian.dudau@enea.com> 2017-09-06T11:02:36+00:00 Sona Sarmadi sona.sarmadi@enea.com 2017-09-06T09:01:07+00:00 urn:sha1:f51f71b2da372e3eaaa1d47c7e01724b2b8867ed A remote code execution vulnerability in libxml2 could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Reference: https://security-tracker.debian.org/tracker/CVE-2017-0663 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Adrian Dudau <adrian.dudau@enea.com> 2017-08-21T08:55:46+00:00 Sona Sarmadi sona.sarmadi@enea.com 2017-08-21T06:43:03+00:00 urn:sha1:a60bc47b963ee456ce140cabb1e15a1275a2f67d References: CVE-2017-9049: Heap-based buffer over-read in function xmlDictComputeFastKey http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049 CVE-2017-9050: Heap-based buffer over-read in function xmlDictAddString http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Adrian Dudau <adrian.dudau@enea.com> 2017-08-21T08:55:46+00:00 Sona Sarmadi sona.sarmadi@enea.com 2017-08-21T06:43:02+00:00 urn:sha1:f2a56c19b6190bf41bd608efdf8dd573fa9fd616 References: CVE-2017-9047: Buffer overflow in function xmlSnprintfElementContent http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047 CVE-2017-9048: Stack-based buffer overflow in function http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Adrian Dudau <adrian.dudau@enea.com> 2017-08-21T08:55:46+00:00 Sona Sarmadi sona.sarmadi@enea.com 2017-08-21T06:43:01+00:00 urn:sha1:b86da431eda5794bb1e7df211b1c10a665ff5095 Fixes a NULL pointer dereference in libxml2, when using xmllint --recover. A maliciously crafted file, when parsed in recovery mode, could cause the application to crash. Reference https://bugzilla.gnome.org/show_bug.cgi?id=778519 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>