Commmon distro layer for Enea Linux https://git.enea.com/cgit/linux/meta-el-common.git/atom?h=pyro 2018-10-29T11:00:47+00:00 2018-10-29T11:00:47+00:00 Dan Andresan Dan.Andresan@enea.com 2018-10-29T11:00:47+00:00 urn:sha1:c1d3038ebc3595d452dd987ce985446b75b944db 2018-10-26T10:01:51+00:00 Dan Andresan Dan.Andresan@enea.com 2018-10-26T10:01:51+00:00 urn:sha1:429266feedb3eccc450d823d207cb1464c4c43dc CVE: CVE-2017-1000158 CVE-2018-1060 CVE-2018-1061 CVE-2017-1000158 python in the upstream pyro is 2.7.13 CVE-2018-1060 - python in the upstream pyro is 2.7.13 CVE-2018-1061 - python in the upstream pyro is 2.7.13 Reference: CVE-2017-1000158 https://github.com/python/cpython/commit/c3c9db89273fabc62ea1b48389d9a3000c1c03ae CVE-2018-1060 https://github.com/python/cpython/commit/937ac1fe069a4dc8471dff205f553d82e724015b CVE-2018-1061 https://github.com/python/cpython/commit/937ac1fe069a4dc8471dff205f553d82e724015b Change-Id: I09dc5e7d1754c00d4bcdf57b1124370e3d790e5a Signed-off-by: Andreas Wellving <andreas.wellving@enea.com> Signed-off-by: Adrian Mangeac <adrian.mangeac@enea.com> 2018-10-26T09:25:15+00:00 Dan Andresan Dan.Andresan@enea.com 2018-10-26T09:11:42+00:00 urn:sha1:9dd91119ff835f8fc36950d5025c65da96da13a0 CVE: CVE-2018-6913 perl in the upstream pyro is 5.24.1. Reference: CVE-2018-6913 https://rt.perl.org/Public/Ticket/Attachment/1480002/799836/0001-perl-131844-fix-various-space-calculation-issues-in-.patch Change-Id: I0b728e9d8752d625d674a82cf4269f8abc880889 Signed-off-by: Andreas Wellving <andreas.wellving@enea.com> Signed-off-by: Adrian Mangeac <adrian.mangeac@enea.com> 2017-12-14T14:31:54+00:00 Sona Sarmadi sona.sarmadi@enea.com 2017-12-14T12:17:04+00:00 urn:sha1:ef74e9d6103be37e4f4a43fb4c8b948789346b7c Directory Traversal Vulnerability References: https://nvd.nist.gov/vuln/detail/CVE-2017-8283 http://www.securityfocus.com/bid/98064/info Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Adrian Dudau <adrian.dudau@enea.com> 2017-12-06T10:43:12+00:00 Gabriel Ionescu gabriel.ionescu@enea.com 2017-12-05T14:08:13+00:00 urn:sha1:6fe6de08fe746ae3df54eb3bb6eee35e95914b6d This patch removes the call to update-rc.d in order to fix the console login issue for the Cavium board. Signed-off-by: Gabriel Ionescu <gabriel.ionescu@enea.com> Signed-off-by: Adrian Dudau <adrian.dudau@enea.com> 2017-11-22T10:46:21+00:00 Gabriel Ionescu gabriel.ionescu@enea.com 2017-11-20T18:03:25+00:00 urn:sha1:2c80876ac2a42928167ed5567dc803179485c815 When a board boots for the first time, it executes run-postinsts.service and dpkg-configure.service. Since both services run dpkg --configure, it sometimes results in locking up the login service. This patch disables the execution of dpkg --configure from run-postinsts by removing the deb keyword from the list of scanned packet types. Signed-off-by: Gabriel Ionescu <gabriel.ionescu@enea.com> Signed-off-by: Adrian Dudau <adrian.dudau@enea.com> 2017-09-18T11:54:31+00:00 Sona Sarmadi sona.sarmadi@enea.com 2017-09-14T06:16:06+00:00 urn:sha1:4c6acb2de2b9612dfae273e63348c40921ebf235 Fixes integer overflow in in handling virtio-crypto requests Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5931 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Martin Borg <martin.borg@enea.com> 2017-08-29T11:32:58+00:00 Sona Sarmadi sona.sarmadi@enea.com 2017-08-29T08:29:30+00:00 urn:sha1:7da6ebdca2d6b30dd6240db73b0c7605c310a4f1 Qemu built with the Audio subsystem support is vulnerable to a host memory leakage issue. It could occur if a guest user was to repeatedly start and stop audio capture. A privileged user inside guest could use this flaw to exhaust host memory, resulting in DoS. Reference: ========== https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-8309 Upstream patch: https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg05587.html Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Adrian Dudau <adrian.dudau@enea.com> 2017-08-29T11:32:30+00:00 Sona Sarmadi sona.sarmadi@enea.com 2017-08-29T08:29:29+00:00 urn:sha1:534a1c7f012e2099ce83bcab35c25cd587c9f3af Quick Emulator built with the USB OHCI Emulation support is vulnerable to an infinite loop issue. It could occur while processing an endpoint list descriptor in ohci_service_ed_list(). A guest user/process could use this flaw to crash Qemu process resulting in DoS. References: ========== https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-6505 Upstream patch: http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=95ed56939eb2eaa4e2f349fe6dcd13ca4edfd8fb Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Adrian Dudau <adrian.dudau@enea.com> 2017-08-29T11:31:52+00:00 Sona Sarmadi sona.sarmadi@enea.com 2017-08-29T08:29:28+00:00 urn:sha1:4c3b48e94915ea1e62f5364fe4261359cf99a8e7 Qemu built with the VirtFS, host directory sharing via Plan 9 File System(9pfs) support, is vulnerable to an improper access control issue. It could occur while accessing files on a shared host directory. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privileges on a host. References: ========== https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7471 Upstream patch: http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=96bae145e27d4df62671b4eebd6c735f412016cf Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>