diff options
| author | Polampalli, Archana A <archana.polampalli@windriver.com> | 2023-06-16 12:18:34 +0000 |
|---|---|---|
| committer | Armin Kuster <akuster808@gmail.com> | 2023-06-17 14:21:38 -0400 |
| commit | 9d203efe8f01fa7d433a52ae1098cb27ede07119 (patch) | |
| tree | bc6db03a2ead95960d7c347e33e37fc0525d6991 /meta-python/recipes-devtools/python/python3-pylyrics_1.1.0.bb | |
| parent | 25dcf4d65b7d84ba24d0090d6283801ecae16546 (diff) | |
| download | meta-openembedded-9d203efe8f01fa7d433a52ae1098cb27ede07119.tar.gz | |
samba: fix CVE-2022-3437
A heap-based buffer overflow vulnerability was found in Samba within
the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The
DES and Triple-DES decryption routines in the Heimdal GSSAPI library
allow a length-limited write buffer overflow on malloc() allocated
memory when presented with a maliciously small packet. This flaw
allows a remote user to send specially crafted malicious data to the
application, possibly resulting in a denial of service (DoS) attack.
References:
https://nvd.nist.gov/vuln/detail/CVE-2022-3437
Upstream patches:
https://github.com/heimdal/heimdal/commit/f6edaafcfefd843ca1b1a041f942a853d85ee7c3
https://github.com/heimdal/heimdal/commit/c9cc34334bd64b08fe91a2f720262462e9f6bb49
https://github.com/heimdal/heimdal/commit/a587a4bcb28d5b9047f332573b1e7c8f89ca3edd
https://github.com/heimdal/heimdal/commit/c758910eaad3c0de2cfb68830a661c4739675a7d
https://github.com/heimdal/heimdal/commit/414b2a77fd61c26d64562e3800dc5578d9d0f15d
https://github.com/heimdal/heimdal/commit/be9bbd93ed8f204b4bc1b92d1bc3c16aac194696
https://github.com/heimdal/heimdal/commit/c8407ca079294d76a5ed140ba5b546f870d23ed2
https://github.com/heimdal/heimdal/commit/8fb508a25a6a47289c73e3f4339352a73a396eef
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Diffstat (limited to 'meta-python/recipes-devtools/python/python3-pylyrics_1.1.0.bb')
0 files changed, 0 insertions, 0 deletions