Mirror of git.yoctoproject.org/poky https://git.enea.com/cgit/linux/poky.git/atom?h=daisy-enea 2016-04-08T10:32:32+00:00 2016-04-08T10:32:32+00:00 Sona Sarmadi sona.sarmadi@enea.com 2016-04-07T10:27:27+00:00 urn:sha1:71129828ff4cfda3d66aa9378be3c5a53f2beb8b CVE-2016-1285 bind: malformed packet sent to rndc can trigger assertion failure CVE-2016-1286 bind: malformed signature records for DNAME records can trigger assertion failure [YOCTO #9400] External References: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1285 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1286 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1285 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1286 References to the Upstream commits and Security Advisories: CVE-2016-1285: https://kb.isc.org/article/AA-01352 https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=patch; h=31e4657cf246e41d4c5c890315cb6cf89a0db25a CVE-2016-1286_1: https://kb.isc.org/article/AA-01353 https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=patch; h=76c3c9fe9f3f1353b47214b8f98b3d7f53e10bc7 CVE-2016-1286_2: https://kb.isc.org/article/AA-01353 https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=patch; h=ce3cd91caee698cb144e1350c6c78292c6be6339 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Tudor Florea <tudor.florea@enea.com> Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> 2016-04-08T10:32:27+00:00 Sona Sarmadi sona.sarmadi@enea.com 2016-04-07T10:24:20+00:00 urn:sha1:4ddc912615a690b7f612517ac5a5b345c9f89f8e Fixes a race condition when handling socket errors can lead to an assertion failure in resolver.c Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8461 Patch is backported from: http://git.yoctoproject.org/cgit/cgit.cgi/poky/patch /?id=12cdd6d2b3a6d351ea09799be38e6ddd4c041c17 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Tudor Florea <tudor.florea@enea.com> Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> 2016-04-08T10:32:23+00:00 Sona Sarmadi sona.sarmadi@enea.com 2016-01-22T08:38:51+00:00 urn:sha1:a64d5f593079ac42c7c378faf7c090fae609e15c A buffer size check used to guard against overflow could cause named to exit with an INSIST failure In apl_42.c. References: https://kb.isc.org/article/AA-01335 https://kb.isc.org/article/AA-00913 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8704 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Tudor Florea <tudor.florea@enea.com> Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> 2016-04-08T10:32:18+00:00 Sona Sarmadi sona.sarmadi@enea.com 2015-12-21T09:18:02+00:00 urn:sha1:d825e9e4562419e839b79cd7c811ea1b9b0c2608 Fixes a denial of service in BIND. An error in the parsing of incoming responses allows some records with an incorrect class to be accepted by BIND instead of being rejected as malformed. This can trigger a REQUIRE assertion failure when those records are subsequently cached. References: http://www.openwall.com/lists/oss-security/2015/12/15/14 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8000 https://bugzilla.redhat.com/attachment.cgi?id=1105581 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Huimin She <huimin.she@enea.com> Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> 2016-04-08T10:32:13+00:00 Sona Sarmadi sona.sarmadi@enea.com 2016-04-08T08:21:05+00:00 urn:sha1:3f66cbfdff13798a6893abb7a43d45abc7004a49 CVE-2015-1349: https://kb.isc.org/article/AA-01235/0/CVE-2015-1349%3A- A-Problem-with-Trust-Anchor-Management-Can-Cause-named-to-Crash.html CVE-2015-4620 https://kb.isc.org/article/AA-01267/0/CVE-2015-4620%3A- Specially-Constructed-Zone-Data-Can-Cause-a-Resolver-to-Crash-when-Validating.html CVE-2015-5722 https://kb.isc.org/article/AA-01287/0/CVE-2015-5722%3A- Parsing-malformed-keys-may-cause-BIND-to-exit-due-to-a-failed-assertion-in-buffer.c.html (From OE-Core rev: d3af844b05e566c2188fc3145e66a9826fed0ec8) Reference: https://kb.isc.org/category/74/0/10/Software-Products/BIND9/Security-Advisories/ Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> 2016-03-07T19:14:22+00:00 Sona Sarmadi sona.sarmadi@enea.com 2016-03-07T09:04:37+00:00 urn:sha1:c916152b1fa7806a32f1e9b35d89fae9d29894d0 Cross-protocol attack on TLS using SSLv2 (DROWN) Mitigation for CVE-2016-0800 References: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0800 https://git.openssl.org/?p=openssl.git;a=patch;h=56f1acf5ef8a432992497a04792ff4b3b2c6f286 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Tudor Florea <tudor.florea@enea.com> 2016-03-01T09:54:04+00:00 Sona Sarmadi sona.sarmadi@enea.com 2016-02-29T09:30:50+00:00 urn:sha1:2ffdbb90ec8e461370fd9a4d3adac2fabfefd7ee Fixes getaddrinfo stack-based buffer overflow References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7547 https://sourceware.org/bugzilla/show_bug.cgi?id=18665 https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html https://sourceware.org/ml/libc-alpha/2016-02/msg00418.html Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Tudor Florea <tudor.florea@enea.com> 2015-09-09T01:26:32+00:00 Robert Yang liezhi.yang@windriver.com 2015-03-26T06:42:34+00:00 urn:sha1:66db094272742977499fd51f48ccba95ab34287b A directory traversal flaw was reported in patch: References: http://www.openwall.com/lists/oss-security/2015/01/18/6 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775227 https://bugzilla.redhat.com/show_bug.cgi?id=1182154 [YOCTO #7182] (From OE-Core rev: 4c389880dc9c6221344f7aed221fe8356e8c2056) (From OE-Core rev: e2032c5788f7a77aa0e4e8545b550551c23a25fb) Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> 2015-09-09T01:25:58+00:00 Sona Sarmadi sona.sarmadi@enea.com 2015-09-07T09:26:11+00:00 urn:sha1:f0ade59b8c8c2f98968ac349cd7b180a08d894d9 Fixes RSA PKCS#1 signature verification forgery References http://www.gnutls.org/security.html#GNUTLS-SA-2015-1 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0282 https://www.debian.org/security/2015/dsa-3191 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> 2015-08-12T13:00:03+00:00 Sona Sarmadi sona.sarmadi@enea.com 2015-08-12T13:00:03+00:00 urn:sha1:07b699ab37025d33af04fb20236ec5eca02f6018 Fixes directory traversal vulnerability via symlinks Initial report: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774669 Upstream report: https://lists.gnu.org/archive/html/bug-cpio/2015-01/msg00000.html Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1197 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>