<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/poky.git/meta/recipes-connectivity, branch yocto-4.0.29</title>
<subtitle>Mirror of git.yoctoproject.org/poky</subtitle>
<id>https://git.enea.com/cgit/linux/poky.git/atom?h=yocto-4.0.29</id>
<link rel='self' href='https://git.enea.com/cgit/linux/poky.git/atom?h=yocto-4.0.29'/>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/'/>
<updated>2025-08-08T13:30:55+00:00</updated>
<entry>
<title>avahi: fix CVE-2024-52615</title>
<updated>2025-08-08T13:30:55+00:00</updated>
<author>
<name>Zhang Peng</name>
<email>peng.zhang1.cn@windriver.com</email>
</author>
<published>2025-07-31T06:06:42+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=9e416e05f6af7a97d0a589dbc687f743180e2bb0'/>
<id>urn:sha1:9e416e05f6af7a97d0a589dbc687f743180e2bb0</id>
<content type='text'>
CVE-2024-52615:
A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area
DNS queries. This issue simplifies attacks where malicious DNS responses are injected.

Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2024-52615]
[https://github.com/avahi/avahi/security/advisories/GHSA-x6vp-f33h-h32g]

Upstream patches:
[https://github.com/avahi/avahi/commit/4e2e1ea0908d7e6ad7f38ae04fdcdf2411f8b942]

(From OE-Core rev: 7bd9fee6d654326ea921b51113de99f793e11545)

Signed-off-by: Zhang Peng &lt;peng.zhang1.cn@windriver.com&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>ofono: fix CVE-2023-4235</title>
<updated>2025-07-18T15:32:26+00:00</updated>
<author>
<name>Archana Polampalli</name>
<email>archana.polampalli@windriver.com</email>
</author>
<published>2025-07-11T11:33:13+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=b6acab6e64c74a92c0bbaf29647e0737575712cd'/>
<id>urn:sha1:b6acab6e64c74a92c0bbaf29647e0737575712cd</id>
<content type='text'>
A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug
is triggered within the decode_deliver_report() function during the SMS decoding.
It is assumed that the attack scenario is accessible from a compromised modem,
a malicious base station, or just SMS. There is a bound check for this memcpy
length in decode_submit(), but it was forgotten in decode_deliver_report().

(From OE-Core rev: 3a3519324ec390044ff9f97c0f32027782699124)

Signed-off-by: Archana Polampalli &lt;archana.polampalli@windriver.com&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>ofono: fix CVE-2023-4232</title>
<updated>2025-07-18T15:32:26+00:00</updated>
<author>
<name>Archana Polampalli</name>
<email>archana.polampalli@windriver.com</email>
</author>
<published>2025-07-11T11:33:12+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=d668325fd8dbbdb180bf469d60693759ee477034'/>
<id>urn:sha1:d668325fd8dbbdb180bf469d60693759ee477034</id>
<content type='text'>
A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug
is triggered within the decode_status_report() function during the SMS decoding.
It is assumed that the attack scenario is accessible from a compromised modem,
a malicious base station, or just SMS. There is a bound check for this memcpy
length in decode_submit(), but it was forgotten in decode_status_report().

(From OE-Core rev: 02005c81a55930d9f57d44674cdc5eb6171c8c76)

Signed-off-by: Archana Polampalli &lt;archana.polampalli@windriver.com&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>openssl: fix CVE-2024-41996</title>
<updated>2025-07-18T15:32:26+00:00</updated>
<author>
<name>Archana Polampalli</name>
<email>archana.polampalli@windriver.com</email>
</author>
<published>2025-07-11T11:33:11+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=78620e54fd6cf9006e73aa147721db72930c1dc7'/>
<id>urn:sha1:78620e54fd6cf9006e73aa147721db72930c1dc7</id>
<content type='text'>
Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol,
when an approved safe prime is used, allows remote attackers (from the client side) to
trigger unnecessarily expensive server-side DHE modular-exponentiation calculations.
The client may cause asymmetric resource consumption. The basic attack scenario is that
the client must claim that it can only communicate with DHE, and the server must be
configured to allow DHE and validate the order of the public key.

Reference:
https://github.com/openssl/openssl/pull/25088

(From OE-Core rev: 635fc639a13a6b28cac5c67cff23b7f4477bc41c)

Signed-off-by: Archana Polampalli &lt;archana.polampalli@windriver.com&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>openssl: upgrade 3.0.16 -&gt; 3.0.17</title>
<updated>2025-07-18T15:32:26+00:00</updated>
<author>
<name>Peter Marko</name>
<email>peter.marko@siemens.com</email>
</author>
<published>2025-07-10T22:10:03+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=d3219fb24b8503e678f1d23b7dea64d5555a83b6'/>
<id>urn:sha1:d3219fb24b8503e678f1d23b7dea64d5555a83b6</id>
<content type='text'>
Release information:
https://github.com/openssl/openssl/blob/openssl-3.0/NEWS.md#major-changes-between-openssl-3016-and-openssl-3017-1-jul-2025

(From OE-Core rev: 678f4f98f145c887a220b846babc9648ea6ff974)

Signed-off-by: Peter Marko &lt;peter.marko@siemens.com&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>nfs-utils: don't use signals to shut down nfs server.</title>
<updated>2025-06-04T16:06:31+00:00</updated>
<author>
<name>NeilBrown</name>
<email>neilb@suse.de</email>
</author>
<published>2025-05-28T02:08:52+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=81e0dc80d72d66b7f15a34c0da7a0a8c58809056'/>
<id>urn:sha1:81e0dc80d72d66b7f15a34c0da7a0a8c58809056</id>
<content type='text'>
Since Linux v2.4 it has been possible to stop all NFS server by running

   rpc.nfsd 0

i.e.  by requesting that zero threads be running.  This is preferred as
it doesn't risk killing some other process which happens to be called
"nfsd".

Since Linux v6.6 - and other stable kernels to which

  Commit: 390390240145 ("nfsd: don't allow nfsd threads to be
  signalled.")

has been backported - sending a signal no longer works to stop nfs server
threads.

This patch changes the nfsserver script to use "rpc.nfsd 0" to stop
server threads.

(From OE-Core rev: 415e73d53e5342f3f6ff6acd521ded2df3fbca1f)

Signed-off-by: NeilBrown &lt;neil@brown.name&gt;
Signed-off-by: Mathieu Dubois-Briand &lt;mathieu.dubois-briand@bootlin.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
(cherry picked from commit 7b09ad289a36)
Signed-off-by: Haixiao Yan &lt;haixiao.yan.cn@windriver.com&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>connman :fix CVE-2025-32366</title>
<updated>2025-05-28T15:46:32+00:00</updated>
<author>
<name>Praveen Kumar</name>
<email>praveen.kumar@windriver.com</email>
</author>
<published>2025-05-16T09:59:09+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=23a840550950d2424d3f49937dea4f5066ba709e'/>
<id>urn:sha1:23a840550950d2424d3f49937dea4f5066ba709e</id>
<content type='text'>
In ConnMan through 1.44, parse_rr in dnsproxy.c has a memcpy length
that depends on an RR RDLENGTH value, i.e., *rdlen=ntohs(rr-&gt;rdlen)
and memcpy(response+offset,*end,*rdlen) without a check for whether
the sum of *end and *rdlen exceeds max. Consequently, *rdlen may be
larger than the amount of remaining packet data in the current state
of parsing. Values of stack memory locations may be sent over the
network in a response.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-32366

Upstream-patch:
https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=8d3be0285f1d4667bfe85dba555c663eb3d704b4

(From OE-Core rev: 1b9156124b4a07e0e3e0ab09e87d654eae6c7b4e)

Signed-off-by: Praveen Kumar &lt;praveen.kumar@windriver.com&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>openssh: Fix CVE-2025-32728</title>
<updated>2025-05-28T15:46:32+00:00</updated>
<author>
<name>Vijay Anusuri</name>
<email>vanusuri@mvista.com</email>
</author>
<published>2025-04-29T11:22:43+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=0fa8a4465e1b653c102d425804fcf85d0d28977a'/>
<id>urn:sha1:0fa8a4465e1b653c102d425804fcf85d0d28977a</id>
<content type='text'>
Upstream-Status: Backport [https://github.com/openssh/openssh-portable/commit/fc86875e6acb36401dfc1dfb6b628a9d1460f367]

(From OE-Core rev: 68413e1413eb87254d68f30920574b0e2c766782)

Signed-off-by: Vijay Anusuri &lt;vanusuri@mvista.com&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>connman :fix CVE-2025-32743</title>
<updated>2025-05-14T13:38:21+00:00</updated>
<author>
<name>Praveen Kumar</name>
<email>praveen.kumar@windriver.com</email>
</author>
<published>2025-05-07T11:48:58+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=9b99800fe71a525514351a4236c11e470fbce35a'/>
<id>urn:sha1:9b99800fe71a525514351a4236c11e470fbce35a</id>
<content type='text'>
In ConnMan through 1.44, the lookup string in ns_resolv in dnsproxy.c
can be NULL or an empty string when the TC (Truncated) bit is set in
a DNS response. This allows attackers to cause a denial of service
(application crash) or possibly execute arbitrary code, because those
lookup values lead to incorrect length calculations and incorrect
memcpy operations.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-32743

Upstream-patch:
https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=d90b911f6760959bdf1393c39fe8d1118315490f

(From OE-Core rev: ece0fb01bf28fa114f0a6e479491b4b6f565c80c)

Signed-off-by: Praveen Kumar &lt;praveen.kumar@windriver.com&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>ppp: patch CVE-2024-58250</title>
<updated>2025-05-02T15:12:41+00:00</updated>
<author>
<name>Peter Marko</name>
<email>peter.marko@siemens.com</email>
</author>
<published>2025-04-24T17:40:29+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=fd6b4fb51108607f9b1f4c5dd413dca1618a3ac5'/>
<id>urn:sha1:fd6b4fb51108607f9b1f4c5dd413dca1618a3ac5</id>
<content type='text'>
Backport patch to remove vulnerable component.

This is a breaking change, but there will be no other fix for this CVE
as upstream did the deletion without providing a fix first.
If someone really needs this feature, which the commit message describes
as deprecated, bbappend with patch removal is possible.

License-Update: passprompt plugin removed

(From OE-Core rev: d04a2b5f4899845429e1c5893535f5df1221fcbf)

Signed-off-by: Peter Marko &lt;peter.marko@siemens.com&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
</feed>
