diff options
author | Andrii Davydenko <andrii.davydenko@globallogic.com> | 2022-12-14 12:08:42 +0200 |
---|---|---|
committer | Mykyta Dorokhin <mykyta.dorokhin@globallogic.com> | 2023-01-24 12:41:29 +0200 |
commit | 2eaa3fd064097eb221b56d5df0e7136ba705a0cd (patch) | |
tree | 2ca46c9a625d6f743933b1ea7e2fc6bd2581e6eb /recipes-core/libxml/libxml2/CVE-2021-3537.patch | |
parent | 1e52890ac41318d28923787af35541a8f9ee0653 (diff) | |
download | meta-mlinux-2eaa3fd064097eb221b56d5df0e7136ba705a0cd.tar.gz meta-mlinux-2eaa3fd064097eb221b56d5df0e7136ba705a0cd.tar.bz2 meta-mlinux-2eaa3fd064097eb221b56d5df0e7136ba705a0cd.zip |
CVE Packages Update
Move libfastjson to the rsyslog directory
rsyslog 8.2002.0 -> 8.2206.0
add ntp4.2.8 recipe with fixed CVEs
update cryptsetup to 2.4.3
fix libxml2 CVE-2016-3709
curl 7.75.0 -> 7.86.0
strongswan 5.8.4 -> 5.9.8
libmodbus 3.1.6 -> 3.1.7
libesmtp 1.0.6 -> 1.1.0
cifs-utils 6.1 -> 7.0
update libtirpc to version 1.3.3
update rsync to version 3.2.5
Add zlib 1.2.13
upgrade gnutls to 3.7.8
upgrade openssh to 8.9p1
Add cmake 3.24.2 and cmake-native 3.24.2 to avoid loop dependecies building expat
Add expat 2.5.0 to fix CVE-2022-40674 and CVE-2022-43680
openvpn 2.4.9 -> 2.4.12
hostapd 2.9 -> 2.10
[GP-1837] mPower R.6.3.X (Fall'22): CVE Upgrade (after 2022-12-28)
Openssh 8.9p1 no longer needed, because all necessary CVE fixes, backports and whitelists are present for current Openssh 8.4p1. There are no new CVE's in report.
[GP-1837] mPower R.6.3.X (Fall'22): CVE Upgrade (after 2022-12-28)
Backported CVE patches for python3 component. Need to remove after upgrading Yocto to version more than 3.1.21.
[GP-1837] mPower R.6.3.X (Fall'22): CVE Upgrade (after 2022-12-28)
Backported CVE patch for sudo component.
Added 2 CVE's to whitelist for OpenVPN component.
Diffstat (limited to 'recipes-core/libxml/libxml2/CVE-2021-3537.patch')
-rw-r--r-- | recipes-core/libxml/libxml2/CVE-2021-3537.patch | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/recipes-core/libxml/libxml2/CVE-2021-3537.patch b/recipes-core/libxml/libxml2/CVE-2021-3537.patch new file mode 100644 index 0000000..9e64c2a --- /dev/null +++ b/recipes-core/libxml/libxml2/CVE-2021-3537.patch @@ -0,0 +1,50 @@ +From babe75030c7f64a37826bb3342317134568bef61 Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer <wellnhofer@aevum.de> +Date: Sat, 1 May 2021 16:53:33 +0200 +Subject: [PATCH] Propagate error in xmlParseElementChildrenContentDeclPriv + +Check return value of recursive calls to +xmlParseElementChildrenContentDeclPriv and return immediately in case +of errors. Otherwise, struct xmlElementContent could contain unexpected +null pointers, leading to a null deref when post-validating documents +which aren't well-formed and parsed in recovery mode. + +Fixes #243. + +Upstream-Status: Backport +[https://gitlab.gnome.org/GNOME/libxml2/-/commit/babe75030c7f64a37826bb3342317134568bef61] +CVE: CVE-2021-3537 +Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> + +--- + parser.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/parser.c b/parser.c +index b42e6043..73c27edd 100644 +--- a/parser.c ++++ b/parser.c +@@ -6208,6 +6208,8 @@ xmlParseElementChildrenContentDeclPriv(xmlParserCtxtPtr ctxt, int inputchk, + SKIP_BLANKS; + cur = ret = xmlParseElementChildrenContentDeclPriv(ctxt, inputid, + depth + 1); ++ if (cur == NULL) ++ return(NULL); + SKIP_BLANKS; + GROW; + } else { +@@ -6341,6 +6343,11 @@ xmlParseElementChildrenContentDeclPriv(xmlParserCtxtPtr ctxt, int inputchk, + SKIP_BLANKS; + last = xmlParseElementChildrenContentDeclPriv(ctxt, inputid, + depth + 1); ++ if (last == NULL) { ++ if (ret != NULL) ++ xmlFreeDocElementContent(ctxt->myDoc, ret); ++ return(NULL); ++ } + SKIP_BLANKS; + } else { + elem = xmlParseName(ctxt); +-- +GitLab + |