openembedded-core.git/meta/recipes-connectivity, branch dizzy Mirror of openembedded-core bind: CVE-2015-8000 2016-01-30T12:02:29+00:00 Sona Sarmadi sona.sarmadi@enea.com 2015-12-21T11:35:20+00:00 c9c42b0ec2c7b9b3e613f68db06230ebc6e2711c Fixes a denial of service in BIND. An error in the parsing of incoming responses allows some records with an incorrect class to be accepted by BIND instead of being rejected as malformed. This can trigger a REQUIRE assertion failure when those records are subsequently cached. [YOCTO #8838] References: http://www.openwall.com/lists/oss-security/2015/12/15/14 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8000 https://bugzilla.redhat.com/attachment.cgi?id=1105581 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> 
Fixes a denial of service in BIND.

An error in the parsing of incoming responses allows some
records with an incorrect class to be accepted by BIND
instead of being rejected as malformed. This can trigger
a REQUIRE assertion failure when those records are subsequently
cached.

[YOCTO #8838]

References:
http://www.openwall.com/lists/oss-security/2015/12/15/14
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8000
https://bugzilla.redhat.com/attachment.cgi?id=1105581

Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
openssl: CVE-2015-3194, CVE-2015-3195 2016-01-30T12:02:01+00:00 Sona Sarmadi sona.sarmadi@enea.com 2015-12-15T10:07:48+00:00 09c3a0f01572a6a65e9f87ce16817ee7de3296f1 Fixes following vulnerabilities: Certificate verify crash with missing PSS parameter (CVE-2015-3194) X509_ATTRIBUTE memory leak (CVE-2015-3195) References: https://openssl.org/news/secadv/20151203.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3194 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3195 Upstream patches: CVE-2015-3194: https://git.openssl.org/?p=openssl.git;a=commit;h= d8541d7e9e63bf5f343af24644046c8d96498c17 CVE-2015-3195: https://git.openssl.org/?p=openssl.git;a=commit;h= b29ffa392e839d05171206523e84909146f7a77c Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> 
Fixes following vulnerabilities:
Certificate verify crash with missing PSS parameter (CVE-2015-3194)
X509_ATTRIBUTE memory leak (CVE-2015-3195)

References:
https://openssl.org/news/secadv/20151203.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3194
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3195

Upstream patches:
CVE-2015-3194:
https://git.openssl.org/?p=openssl.git;a=commit;h=
d8541d7e9e63bf5f343af24644046c8d96498c17

CVE-2015-3195:
https://git.openssl.org/?p=openssl.git;a=commit;h=
b29ffa392e839d05171206523e84909146f7a77c

Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
openssh: CVE-2015-6563 CVE-2015-6564 CVE-2015-6565 2016-01-30T12:01:43+00:00 Armin Kuster akuster@mvista.com 2015-09-09T00:22:26+00:00 ddfe191355a042e6995f7b4b725b108c5bb4d36e three security fixes. CVE-2015-6563 (Low) openssh: Privilege separation weakness related to PAM support CVE-2015-6564 (medium) openssh: Use-after-free bug related to PAM support CVE-2015-6565 (High) openssh: Incorrectly set TTYs to be world-writable (From OE-Core rev: 259df232b513367a0a18b17e3e377260a770288f) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Conflicts: meta/recipes-connectivity/openssh/openssh_6.6p1.bb 
three security fixes.

CVE-2015-6563 (Low) openssh: Privilege separation weakness related to PAM support
CVE-2015-6564 (medium)  openssh: Use-after-free bug related to PAM support
CVE-2015-6565 (High)  openssh: Incorrectly set TTYs to be world-writable

(From OE-Core rev: 259df232b513367a0a18b17e3e377260a770288f)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>

Conflicts:
	meta/recipes-connectivity/openssh/openssh_6.6p1.bb
bind: CVE-2015-1349 CVE-2015-4620 CVE-2015-5722 2015-09-19T10:52:57+00:00 Armin Kuster akuster@mvista.com 2015-09-12T22:17:26+00:00 d3af844b05e566c2188fc3145e66a9826fed0ec8 three security fixes. Signed-off-by: Armin Kuster <akuster@mvista.com> 
three security fixes.

Signed-off-by: Armin Kuster <akuster@mvista.com>
connman-conf: fix SRC_URI_append 2015-09-01T20:30:26+00:00 Martin Jansa martin.jansa@gmail.com 2015-07-14T12:36:45+00:00 55b183aa476754b050779d36dfbb03eb936443ad * add leading space so that it works even with some .bbappend adding additional files to SRC_URI without trailing space (From OE-Core rev: 0f282f1d4946ac6e81959c66172c115405632a26) Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> 
* add leading space so that it works even with some .bbappend adding
  additional files to SRC_URI without trailing space

(From OE-Core rev: 0f282f1d4946ac6e81959c66172c115405632a26)

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
bind9.9.5: CVE-2015-5477 2015-09-01T20:27:51+00:00 Sona Sarmadi sona.sarmadi@enea.com 2015-07-30T11:48:55+00:00 18a01db3f2430095a4e6966aed5afd738dbc112e Fixed a flaw in the way BIND handled requests for TKEY DNS resource records. References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5477 https://kb.isc.org/article/AA-01272 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> 
Fixed a flaw in the way BIND handled requests for TKEY
DNS resource records.

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5477
https://kb.isc.org/article/AA-01272

Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
ppp: Security Advisory - CVE-2015-3310 2015-07-20T19:53:07+00:00 Roy Li rongqing.li@windriver.com 2015-05-26T09:21:03+00:00 d2f15f2ec2d9e8ecdb9aa69a413663f3615d7e0c http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3310 Buffer overflow in the rc_mksid function in plugins/radius/util.c in Paul's PPP Package (ppp) 2.4.6 and earlier, when the PID for pppd is greater than 65535, allows remote attackers to cause a denial of service (crash) via a start accounting message to the RADIUS server. oe-core is using ppp 2.4.7, and this CVE say ppp 2.4.7 was not effected, but I found this buggy codes are same between 2.4.6 and 2.4.7, and 2.4.7 should have this issue. (From OE-Core rev: 5b549c6d73e91fdbd0b618a752d618deb1449ef9) Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> 
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3310

Buffer overflow in the rc_mksid function in plugins/radius/util.c in
Paul's PPP Package (ppp) 2.4.6 and earlier, when the PID for pppd is
greater than 65535, allows remote attackers to cause a denial of
service (crash) via a start accounting message to the RADIUS server.

oe-core is using ppp 2.4.7, and this CVE say ppp 2.4.7 was not
effected, but I found this buggy codes are same between 2.4.6 and
2.4.7, and 2.4.7 should have this issue.

(From OE-Core rev: 5b549c6d73e91fdbd0b618a752d618deb1449ef9)

Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
neard: fix the install path in init scripts 2015-07-20T19:53:04+00:00 Cristian Iorga cristian.iorga@intel.com 2015-03-18T15:38:39+00:00 d86fd6190b9ffd5012f229f319520615176c27ee The neard make scripts will place the daemon executable in /usr/lib/neard/nfc/neard. Change the path accordingly in init scripts. Fixes [YOCTO #7390]. (From OE-Core rev: bd277f3a46e7fc764cc55c5354d2136fcfddc3c1) Signed-off-by: Cristian Iorga <cristian.iorga@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> 
The neard make scripts will place the daemon executable
in /usr/lib/neard/nfc/neard. Change the path accordingly
in init scripts.

Fixes [YOCTO #7390].

(From OE-Core rev: bd277f3a46e7fc764cc55c5354d2136fcfddc3c1)

Signed-off-by: Cristian Iorga <cristian.iorga@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
openssl: upgrade to 1.0.1p 2015-07-15T14:24:24+00:00 Tudor Florea tudor.florea@enea.com 2015-07-09T23:01:09+00:00 208d1d72b0d248b12f800e566cb011aec9a1a084 This upgrade fixes CVE-2015-1793 Removed openssl-fix-link.patch. The linking issue has been fixed in openssl. Signed-off-by: Tudor Florea <tudor.florea@enea.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
This upgrade fixes CVE-2015-1793
Removed openssl-fix-link.patch. The linking issue has been fixed in openssl.

Signed-off-by: Tudor Florea <tudor.florea@enea.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
openssl: Fix x32 openssl patch which was not building 2015-04-15T14:46:40+00:00 Brendan Le Foll brendan.le.foll@intel.com 2015-04-14T18:53:48+00:00 8e46230fe94c44ab81a0ca9cb8b2c9f7b605e226 x32 builds where broken due to patch rebase not having been done correctly for this patch Signed-off-by: Brendan Le Foll <brendan.le.foll@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
x32 builds where broken due to patch rebase not having been done correctly for
this patch

Signed-off-by: Brendan Le Foll <brendan.le.foll@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>