From: Yogita Urade
Includes fix for CVE-2024-41123 & CVE-2024-41946
Release notes:
https://github.com/ruby/ruby/releases/tag/v3_3_5
Rebase:
0005-Mark-Gemspec-reproducible-change-fixing-784225-too.patch
0006-Make-gemspecs-reproducible.patch
Drop:
0001-fiddle-Use-C11-_Alignof-to-define-ALIGN_OF-
From: Yogita Urade
A DMA reentrancy issue leading to a use-after-free error
was found in the e1000e NIC emulation code in QEMU. This
issue could allow a privileged guest user to crash the
QEMU process on the host, resulting in a denial of service.
CVE-2023-3019-0003 is the CVE fix and CVE-2023-3
From: Yogita Urade
Includes fix for CVE-2024-41123 & CVE-2024-41946
Changelog
=
d3ab7be8ca merge revision(s) 657f4b99f61: [Backport #20667]
c69d59e9b2 Sync tool/lib/core_assertions.rb from master
cf9a6c2b63 merge revision(s) a3562c2a0abf1c2bdd1d50377b4f929580782594:
[Backport #20701]
d8
From: Yogita Urade
A flaw was found in the QEMU disk image utility (qemu-img) 'info'
command. A specially crafted image file containing a `json:{}`
value describing block devices in QMP could cause the qemu-img
process on the host to consume large amounts of memory or CPU time,
leading to denial
From: Yogita Urade
A flaw was found in ofono, an Open Source Telephony on Linux.
A stack overflow bug is triggered within the decode_deliver()
function during the SMS decoding. It is assumed that the attack
scenario is accessible from a compromised modem, a malicious
base station, or just SMS. Th
From: Yogita Urade
This includes fix for: CVE-2024-26327, CVE-2024-26328 and CVE-2024-3447
General changelog for 8.2: https://wiki.qemu.org/ChangeLog/8.2
Droped 0001-linux-user-x86_64-Handle-the-vsyscall-page-in-open_s.patch,
CVE-2024-3446 and CVE-2024-3567 since already contained the fix.
Sig
From: Yogita Urade
A buffer-overread issue was discovered in StringIO 3.0.1, as
distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through
3.1.4. The ungetbyte and ungetc methods on a StringIO can
read past the end of a string, and a subsequent call to
StringIO.gets may return the memory value. 3.
From: Yogita Urade
CVE-2024-3446:
A double free vulnerability was found in QEMU virtio devices
(virtio-gpu, virtio-serial-bus, virtio-crypto), where the
mem_reentrancy_guard flag insufficiently protects against DMA
reentrancy issues. This issue could allow a malicious privileged
guest to crash th
From: Yogita Urade
The memory allocation function ACPI_ALLOCATE_ZEROED does not
guarantee a successful allocation, but the subsequent code
directly dereferences the pointer that receives it, which may
lead to null pointer dereference. To fix this issue, a null
pointer check should be added. If it
I had forgotten to mention the Kirkstone branch.
Will send v2.
../Yogita
On 21-06-2024 16:17, Urade, Yogita via lists.openembedded.org wrote:
From: Yogita Urade
The memory allocation function ACPI_ALLOCATE_ZEROED does not
guarantee a successful allocation, but the subsequent code
directly
From: Yogita Urade
The memory allocation function ACPI_ALLOCATE_ZEROED does not
guarantee a successful allocation, but the subsequent code
directly dereferences the pointer that receives it, which may
lead to null pointer dereference. To fix this issue, a null
pointer check should be added. If it
From: Yogita Urade
Changlog:
rar: Fix OOB in rar e8 filter
zip: Fix out of boundary access
7zip: Limit amount of properties
bsdtar: Fix error handling around strtol() usages
passphrase: Improve newline handling on Windows
passphrase: Never allow empty passwords
rar:
From: Yogita Urade
Changelog:
=
rar: Fix OOB in rar e8 filter
zip: Fix out of boundary access
7zip: Limit amount of properties
bsdtar: Fix error handling around strtol() usages
passphrase: Improve newline handling on Windows
passphrase: Never allow empty passwords
rar
From: Yogita Urade
libarchive Remote Code Execution Vulnerability
References:
https://nvd.nist.gov/vuln/detail/CVE-2024-26256
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-26256
Signed-off-by: Yogita Urade
---
.../libarchive/CVE-2024-26256.patch | 29 +++
.../li
From: Yogita Urade
ruby: RCE vulnerability with .rdoc_options in RDoc
References:
https://github.com/ruby/ruby/pull/10316
https://security-tracker.debian.org/tracker/CVE-2024-27281
Signed-off-by: Yogita Urade
---
.../ruby/ruby/CVE-2024-27281.patch| 97 +++
meta/rec
From: Yogita Urade
A DMA reentrancy issue leading to a use-after-free error was
found in the e1000e NIC emulation code in QEMU. This issue
could allow a privileged guest user to crash the QEMU process
on the host, resulting in a denial of service.
Fix indent issue in qemu.inc file
References:
h
Hi Steve,
I will send v2.
../Yogita
On 19-01-2024 03:56, Steve Sakoman wrote:
**
*CAUTION: This email comes from a non Wind River email account!*
Do not click links or open attachments unless you recognize the sender
and know the content is safe.
On Thu, Jan 18, 2024 at 12:21 PM Randy MacL
From: Yogita Urade
CVE-2023-6228:
An issue was found in the tiffcp utility distributed by the
libtiff package where a crafted TIFF file on processing may
cause a heap-based buffer overflow leads to an application
crash.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-6228
https://gitlab.co
From: Yogita Urade
CVE-2023-6228:
An issue was found in the tiffcp utility distributed by the
libtiff package where a crafted TIFF file on processing may
cause a heap-based buffer overflow leads to an application
crash.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-6228
https://gitlab.co
From: Yogita Urade
An out-of-bounds write flaw was found in grub2's NTFS filesystem driver.
This issue may allow an attacker to present a specially crafted NTFS
filesystem image, leading to grub's heap metadata corruption. In some
circumstances, the attack may also corrupt the UEFI firmware heap
From: Ross Burton
This incorporates fixes for the following CVEs:
- CVE-2023-43785
- CVE-2023-43786
- CVE-2023-43787
Signed-off-by: Ross Burton
Signed-off-by: Richard Purdie
(cherry picked from commit a1534bb34b680bfc5cb2f35b5fd5a0c2afed6368)
Signed-off-by: Yogita Urade
---
.../xorg-lib/{li
From: Ross Burton
This release fixes the following CVEs:
- CVE-2023-43788
- CVE-2023-43789
Signed-off-by: Ross Burton
Signed-off-by: Richard Purdie
(cherry picked from commit 46dd8ce41756dbc2aa0f9001416f208cced1c8d5)
Signed-off-by: Yogita Urade
---
.../xorg-lib/{libxpm_3.5.16.bb => libxpm_3
From: Yogita Urade
A vulnerability was found in libX11 due to an integer overflow
within the XCreateImage() function. This flaw allows a local
user to trigger an integer overflow and execute arbitrary code
with elevated privileges.
Reference:
https://security-tracker.debian.org/tracker/CVE-2023-
From: Yogita Urade
QEMU through 8.0.0 could trigger a division by zero in scsi_disk_reset
in hw/scsi/scsi-disk.c because scsi_disk_emulate_mode_select does not
prevent s->qdev.blocksize from being 256. This stops QEMU and the guest
immediately.
References:
https://nvd.nist.gov/vuln/detail/CVE-20
From: Yogita Urade
QEMU through 8.0.0 could trigger a division by zero in scsi_disk_reset
in hw/scsi/scsi-disk.c because scsi_disk_emulate_mode_select does not
prevent s->qdev.blocksize from being 256. This stops QEMU and the guest
immediately.
References:
https://nvd.nist.gov/vuln/detail/CVE-20
From: Yogita Urade
A type confusion issue was addressed with improved checks.
This issue is fixed in iOS 16.5.1 and iPadOS 16.5.1, Safari
16.5.1, macOS Ventura 13.4.1, iOS 15.7.7 and iPadOS 15.7.7.
Processing maliciously crafted web content may lead to
arbitrary code execution. Apple is aware of
From: Yogita Urade
An authentication issue was addressed with improved state management.
This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6,
macOS Ventura 13.4. An unauthenticated user may be able to access
recently printed documents.
References:
https://ubuntu.com/security/CVE-2
From: Yogita Urade
libtiff: potential integer overflow in raw2tiff.c
References:
https://bugzilla.redhat.com/show_bug.cgi?id=2235264
https://security-tracker.debian.org/tracker/CVE-2023-41175
https://gitlab.com/libtiff/libtiff/-/issues/592
Signed-off-by: Yogita Urade
---
.../libtiff/files/CVE
From: Yogita Urade
libtiff: integer overflow in tiffcp.c
References:
https://security-tracker.debian.org/tracker/CVE-2023-40745
https://gitlab.com/libtiff/libtiff/-/issues/591
https://bugzilla.redhat.com/show_bug.cgi?id=2235265
Signed-off-by: Yogita Urade
---
.../libtiff/files/CVE-2023-40745.
From: Yogita Urade
libtiff: potential integer overflow in raw2tiff.c
References:
https://bugzilla.redhat.com/show_bug.cgi?id=2235264
https://security-tracker.debian.org/tracker/CVE-2023-41175
https://gitlab.com/libtiff/libtiff/-/issues/592
Signed-off-by: Yogita Urade
---
.../libtiff/files/CVE
From: Yogita Urade
libtiff: integer overflow in tiffcp.c
References:
https://security-tracker.debian.org/tracker/CVE-2023-40745
https://gitlab.com/libtiff/libtiff/-/issues/591
https://bugzilla.redhat.com/show_bug.cgi?id=2235265
Signed-off-by: Yogita Urade
---
.../libtiff/files/CVE-2023-40745.
From: Yogita Urade
A DMA-MMIO reentrancy problem may lead to memory corruption bugs
like stack overflow or use-after-free.
Summary of the problem from Peter Maydell:
https://lore.kernel.org/qemu-devel/cafeaca_23vc7he3iam-jva6w38lk4hjowae5kcknhprd5fp...@mail.gmail.com
Reference:
https://gitlab.c
From: Yogita Urade
A flaw was found in the QEMU built-in VNC server. When a client connects
to the VNC server, QEMU checks whether the current number of connections
crosses a certain threshold and if so, cleans up the previous connection.
If the previous connection happens to be in the handshake
From: Yogita Urade
Integer Overflow vulnerability in mp_grow in libtom libtommath before
commit beba892bc0d4e4ded4d667ab1d2a94f4d75109a9, allows attackers to
execute arbitrary code and cause a denial of service (DoS).
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-36328
https://github.com
From: Yogita Urade
The issue was addressed with improved bounds checks. This issue
is fixed in tvOS 15.6, watchOS 8.7, iOS 15.6 and iPadOS 15.6,
macOS Monterey 12.5, Safari 15.6. Processing web content may
lead to arbitrary code execution.
References:
https://nvd.nist.gov/vuln/detail/CVE-2022-48
From: Yogita Urade
Integer Overflow vulnerability in mp_grow in libtom libtommath before
commit beba892bc0d4e4ded4d667ab1d2a94f4d75109a9, allows attackers to
execute arbitrary code and cause a denial of service (DoS).
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-36328
https://github.com
From: Yogita Urade
QEMU: ati-vga: inconsistent check in ati_2d_blt() may lead to
out-of-bounds write.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2021-3638
https://lists.nongnu.org/archive/html/qemu-devel/2021-09/msg01682.html
Signed-off-by: Yogita Urade
---
meta/recipes-devtools/qemu/qem
From: Yogita Urade
A DMA-MMIO reentrancy problem may lead to memory corruption bugs
like stack overflow or use-after-free.
Summary of the problem from Peter Maydell:
https://lore.kernel.org/qemu-devel/cafeaca_23vc7he3iam-jva6w38lk4hjowae5kcknhprd5fp...@mail.gmail.com
Reference:
https://gitlab.c
From: Yogita Urade
Integer Overflow vulnerability in mp_grow in libtom libtommath before
commit beba892bc0d4e4ded4d667ab1d2a94f4d75109a9, allows attackers to
execute arbitrary code and cause a denial of service (DoS).
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-36328
https://github.com
From: Yogita Urade
Envoy is a cloud-native high-performance edge/middle/service
proxy. Envoy’s HTTP/2 codec may leak a header map and
bookkeeping structures upon receiving `RST_STREAM` immediately
followed by the `GOAWAY` frames from an upstream server. In
nghttp2, cleanup of pending requests due
From: Yogita Urade
GNU inetutils through 2.4 may allow privilege escalation because
of unchecked return values of set*id() family functions in ftpd,
rcp, rlogin, rsh, rshd, and uucpd. This is, for example, relevant
if the setuid system call fails when a process is trying to drop
privileges before
From: Yogita Urade
Envoy is a cloud-native high-performance edge/middle/service
proxy. Envoy’s HTTP/2 codec may leak a header map and
bookkeeping structures upon receiving `RST_STREAM` immediately
followed by the `GOAWAY` frames from an upstream server. In
nghttp2, cleanup of pending requests due
qemu: 9pfs: prevent opening special files
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2023-2861
Signed-off-by: Yogita Urade
---
meta/recipes-devtools/qemu/qemu.inc | 1 +
.../qemu/qemu/CVE-2023-2861.patch | 171 ++
2 files changed, 172 insertions(+)
QEMU: VNC: infinite loop in inflate_buffer() leads to denial of service
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2023-3255
Signed-off-by: Yogita Urade
---
meta/recipes-devtools/qemu/qemu.inc | 1 +
.../qemu/qemu/CVE-2023-3255.patch | 65 +++
2 files
qemu: hotplug/hotunplug mlx vdpa device to the occupied addr port,
then qemu core dump occurs after shutdown guest
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2023-3301
Signed-off-by: Yogita Urade
---
meta/recipes-devtools/qemu/qemu.inc | 1 +
.../qemu/qemu/CVE-2023-3301.patch
QEMU: infinite loop in xhci_ring_chain_length() in hw/usb/hcd-xhci.c
Reference:
https://gitlab.com/qemu-project/qemu/-/issues/646
Signed-off-by: Yogita Urade
---
meta/recipes-devtools/qemu/qemu.inc | 1 +
.../qemu/qemu/CVE-2020-14394.patch| 79 +++
2 files
If the `recursive-clients` quota is reached on a BIND 9 resolver
configured with both `stale-answer-enable yes;` and
`stale-answer-client-timeout 0;`, a sequence of serve-stale-related
lookups could cause `named` to loop and terminate unexpectedly due
to a stack overflow.
This issue affects BIND 9
Dmidecode before 3.5 allows -dump-bin to overwrite a local file.
This has security relevance because, for example, execution of
Dmidecode via Sudo is plausible.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-30630
https://lists.nongnu.org/archive/html/dmidecode-devel/2023-04/msg00016.html
h
time. Please submit a v2 with this corrected.
I was able to take the other patches in this series though, so you
only need to submit v2 for the two that I wasn't able to take.
Steve
Thanks Steve!
I'll submit V2 for these two patches.
Regards,
Yogita
On Fri, Jun 9, 2023 at 4:09 AM Ur
A memory corruption issue was addressed with improved input validation.
This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS
15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing
maliciously crafted web content may lead to arbitrary code execution.
Reference
The issue was addressed with improved memory handling.
This issue is fixed in macOS Ventura 13.2, macOS Monterey
12.6.3, tvOS 16.3, Safari 16.3, watchOS 9.3, iOS 16.3 and
iPadOS 16.3, macOS Big Sur 11.7.3. Processing maliciously
crafted web content may lead to arbitrary code execution.
References:
A type confusion issue was addressed with improved state handling.
This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1,
iOS 15.7.2 and iPadOS 15.7.2, iOS 16.1.2. Processing maliciously
crafted web content may lead to arbitrary code execution. Apple is
aware of a report that this issue
A use after free issue was addressed with improved memory management.
This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS
16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web
content may lead to arbitrary code execution.
Reference:
https://nvd.nist.gov/vuln/deta
A memory corruption issue was addressed with improved state management.
This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS
16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web
content may lead to arbitrary code execution.
References:
https://nvd.nist.gov/vuln/d
A memory consumption issue was addressed with improved memory handling.
This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS
15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing
maliciously crafted web content may lead to arbitrary code execution.
Reference
The issue was addressed with improved memory handling. This issue is fixed in
macOS Ventura 13.2, macOS Monterey 12.6.3, tvOS 16.3, Safari 16.3, watchOS 9.3,
iOS 16.3 and iPadOS 16.3, macOS Big Sur 11.7.3. Processing maliciously crafted
web content may lead to arbitrary code execution.
Referenc
A memory corruption issue was addressed with improved input validation. This
issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and
iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously
crafted web content may lead to arbitrary code execution.
Refere
A type confusion issue was addressed with improved state handling. This issue
is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS
15.7.2, iOS 16.1.2. Processing maliciously crafted web content may lead to
arbitrary code execution. Apple is aware of a report that this is
A use after free issue was addressed with improved memory management. This
issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and
iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead
to arbitrary code execution.
Reference:
https://nvd.nist.gov/vuln/d
A memory corruption issue was addressed with improved state management. This
issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and
iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead
to arbitrary code execution.
References:
https://nvd.nist.gov/vul
A memory consumption issue was addressed with improved memory handling. This
issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and
iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously
crafted web content may lead to arbitrary code execution.
Refere
Upgrade libxpm 3.5.13 to 3.5.15
License-update: additional copyright holders
f0857c0 man pages: Correct Copyright/License notices
The above commit is introduced while upgrading the libxpm 3.5.15.
which is mentioned in below changelog.
Due to this commit LIC_FILES_CHKSUM is changed.
Disable rea
Upstream has switched some new releases from bz2 to xz compression. Add
an XORG_EXT variable so recipes can set the file name extension needed
for the compression type.
Following the approach in oe-core/master:
6a8068e036b4b2a40b38896275b936916b4db76e xorg-lib-common: Add variable to
set tarba
63 matches
Mail list logo