[oe] [meta-openembedded][kirkstone][PATCH 1/1] openvpn: fix multiple CVEs

2024-06-20 Thread Meenali Gupta via lists.openembedded.org
From: Meenali Gupta CVE-2024-24974: Previously, the VPN tool’s Windows implementation allowed remote access to its service pipe, posing a security risk. Using compromised credentials, a threat actor could communicate with OpenVPN to orchestrate attacks. CVE-2024-27903: OpenVPN has mitigated the

[oe][meta-webserver][kirkstone][PATCH 1/1] nginx: fix CVE-2023-44487

2024-04-28 Thread Meenali Gupta via lists.openembedded.org
From: Meenali Gupta The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. References: https://nvd.nist.gov/vuln/detail/CVE-2023-44487 Signed-off-by: Meena

Re: [oe][meta-webserver][kirkstone][PATCH 1/1] nginx: upgrade 1.25.2 -> 1.25.3

2024-03-27 Thread Meenali Gupta via lists.openembedded.org
hes. I almost ignored it as it said kirkstone alone. On Thu, Dec 14, 2023 at 2:38 AM Meenali Gupta via lists.openembedded.org wrote: > > From: Meenali Gupta > > Changelog: > === > https://nginx.org/en/CHANGES > > *) Change: improved detection of misbehavin

[oe] [meta-oe][kirkstone][PATCH 1/1] graphviz: fix CVE-2023-46045

2024-03-25 Thread Meenali Gupta via lists.openembedded.org
From: Meenali Gupta Graphviz 2.36 before 10.0.0 has an out-of-bounds read via a crafted config6a file. NOTE: exploitability may be uncommon because this file is typically owned by root. Signed-off-by: Meenali Gupta --- .../graphviz/graphviz/CVE-2023-46045-1.patch | 38 ++ ..

[oe][meta-webserver][mickledore][PATCH 1/1] nginx: fix CVE-2023-44487

2023-12-20 Thread Meenali Gupta via lists.openembedded.org
From: Meenali Gupta The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. Signed-off-by: Meenali Gupta --- .../nginx/files/CVE-2023-44487.patch

Re: [oe][meta-webserver][kirkstone][PATCH 1/1] nginx: upgrade 1.25.2 -> 1.25.3

2023-12-18 Thread Meenali Gupta via lists.openembedded.org
Hi Khem raj, Please ignore this patch. Regards Meenali From: Khem Raj Sent: 19 December 2023 11:57 To: openembedded-devel@lists.openembedded.org ; Gupta, Meenali Subject: Re: [oe][meta-webserver][kirkstone][PATCH 1/1] nginx: upgrade 1.25.2 -> 1.25.3 CAUTION

[oe][meta-webserver][master][PATCH 1/1] nginx: upgrade 1.25.2 -> 1.25.3

2023-12-18 Thread Meenali Gupta via lists.openembedded.org
From: Meenali Gupta Changelog: === https://nginx.org/en/CHANGES *) Change: improved detection of misbehaving clients when using HTTP/2. *) Feature: startup speedup when using a large number of locations. Thanks to Yusuke Nojima. *) Bugfix: a segmentation fault might occur in a w

[oe][meta-webserver][kirkstone][PATCH 1/1] nginx: upgrade 1.25.2 -> 1.25.3

2023-12-14 Thread Meenali Gupta via lists.openembedded.org
From: Meenali Gupta Changelog: === https://nginx.org/en/CHANGES *) Change: improved detection of misbehaving clients when using HTTP/2. *) Feature: startup speedup when using a large number of locations. Thanks to Yusuke Nojima. *) Bugfix: a segmentation fault might occur in a w

[oe][meta-networking][mickledore][PATCH 1/1] lldpd: upgrade 1.0.16 -> 1.0.17

2023-10-07 Thread Meenali Gupta via lists.openembedded.org
This release only contains bugfixes and security fixes. Highlighted bugfixes in 1.0.17:   Read overflow when parsing CDP addresses. Thanks to Matteo Memelli.   Don't output empty lines on configure commands. Changelog:   https://github.com/lldpd/lldpd/releases/tag/1.0.17 References: 

[oe][meta-networking][kirkstone][PATCH 1/1] open-vm-tools: fix CVE-2023-20867

2023-10-05 Thread Meenali Gupta via lists.openembedded.org
A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine. Signed-off-by: Meenali Gupta --- .../open-vm-tools/CVE-2023-20867.patch| 158 ++ .../open-vm-to

Re: [oe][meta-networking[mickledore][PATCH 1/1] fix: CVE-2023-1801

2023-07-14 Thread Meenali Gupta via lists.openembedded.org
Hi Please ignore it . Regards Meenali From: openembedded-devel@lists.openembedded.org on behalf of Meenali Gupta via lists.openembedded.org Sent: Friday, July 14, 2023 4:57 PM To: openembedded-devel@lists.openembedded.org Cc: G Pillai, Hari Subject: [oe

[oe][meta-networking[mickledore][PATCH 1/1] tcpdump: fix CVE-2023-1801

2023-07-14 Thread Meenali Gupta via lists.openembedded.org
From: Meenali Gupta The SMB protocol decoder in tcpdump version 4.99.3 can perform an out-of-bounds write when decoding a crafted network packet Signed-off-by: Meenali Gupta --- .../tcpdump/tcpdump/CVE-2023-1801.patch | 342 ++ .../recipes-support/tcpdump/tcpdump_4.99.3.b

[oe][meta-networking[mickledore][PATCH 1/1] fix: CVE-2023-1801

2023-07-14 Thread Meenali Gupta via lists.openembedded.org
From: Meenali Gupta The SMB protocol decoder in tcpdump version 4.99.3 can perform an out-of-bounds write when decoding a crafted network packet Signed-off-by: Meenali Gupta --- .../tcpdump/tcpdump/CVE-2023-1801.patch | 342 ++ .../recipes-support/tcpdump/tcpdump_4.99.3.b