From: Meenali Gupta
CVE-2024-24974:
Previously, the VPN tool’s Windows implementation allowed remote access to
its service pipe, posing a security risk. Using compromised credentials, a
threat actor could communicate with OpenVPN to orchestrate attacks.
CVE-2024-27903:
OpenVPN has mitigated the
From: Meenali Gupta
The HTTP/2 protocol allows a denial of service (server resource consumption)
because request cancellation can reset many streams quickly, as exploited in
the wild in August through October 2023.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-44487
Signed-off-by: Meena
hes.
I almost ignored it as it said kirkstone alone.
On Thu, Dec 14, 2023 at 2:38 AM Meenali Gupta via
lists.openembedded.org
wrote:
>
> From: Meenali Gupta
>
> Changelog:
> ===
> https://nginx.org/en/CHANGES
>
> *) Change: improved detection of misbehavin
From: Meenali Gupta
Graphviz 2.36 before 10.0.0 has an out-of-bounds read via a crafted config6a
file.
NOTE: exploitability may be uncommon because this file is typically owned by
root.
Signed-off-by: Meenali Gupta
---
.../graphviz/graphviz/CVE-2023-46045-1.patch | 38 ++
..
From: Meenali Gupta
The HTTP/2 protocol allows a denial of service (server resource consumption)
because request cancellation can reset many streams quickly,
as exploited in the wild in August through October 2023.
Signed-off-by: Meenali Gupta
---
.../nginx/files/CVE-2023-44487.patch
Hi Khem raj,
Please ignore this patch.
Regards
Meenali
From: Khem Raj
Sent: 19 December 2023 11:57
To: openembedded-devel@lists.openembedded.org
; Gupta, Meenali
Subject: Re: [oe][meta-webserver][kirkstone][PATCH 1/1] nginx: upgrade 1.25.2
-> 1.25.3
CAUTION
From: Meenali Gupta
Changelog:
===
https://nginx.org/en/CHANGES
*) Change: improved detection of misbehaving clients when using HTTP/2.
*) Feature: startup speedup when using a large number of locations.
Thanks to Yusuke Nojima.
*) Bugfix: a segmentation fault might occur in a w
From: Meenali Gupta
Changelog:
===
https://nginx.org/en/CHANGES
*) Change: improved detection of misbehaving clients when using HTTP/2.
*) Feature: startup speedup when using a large number of locations.
Thanks to Yusuke Nojima.
*) Bugfix: a segmentation fault might occur in a w
This release only contains bugfixes and security fixes.
Highlighted bugfixes in 1.0.17:
Read overflow when parsing CDP addresses. Thanks to Matteo Memelli.
Don't output empty lines on configure commands.
Changelog:
https://github.com/lldpd/lldpd/releases/tag/1.0.17
References:
A fully compromised ESXi host can force VMware Tools to
fail to authenticate host-to-guest operations, impacting
the confidentiality and integrity of the guest virtual machine.
Signed-off-by: Meenali Gupta
---
.../open-vm-tools/CVE-2023-20867.patch| 158 ++
.../open-vm-to
Hi
Please ignore it .
Regards
Meenali
From: openembedded-devel@lists.openembedded.org
on behalf of Meenali Gupta via
lists.openembedded.org
Sent: Friday, July 14, 2023 4:57 PM
To: openembedded-devel@lists.openembedded.org
Cc: G Pillai, Hari
Subject: [oe
From: Meenali Gupta
The SMB protocol decoder in tcpdump version 4.99.3 can perform
an out-of-bounds write when decoding a crafted network packet
Signed-off-by: Meenali Gupta
---
.../tcpdump/tcpdump/CVE-2023-1801.patch | 342 ++
.../recipes-support/tcpdump/tcpdump_4.99.3.b
From: Meenali Gupta
The SMB protocol decoder in tcpdump version 4.99.3 can perform
an out-of-bounds write when decoding a crafted network packet
Signed-off-by: Meenali Gupta
---
.../tcpdump/tcpdump/CVE-2023-1801.patch | 342 ++
.../recipes-support/tcpdump/tcpdump_4.99.3.b
13 matches
Mail list logo