mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-03-05 14:59:41 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
2640cecd2f4d45786bb9faed61858a5fd8cf93e8
poky/meta/recipes-connectivity
History
Yogita Urade 204b28c419 ofono: fix CVE-2023-2794 
A flaw was found in ofono, an Open Source Telephony on Linux.
A stack overflow bug is triggered within the decode_deliver()
function during the SMS decoding. It is assumed that the attack
scenario is accessible from a compromised modem, a malicious
base station, or just SMS. There is a bound check for this
memcpy length in decode_submit(), but it was forgotten in
decode_deliver().

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2023-2794

Upstream patches:
https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=a90421d8e45d63b304dc010baba24633e7869682
https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=7f2adfa22fbae824f8e2c3ae86a3f51da31ee400
https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=07f48b23e3877ef7d15a7b0b8b79d32ad0a3607e
https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=8fa1fdfcb54e1edb588c6a5e2688880b065a39c9

(From OE-Core rev: 5114e9064dbabd5258f512cd97c79fc40f848b98)

Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2024-08-16 08:09:14 -07:00
..
avahi
avahi: backport CVE-2023-1981 & CVE's follow-up patches
2023-12-15 04:00:33 -10:00
bind
bind: Upgrade 9.18.19 -> 9.18.24
2024-03-07 08:32:54 -10:00
bluez5
bluez5: Fix CVE-2023-27349 CVE-2023-50229 & CVE-2023-50230
2024-05-16 05:22:09 -07:00
connman
connman: fix warning by specifying runstatedir at configure time
2023-07-01 08:37:25 -10:00
dhcpcd
dhcpcd: use git instead of tarballs
2023-05-30 04:11:15 -10:00
inetutils
inetutils: Backport fix for CVE-2023-40303
2023-09-08 16:09:41 -10:00
iproute2
iproute2: upgrade 5.16.0 -> 5.17.0
2022-03-29 15:59:29 +01:00
iw
iw: upgrade 5.9 -> 5.16
2021-11-10 19:27:28 +00:00
kea
kea: submit patch upstream
2022-11-24 15:30:01 +00:00
libnss-mdns
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
libpcap
libpcap: Disable DPDK explicitly
2022-02-12 17:05:35 +00:00
libuv
libuv: fix CVE-2024-24806
2024-02-28 03:32:09 -10:00
mobile-broadband-provider-info
mobile-broadband-provider-info: upgrade 20221107 -> 20230416
2023-07-01 08:37:24 -10:00
neard
neard: Switch SRC_URI to git repo
2022-05-04 13:07:34 +01:00
nfs-utils
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
ofono
ofono: fix CVE-2023-2794
2024-08-16 08:09:14 -07:00
openssh
openssh: fix CVE-2024-6387
2024-07-09 06:06:09 -07:00
openssl
OpenSSL: Security fix for CVE-2024-5535
2024-07-09 06:06:09 -07:00
ppp
ppp: Add RSA-MD in LICENSE
2024-05-15 09:44:16 -07:00
ppp-dialin
Convert to new override syntax
2021-08-02 15:44:10 +01:00
resolvconf
resolvconf: make it work
2022-12-07 15:02:45 +00:00
socat
socat: upgrade 1.7.4.3 -> 1.7.4.4
2022-11-24 15:30:00 +00:00
ssh-pregen-hostkeys
ssh-pregen-hostkeys: Add a recipe with pregenerated ssh host keys
2020-09-23 20:54:04 +01:00
wpa-supplicant
wpa-supplicant: Patch CVE-2023-52160
2024-08-05 06:02:01 -07:00