mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-03-03 13:59:40 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
aa673e1427e7c31d1c3e0ed35abffb09233bff0a
poky/meta
History
Rodolfo Quesada Zumbado aa673e1427 tar: CVE-2022-48303 
Fixes CVE-2022-48303 by checking Base-256 encoding is at least
2 bytes long. GNU Tar through 1.34 has a one-byte out-of-bounds
read that results in use of uninitialized memory for a conditional
jump. Exploitation to change the flow of control has not been
demonstrated. The issue occurs in from_header in list.c via a
V7 archive in which mtime has approximately 11 whitespace characters.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2022-48303

Upstream patch:
https://savannah.gnu.org/bugs/?62387
https://git.savannah.gnu.org/cgit/tar.git/patch/src/list.c?id=3da78400eafcccb97e2f2fd4b227ea40d794ede8

(From OE-Core rev: 231360a55bf1b96d6bb1cf94820b08788677c58b)

(From OE-Core rev: af77a413db59863a898c32dc7536b680473ae9c5)

Signed-off-by: Rodolfo Quesada Zumbado <rodolfo.zumbado@windriver.com>
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 2a00f15354)

Signed-off-by: Riyaz Khan <Riyaz.Khan@kpit.com>
Signed-off-by: Riyaz Khan <rak3033@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-03-14 14:59:10 +00:00
..
classes
libc-locale: Fix on target locale generation
2023-02-24 16:41:42 +00:00
conf
maintainers: update gcc version to 9.5
2022-12-07 15:06:37 +00:00
files
sdk: fix search for dynamic loader
2022-02-23 23:43:42 +00:00
lib
oeqa context.py: fix --target-ip comment to include ssh port number
2023-02-24 16:41:42 +00:00
recipes-bsp
grub2: Fix CVE-2022-2601 & CVE-2022-3775
2023-01-13 18:11:19 +00:00
recipes-connectivity
bluez5: Exclude CVE-2022-39177 from cve-check
2023-03-14 14:59:10 +00:00
recipes-core
glibc: Security fix for CVE-2023-0687
2023-03-14 14:59:10 +00:00
recipes-devtools
git: Security fix for CVE-2022-41903
2023-03-14 14:59:10 +00:00
recipes-extended
tar: CVE-2022-48303
2023-03-14 14:59:10 +00:00
recipes-gnome
gdk-pixbuf: CVE-2021-46829 a heap-based buffer overflow
2022-08-18 17:52:23 +01:00
recipes-graphics
libsdl2: Add fix for CVE-2022-4743
2023-02-13 07:44:09 +00:00
recipes-kernel
make-mod-scripts: Ensure kernel build output is deterministic
2023-02-24 16:41:42 +00:00
recipes-multimedia
tiff: fix multiple CVEs
2023-03-14 14:59:10 +00:00
recipes-rt
rt-tests: set branch name in SRC_URI
2021-09-10 16:21:36 +01:00
recipes-sato
puzzles: Upstream changed to main branch for development
2022-03-02 00:21:36 +00:00
recipes-support
curl: fix CVE-2022-43552 Use-after-free triggered by an HTTP proxy deny response
2023-03-14 14:59:10 +00:00
site
site: Make sys_siglist default to no
2020-10-06 14:15:21 +01:00
COPYING.MIT
recipes.txt
Remove LSB support
2019-08-29 14:05:12 +01:00