diff options
| author |   Yogita Urade <yogita.urade@windriver.com> | 2023-09-06 16:25:54 +0000 |
|---|---|---|
| committer |   Steve Sakoman <steve@sakoman.com> | 2023-09-07 03:20:27 -1000 |
| commit | 38709b0d35e7bd6760285bfa926dc85985c5cdcd (patch) | |
| tree | 17c653a213ae17afc9c1b607490ede914e95e9d1 /meta/recipes-core/dropbear/dropbear.inc | |
| parent | ebb224e65a7e1402ccf0d9517bd72748c18e012e (diff) | |
| download | openembedded-core-contrib-38709b0d35e7bd6760285bfa926dc85985c5cdcd.tar.gz | |
dropbear: fix CVE-2023-36328
Integer Overflow vulnerability in mp_grow in libtom libtommath before
commit beba892bc0d4e4ded4d667ab1d2a94f4d75109a9, allows attackers to
execute arbitrary code and cause a denial of service (DoS).
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-36328
https://github.com/libtom/libtommath/pull/546
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Diffstat (limited to 'meta/recipes-core/dropbear/dropbear.inc')
| -rw-r--r-- | meta/recipes-core/dropbear/dropbear.inc | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-core/dropbear/dropbear.inc b/meta/recipes-core/dropbear/dropbear.inc index f3f085b616..e61930f7db 100644 --- a/meta/recipes-core/dropbear/dropbear.inc +++ b/meta/recipes-core/dropbear/dropbear.inc @@ -29,6 +29,7 @@ SRC_URI = "http://matt.ucc.asn.au/dropbear/releases/dropbear-${PV}.tar.bz2 \ ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \ ${@bb.utils.contains('PACKAGECONFIG', 'disable-weak-ciphers', 'file://dropbear-disable-weak-ciphers.patch', '', d)} \ file://CVE-2021-36369.patch \ + file://CVE-2023-36328.patch \ " PAM_SRC_URI = "file://0005-dropbear-enable-pam.patch \ |