diff options
author | Meenali Gupta <meenali.gupta@windriver.com> | 2024-03-17 15:47:25 +0000 |
---|---|---|
committer | Steve Sakoman <steve@sakoman.com> | 2024-03-18 06:13:57 -1000 |
commit | aa20dd9eb68f04a5f1556123ad1b2398de911d93 (patch) | |
tree | 0d01e81c32d12be4eb38cc5e7402b0bd34e2452f /meta/recipes-core/expat/expat/CVE-2023-52426-003.patch | |
parent | c02175e97348836429cecbfad15d89be040bbd92 (diff) | |
download | openembedded-core-aa20dd9eb68f04a5f1556123ad1b2398de911d93.tar.gz |
expat: fix CVE-2023-52426
A flaw was found in Expat (libexpat). If XML_DTD is undefined at compile time, a
recursive XML Entity Expansion condition can be triggered.This issue may lead to
a condition where data is expanded exponentially, which will quickly consume system
resources and cause a denial of service.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-52426
https://github.com/libexpat/libexpat/pull/777
Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Diffstat (limited to 'meta/recipes-core/expat/expat/CVE-2023-52426-003.patch')
-rw-r--r-- | meta/recipes-core/expat/expat/CVE-2023-52426-003.patch | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/meta/recipes-core/expat/expat/CVE-2023-52426-003.patch b/meta/recipes-core/expat/expat/CVE-2023-52426-003.patch new file mode 100644 index 0000000000..96a62dcffc --- /dev/null +++ b/meta/recipes-core/expat/expat/CVE-2023-52426-003.patch @@ -0,0 +1,28 @@ +From ed87a4793404e91c0cc0c81435fcfcc64a8be9f4 Mon Sep 17 00:00:00 2001 +From: Sebastian Pipping <sebastian@pipping.org> +Date: Thu, 26 Oct 2023 00:45:23 +0200 +Subject: [PATCH] configure.ac: Define macro XML_GE as 1 + +CVE: CVE-2023-52426 +Upstream-Status: Backport [https://github.com/libexpat/libexpat/commit/ed87a4793404e91c0cc0c81435fcfcc64a8be9f4] + +Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com> +--- + configure.ac | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/configure.ac b/configure.ac +index d3642de..153bb8e 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -295,6 +295,8 @@ AC_SUBST(FILEMAP) + dnl Some basic configuration: + AC_DEFINE([XML_NS], 1, + [Define to make XML Namespaces functionality available.]) ++AC_DEFINE([XML_GE], 1, ++ [Define as 1/0 to enable/disable support for general entities.]) + AC_DEFINE([XML_DTD], 1, + [Define to make parameter entity parsing functionality available.]) + AC_DEFINE([XML_DEV_URANDOM], 1, +-- +2.40.0 |