diff options
| author |   Polampalli, Archana A <archana.polampalli@windriver.com> | 2023-06-16 12:18:34 +0000 |
|---|---|---|
| committer |   Armin Kuster <akuster808@gmail.com> | 2023-06-17 14:21:38 -0400 |
| commit | 9d203efe8f01fa7d433a52ae1098cb27ede07119 (patch) | |
| tree | bc6db03a2ead95960d7c347e33e37fc0525d6991 /meta-networking/recipes-connectivity/samba/samba_4.14.14.bb | |
| parent | 25dcf4d65b7d84ba24d0090d6283801ecae16546 (diff) | |
| download | meta-openembedded-contrib-9d203efe8f01fa7d433a52ae1098cb27ede07119.tar.gz | |
samba: fix CVE-2022-3437
A heap-based buffer overflow vulnerability was found in Samba within
the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The
DES and Triple-DES decryption routines in the Heimdal GSSAPI library
allow a length-limited write buffer overflow on malloc() allocated
memory when presented with a maliciously small packet. This flaw
allows a remote user to send specially crafted malicious data to the
application, possibly resulting in a denial of service (DoS) attack.
References:
https://nvd.nist.gov/vuln/detail/CVE-2022-3437
Upstream patches:
https://github.com/heimdal/heimdal/commit/f6edaafcfefd843ca1b1a041f942a853d85ee7c3
https://github.com/heimdal/heimdal/commit/c9cc34334bd64b08fe91a2f720262462e9f6bb49
https://github.com/heimdal/heimdal/commit/a587a4bcb28d5b9047f332573b1e7c8f89ca3edd
https://github.com/heimdal/heimdal/commit/c758910eaad3c0de2cfb68830a661c4739675a7d
https://github.com/heimdal/heimdal/commit/414b2a77fd61c26d64562e3800dc5578d9d0f15d
https://github.com/heimdal/heimdal/commit/be9bbd93ed8f204b4bc1b92d1bc3c16aac194696
https://github.com/heimdal/heimdal/commit/c8407ca079294d76a5ed140ba5b546f870d23ed2
https://github.com/heimdal/heimdal/commit/8fb508a25a6a47289c73e3f4339352a73a396eef
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Diffstat (limited to 'meta-networking/recipes-connectivity/samba/samba_4.14.14.bb')
| -rw-r--r-- | meta-networking/recipes-connectivity/samba/samba_4.14.14.bb | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/meta-networking/recipes-connectivity/samba/samba_4.14.14.bb b/meta-networking/recipes-connectivity/samba/samba_4.14.14.bb index 53526a26b6..39ba851942 100644 --- a/meta-networking/recipes-connectivity/samba/samba_4.14.14.bb +++ b/meta-networking/recipes-connectivity/samba/samba_4.14.14.bb @@ -22,6 +22,14 @@ SRC_URI = "${SAMBA_MIRROR}/stable/samba-${PV}.tar.gz \ file://0005-samba-build-dnsserver_common-code.patch \ file://0001-Fix-pyext_PATTERN-for-cross-compilation.patch \ file://0001-smbtorture-skip-test-case-tfork_cmd_send.patch \ + file://CVE-2022-3437-0001.patch;patchdir=source4/heimdal \ + file://CVE-2022-3437-0002.patch;patchdir=source4/heimdal \ + file://CVE-2022-3437-0003.patch;patchdir=source4/heimdal \ + file://CVE-2022-3437-0004.patch;patchdir=source4/heimdal \ + file://CVE-2022-3437-0005.patch;patchdir=source4/heimdal \ + file://CVE-2022-3437-0006.patch;patchdir=source4/heimdal \ + file://CVE-2022-3437-0007.patch;patchdir=source4/heimdal \ + file://CVE-2022-3437-0008.patch;patchdir=source4/heimdal \ " SRC_URI:append:libc-musl = " \ |