* [oe][meta-networking][kirkstone][PATCH 1/1] samba: fix CVE-2022-41916 @ 2023-06-15 10:06 Archana Polampalli 2023-06-15 10:47 ` Sanjaykumar kantibhai Chitroda -X (schitrod - E-INFO CHIPS INC at Cisco) 0 siblings, 1 reply; 8+ messages in thread From: Archana Polampalli @ 2023-06-15 10:06 UTC (permalink / raw) To: openembedded-devel; +Cc: Hari.GPillai Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Versions prior to 7.7.1 are vulnerable to a denial of service vulnerability in Heimdal's PKI certificate validation library, affecting the KDC (via PKINIT) and kinit (via PKINIT), as well as any third-party applications using Heimdal's libhx509. Users should upgrade to Heimdal 7.7.1 or 7.8. There are no known workarounds for this issue. References: https://nvd.nist.gov/vuln/detail/CVE-2022-41916 Upstream patches: https://github.com/heimdal/heimdal/commit/eb87af0c2d189c25294c7daf483a47b03af80c2c Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> --- .../samba/samba/CVE-2022-41916.patch | 41 +++++++++++++++++++ .../samba/samba_4.14.14.bb | 1 + 2 files changed, 42 insertions(+) create mode 100644 meta-networking/recipes-connectivity/samba/samba/CVE-2022-41916.patch diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2022-41916.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2022-41916.patch new file mode 100644 index 000000000..055e4060e --- /dev/null +++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2022-41916.patch @@ -0,0 +1,41 @@ +From eb87af0c2d189c25294c7daf483a47b03af80c2c Mon Sep 17 00:00:00 2001 +From: Jeffrey Altman <jaltman@secure-endpoints.com> +Date: Wed, 17 Nov 2021 20:00:29 -0500 +Subject: [PATCH] lib/wind: find_normalize read past end of array + +find_normalize() can under some circumstances read one element +beyond the input array. The contents are discarded immediately +without further use. + +This change prevents the unintended read. + +(cherry picked from commit 357a38fc7fb582ae73f4b7f4a90a4b0b871b149e) + +Change-Id: Ia2759a5632d64f7fa6553f879b5bbbf43ba3513e + +Upstream-Status: Backport +CVE: CVE-2022-41916 + +Reference to upstream patch: +https://github.com/heimdal/heimdal/commit/eb87af0c2d189c25294c7daf483a47b03af80c2c + +Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> +--- + lib/wind/normalize.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/wind/normalize.c b/lib/wind/normalize.c +index 20e8a4a04b..8f3991d10e 100644 +--- a/lib/wind/normalize.c ++++ b/lib/wind/normalize.c +@@ -227,9 +227,9 @@ find_composition(const uint32_t *in, unsigned in_len) + unsigned i; + + if (n % 5 == 0) { +- cur = *in++; + if (in_len-- == 0) + return c->val; ++ cur = *in++; + } + + i = cur >> 16; diff --git a/meta-networking/recipes-connectivity/samba/samba_4.14.14.bb b/meta-networking/recipes-connectivity/samba/samba_4.14.14.bb index cc07d51dc..fcec63752 100644 --- a/meta-networking/recipes-connectivity/samba/samba_4.14.14.bb +++ b/meta-networking/recipes-connectivity/samba/samba_4.14.14.bb @@ -31,6 +31,7 @@ SRC_URI = "${SAMBA_MIRROR}/stable/samba-${PV}.tar.gz \ file://CVE-2022-3437-0007.patch;patchdir=source4/heimdal \ file://CVE-2022-3437-0008.patch;patchdir=source4/heimdal \ file://CVE-2022-45142.patch;patchdir=source4/heimdal \ + file://CVE-2022-41916.patch;patchdir=source4/heimdal \ " SRC_URI:append:libc-musl = " \ -- 2.40.0 ^ permalink raw reply related [flat|nested] 8+ messages in thread
* RE: [oe][meta-networking][kirkstone][PATCH 1/1] samba: fix CVE-2022-41916 2023-06-15 10:06 [oe][meta-networking][kirkstone][PATCH 1/1] samba: fix CVE-2022-41916 Archana Polampalli @ 2023-06-15 10:47 ` Sanjaykumar kantibhai Chitroda -X (schitrod - E-INFO CHIPS INC at Cisco) 2023-06-15 11:10 ` Polampalli, Archana 2023-06-15 17:20 ` [oe][meta-networking][kirkstone][PATCH " Martin Jansa 0 siblings, 2 replies; 8+ messages in thread From: Sanjaykumar kantibhai Chitroda -X (schitrod - E-INFO CHIPS INC at Cisco) @ 2023-06-15 10:47 UTC (permalink / raw) To: archana.polampalli@windriver.com, openembedded-devel@lists.openembedded.org Cc: Hari.GPillai@windriver.com Hi Hari, Regarding format only nothing specific to review of fix, I saw many developers has contributed to samba package fixes. I would be great if we can keep common format inside .patch file as following. ---------------------------------------------- CVE: CVE-2022-41916 Upstream-Status: Backport [https://github.com/heimdal/heimdal/commit/eb87af0c2d18] Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> ---------------------------------------------- Thanks, Sanjay -----Original Message----- From: openembedded-devel@lists.openembedded.org <openembedded-devel@lists.openembedded.org> On Behalf Of Polampalli, Archana via lists.openembedded.org Sent: Thursday, June 15, 2023 3:37 PM To: openembedded-devel@lists.openembedded.org Cc: Hari.GPillai@windriver.com Subject: [oe][meta-networking][kirkstone][PATCH 1/1] samba: fix CVE-2022-41916 Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Versions prior to 7.7.1 are vulnerable to a denial of service vulnerability in Heimdal's PKI certificate validation library, affecting the KDC (via PKINIT) and kinit (via PKINIT), as well as any third-party applications using Heimdal's libhx509. Users should upgrade to Heimdal 7.7.1 or 7.8. There are no known workarounds for this issue. References: https://nvd.nist.gov/vuln/detail/CVE-2022-41916 Upstream patches: https://github.com/heimdal/heimdal/commit/eb87af0c2d189c25294c7daf483a47b03af80c2c Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> --- ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [oe][meta-networking][kirkstone][PATCH 1/1] samba: fix CVE-2022-41916 2023-06-15 10:47 ` Sanjaykumar kantibhai Chitroda -X (schitrod - E-INFO CHIPS INC at Cisco) @ 2023-06-15 11:10 ` Polampalli, Archana 2023-06-15 12:01 ` [meta-networking][kirkstone][PATCH " DC 2023-06-15 16:12 ` [oe][meta-networking][kirkstone][PATCH " Sanjaykumar kantibhai Chitroda -X (schitrod - E-INFO CHIPS INC at Cisco) 2023-06-15 17:20 ` [oe][meta-networking][kirkstone][PATCH " Martin Jansa 1 sibling, 2 replies; 8+ messages in thread From: Polampalli, Archana @ 2023-06-15 11:10 UTC (permalink / raw) To: Sanjaykumar kantibhai Chitroda -X (schitrod - E-INFO CHIPS INC at Cisco), openembedded-devel@lists.openembedded.org Cc: G Pillai, Hari [-- Attachment #1: Type: text/plain, Size: 2302 bytes --] Hi Sanjay, Thank you for you're review comment on patch format. Shall I send V2 with updated format?. Regards, Archana ________________________________ From: Sanjaykumar kantibhai Chitroda -X (schitrod - E-INFO CHIPS INC at Cisco) <schitrod@cisco.com> Sent: Thursday, June 15, 2023 4:17 PM To: Polampalli, Archana <Archana.Polampalli@windriver.com>; openembedded-devel@lists.openembedded.org <openembedded-devel@lists.openembedded.org> Cc: G Pillai, Hari <Hari.GPillai@windriver.com> Subject: RE: [oe][meta-networking][kirkstone][PATCH 1/1] samba: fix CVE-2022-41916 CAUTION: This email comes from a non Wind River email account! Do not click links or open attachments unless you recognize the sender and know the content is safe. Hi Hari, Regarding format only nothing specific to review of fix, I saw many developers has contributed to samba package fixes. I would be great if we can keep common format inside .patch file as following. ---------------------------------------------- CVE: CVE-2022-41916 Upstream-Status: Backport [https://github.com/heimdal/heimdal/commit/eb87af0c2d18] Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> ---------------------------------------------- Thanks, Sanjay -----Original Message----- From: openembedded-devel@lists.openembedded.org <openembedded-devel@lists.openembedded.org> On Behalf Of Polampalli, Archana via lists.openembedded.org Sent: Thursday, June 15, 2023 3:37 PM To: openembedded-devel@lists.openembedded.org Cc: Hari.GPillai@windriver.com Subject: [oe][meta-networking][kirkstone][PATCH 1/1] samba: fix CVE-2022-41916 Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Versions prior to 7.7.1 are vulnerable to a denial of service vulnerability in Heimdal's PKI certificate validation library, affecting the KDC (via PKINIT) and kinit (via PKINIT), as well as any third-party applications using Heimdal's libhx509. Users should upgrade to Heimdal 7.7.1 or 7.8. There are no known workarounds for this issue. References: https://nvd.nist.gov/vuln/detail/CVE-2022-41916 Upstream patches: https://github.com/heimdal/heimdal/commit/eb87af0c2d189c25294c7daf483a47b03af80c2c Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> --- [-- Attachment #2: Type: text/html, Size: 4694 bytes --] ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [meta-networking][kirkstone][PATCH 1/1] samba: fix CVE-2022-41916 2023-06-15 11:10 ` Polampalli, Archana @ 2023-06-15 12:01 ` DC 2023-06-15 16:12 ` [oe][meta-networking][kirkstone][PATCH " Sanjaykumar kantibhai Chitroda -X (schitrod - E-INFO CHIPS INC at Cisco) 1 sibling, 0 replies; 8+ messages in thread From: DC @ 2023-06-15 12:01 UTC (permalink / raw) To: openembedded-devel [-- Attachment #1: Type: text/plain, Size: 552 bytes --] Hi Archana, Thank-you for the patch. I personally don't see the need to send a v2. All your previous patches are submitted in the same format as this one and there has not been any issue. So, there is no need to change the format as long as your format matches the guidelines. If there are any changes needed in format or if there is anything that needs to be corrected, maintainers will give you a feedback in anything which they feel is not in accordance with the guidelines. Thank-you for continous work on the Fixes. Regards, DC [-- Attachment #2: Type: text/html, Size: 595 bytes --] ^ permalink raw reply [flat|nested] 8+ messages in thread
* RE: [oe][meta-networking][kirkstone][PATCH 1/1] samba: fix CVE-2022-41916 2023-06-15 11:10 ` Polampalli, Archana 2023-06-15 12:01 ` [meta-networking][kirkstone][PATCH " DC @ 2023-06-15 16:12 ` Sanjaykumar kantibhai Chitroda -X (schitrod - E-INFO CHIPS INC at Cisco) 2023-06-15 16:55 ` [meta-networking][kirkstone][PATCH " DC 1 sibling, 1 reply; 8+ messages in thread From: Sanjaykumar kantibhai Chitroda -X (schitrod - E-INFO CHIPS INC at Cisco) @ 2023-06-15 16:12 UTC (permalink / raw) To: Polampalli, Archana, openembedded-devel@lists.openembedded.org Cc: G Pillai, Hari [-- Attachment #1: Type: text/plain, Size: 3463 bytes --] Hi Archana, As I mentioned it will be advisable and good if we can make standard format. We don't have strict guideline for this, but we always recommend to follow this, specifically for CVE patches. We would appreciate, If you can consider this point and share the updated patchset. Thanks, Sanjay From: Polampalli, Archana <Archana.Polampalli@windriver.com> Sent: Thursday, June 15, 2023 4:40 PM To: Sanjaykumar kantibhai Chitroda -X (schitrod - E-INFO CHIPS INC at Cisco) <schitrod@cisco.com>; openembedded-devel@lists.openembedded.org Cc: G Pillai, Hari <Hari.GPillai@windriver.com> Subject: Re: [oe][meta-networking][kirkstone][PATCH 1/1] samba: fix CVE-2022-41916 Hi Sanjay, Thank you for you're review comment on patch format. Shall I send V2 with updated format?. Regards, Archana ________________________________ From: Sanjaykumar kantibhai Chitroda -X (schitrod - E-INFO CHIPS INC at Cisco) <schitrod@cisco.com<mailto:schitrod@cisco.com>> Sent: Thursday, June 15, 2023 4:17 PM To: Polampalli, Archana <Archana.Polampalli@windriver.com<mailto:Archana.Polampalli@windriver.com>>; openembedded-devel@lists.openembedded.org<mailto:openembedded-devel@lists.openembedded.org> <openembedded-devel@lists.openembedded.org<mailto:openembedded-devel@lists.openembedded.org>> Cc: G Pillai, Hari <Hari.GPillai@windriver.com<mailto:Hari.GPillai@windriver.com>> Subject: RE: [oe][meta-networking][kirkstone][PATCH 1/1] samba: fix CVE-2022-41916 CAUTION: This email comes from a non Wind River email account! Do not click links or open attachments unless you recognize the sender and know the content is safe. Hi Hari, Regarding format only nothing specific to review of fix, I saw many developers has contributed to samba package fixes. I would be great if we can keep common format inside .patch file as following. ---------------------------------------------- CVE: CVE-2022-41916 Upstream-Status: Backport [https://github.com/heimdal/heimdal/commit/eb87af0c2d18] Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com<mailto:archana.polampalli@windriver.com>> ---------------------------------------------- Thanks, Sanjay -----Original Message----- From: openembedded-devel@lists.openembedded.org<mailto:openembedded-devel@lists.openembedded.org> <openembedded-devel@lists.openembedded.org<mailto:openembedded-devel@lists.openembedded.org>> On Behalf Of Polampalli, Archana via lists.openembedded.org Sent: Thursday, June 15, 2023 3:37 PM To: openembedded-devel@lists.openembedded.org<mailto:openembedded-devel@lists.openembedded.org> Cc: Hari.GPillai@windriver.com<mailto:Hari.GPillai@windriver.com> Subject: [oe][meta-networking][kirkstone][PATCH 1/1] samba: fix CVE-2022-41916 Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Versions prior to 7.7.1 are vulnerable to a denial of service vulnerability in Heimdal's PKI certificate validation library, affecting the KDC (via PKINIT) and kinit (via PKINIT), as well as any third-party applications using Heimdal's libhx509. Users should upgrade to Heimdal 7.7.1 or 7.8. There are no known workarounds for this issue. References: https://nvd.nist.gov/vuln/detail/CVE-2022-41916 Upstream patches: https://github.com/heimdal/heimdal/commit/eb87af0c2d189c25294c7daf483a47b03af80c2c Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com<mailto:archana.polampalli@windriver.com>> --- [-- Attachment #2: Type: text/html, Size: 8456 bytes --] ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [meta-networking][kirkstone][PATCH 1/1] samba: fix CVE-2022-41916 2023-06-15 16:12 ` [oe][meta-networking][kirkstone][PATCH " Sanjaykumar kantibhai Chitroda -X (schitrod - E-INFO CHIPS INC at Cisco) @ 2023-06-15 16:55 ` DC 0 siblings, 0 replies; 8+ messages in thread From: DC @ 2023-06-15 16:55 UTC (permalink / raw) To: openembedded-devel [-- Attachment #1: Type: text/plain, Size: 452 bytes --] Hi Sanjay, Thank-you for your intention to help but i feel the patch is fine and follows all the guidelines and even Khem or Armin will have the same opinion. I would request you to let maintainers provide feedback if there are any corrections needed on any patchset submitted. Everyone giving feedbacks would make the platform a bit messy. and rest assured, if there are any mistakes, the maintainers would do point it out. Thanks, DC [-- Attachment #2: Type: text/html, Size: 490 bytes --] ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [oe][meta-networking][kirkstone][PATCH 1/1] samba: fix CVE-2022-41916 2023-06-15 10:47 ` Sanjaykumar kantibhai Chitroda -X (schitrod - E-INFO CHIPS INC at Cisco) 2023-06-15 11:10 ` Polampalli, Archana @ 2023-06-15 17:20 ` Martin Jansa 2023-06-15 17:24 ` Polampalli, Archana 1 sibling, 1 reply; 8+ messages in thread From: Martin Jansa @ 2023-06-15 17:20 UTC (permalink / raw) To: schitrod Cc: archana.polampalli@windriver.com, openembedded-devel@lists.openembedded.org, Hari.GPillai@windriver.com [-- Attachment #1: Type: text/plain, Size: 2928 bytes --] FWIW: I do agree that a link to upstream patch does belong to Upstream-Status as: "Upstream-Status: Backport [link]" When there are many Backported changes I also prefer to add in which tag they were first included as e.g. "Upstream-Status: Backport [v1.1 link]" to make it more clear which patches are expected to be dropped when upgrading past 1.1 version. And I think it's better than in separate lines used in the .patch: Reference to upstream patch: https://github.com/heimdal/heimdal/commit/eb87af0c2d189c25294c7daf483a47b03af80c2c So I think Sanjay's recommendation is useful one for future patches. Regards, On Thu, Jun 15, 2023 at 12:48 PM Sanjaykumar kantibhai Chitroda -X (schitrod - E-INFO CHIPS INC at Cisco) via lists.openembedded.org <schitrod= cisco.com@lists.openembedded.org> wrote: > Hi Hari, > > Regarding format only nothing specific to review of fix, > > I saw many developers has contributed to samba package fixes. > I would be great if we can keep common format inside .patch file as > following. > > ---------------------------------------------- > CVE: CVE-2022-41916 > Upstream-Status: Backport [ > https://github.com/heimdal/heimdal/commit/eb87af0c2d18] > > Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> > ---------------------------------------------- > > Thanks, > Sanjay > > -----Original Message----- > From: openembedded-devel@lists.openembedded.org < > openembedded-devel@lists.openembedded.org> On Behalf Of Polampalli, > Archana via lists.openembedded.org > Sent: Thursday, June 15, 2023 3:37 PM > To: openembedded-devel@lists.openembedded.org > Cc: Hari.GPillai@windriver.com > Subject: [oe][meta-networking][kirkstone][PATCH 1/1] samba: fix > CVE-2022-41916 > > Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. > Versions prior to 7.7.1 are vulnerable to a denial of service > vulnerability in Heimdal's PKI certificate validation library, affecting > the KDC (via PKINIT) and kinit (via PKINIT), as well as any third-party > applications using Heimdal's libhx509. Users should upgrade to Heimdal > 7.7.1 or 7.8. There are no known workarounds for this issue. > > References: > https://nvd.nist.gov/vuln/detail/CVE-2022-41916 > > Upstream patches: > > https://github.com/heimdal/heimdal/commit/eb87af0c2d189c25294c7daf483a47b03af80c2c > > Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> > --- > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#103297): > https://lists.openembedded.org/g/openembedded-devel/message/103297 > Mute This Topic: https://lists.openembedded.org/mt/99545598/3617156 > Group Owner: openembedded-devel+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [ > Martin.Jansa@gmail.com] > -=-=-=-=-=-=-=-=-=-=-=- > > [-- Attachment #2: Type: text/html, Size: 4955 bytes --] ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [oe][meta-networking][kirkstone][PATCH 1/1] samba: fix CVE-2022-41916 2023-06-15 17:20 ` [oe][meta-networking][kirkstone][PATCH " Martin Jansa @ 2023-06-15 17:24 ` Polampalli, Archana 0 siblings, 0 replies; 8+ messages in thread From: Polampalli, Archana @ 2023-06-15 17:24 UTC (permalink / raw) To: Martin Jansa, schitrod@cisco.com Cc: openembedded-devel@lists.openembedded.org, G Pillai, Hari [-- Attachment #1: Type: text/plain, Size: 5641 bytes --] Thank You, I will send V2. Regards, Archana ________________________________ From: Martin Jansa <martin.jansa@gmail.com> Sent: Thursday, June 15, 2023 10:50 PM To: schitrod@cisco.com <schitrod@cisco.com> Cc: Polampalli, Archana <Archana.Polampalli@windriver.com>; openembedded-devel@lists.openembedded.org <openembedded-devel@lists.openembedded.org>; G Pillai, Hari <Hari.GPillai@windriver.com> Subject: Re: [oe][meta-networking][kirkstone][PATCH 1/1] samba: fix CVE-2022-41916 CAUTION: This email comes from a non Wind River email account! Do not click links or open attachments unless you recognize the sender and know the content is safe. FWIW: I do agree that a link to upstream patch does belong to Upstream-Status as: "Upstream-Status: Backport [link]" When there are many Backported changes I also prefer to add in which tag they were first included as e.g. "Upstream-Status: Backport [v1.1 link]" to make it more clear which patches are expected to be dropped when upgrading past 1.1 version. And I think it's better than in separate lines used in the .patch: Reference to upstream patch: https://github.com/heimdal/heimdal/commit/eb87af0c2d189c25294c7daf483a47b03af80c2c<https://urldefense.com/v3/__https://github.com/heimdal/heimdal/commit/eb87af0c2d189c25294c7daf483a47b03af80c2c__;!!AjveYdw8EvQ!aXghoif6kxXOB1JeT_tpJfR1xIOLXbMovNRhA7X1aIsLT3EF5r21eke8x4umKY8UaiJ1WuneHFGA44mWbtI8IWZX4p_ZVvA$> So I think Sanjay's recommendation is useful one for future patches. Regards, On Thu, Jun 15, 2023 at 12:48 PM Sanjaykumar kantibhai Chitroda -X (schitrod - E-INFO CHIPS INC at Cisco) via lists.openembedded.org<https://urldefense.com/v3/__http://lists.openembedded.org__;!!AjveYdw8EvQ!aXghoif6kxXOB1JeT_tpJfR1xIOLXbMovNRhA7X1aIsLT3EF5r21eke8x4umKY8UaiJ1WuneHFGA44mWbtI8IWZXkqqIrdg$> <schitrod=cisco.com@lists.openembedded.org<mailto:cisco.com@lists.openembedded.org>> wrote: Hi Hari, Regarding format only nothing specific to review of fix, I saw many developers has contributed to samba package fixes. I would be great if we can keep common format inside .patch file as following. ---------------------------------------------- CVE: CVE-2022-41916 Upstream-Status: Backport [https://github.com/heimdal/heimdal/commit/eb87af0c2d18<https://urldefense.com/v3/__https://github.com/heimdal/heimdal/commit/eb87af0c2d18__;!!AjveYdw8EvQ!aXghoif6kxXOB1JeT_tpJfR1xIOLXbMovNRhA7X1aIsLT3EF5r21eke8x4umKY8UaiJ1WuneHFGA44mWbtI8IWZX5ns6WB8$>] Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com<mailto:archana.polampalli@windriver.com>> ---------------------------------------------- Thanks, Sanjay -----Original Message----- From: openembedded-devel@lists.openembedded.org<mailto:openembedded-devel@lists.openembedded.org> <openembedded-devel@lists.openembedded.org<mailto:openembedded-devel@lists.openembedded.org>> On Behalf Of Polampalli, Archana via lists.openembedded.org<https://urldefense.com/v3/__http://lists.openembedded.org__;!!AjveYdw8EvQ!aXghoif6kxXOB1JeT_tpJfR1xIOLXbMovNRhA7X1aIsLT3EF5r21eke8x4umKY8UaiJ1WuneHFGA44mWbtI8IWZXkqqIrdg$> Sent: Thursday, June 15, 2023 3:37 PM To: openembedded-devel@lists.openembedded.org<mailto:openembedded-devel@lists.openembedded.org> Cc: Hari.GPillai@windriver.com<mailto:Hari.GPillai@windriver.com> Subject: [oe][meta-networking][kirkstone][PATCH 1/1] samba: fix CVE-2022-41916 Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Versions prior to 7.7.1 are vulnerable to a denial of service vulnerability in Heimdal's PKI certificate validation library, affecting the KDC (via PKINIT) and kinit (via PKINIT), as well as any third-party applications using Heimdal's libhx509. Users should upgrade to Heimdal 7.7.1 or 7.8. There are no known workarounds for this issue. References: https://nvd.nist.gov/vuln/detail/CVE-2022-41916<https://urldefense.com/v3/__https://nvd.nist.gov/vuln/detail/CVE-2022-41916__;!!AjveYdw8EvQ!aXghoif6kxXOB1JeT_tpJfR1xIOLXbMovNRhA7X1aIsLT3EF5r21eke8x4umKY8UaiJ1WuneHFGA44mWbtI8IWZX4oqHbF8$> Upstream patches: https://github.com/heimdal/heimdal/commit/eb87af0c2d189c25294c7daf483a47b03af80c2c<https://urldefense.com/v3/__https://github.com/heimdal/heimdal/commit/eb87af0c2d189c25294c7daf483a47b03af80c2c__;!!AjveYdw8EvQ!aXghoif6kxXOB1JeT_tpJfR1xIOLXbMovNRhA7X1aIsLT3EF5r21eke8x4umKY8UaiJ1WuneHFGA44mWbtI8IWZX4p_ZVvA$> Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com<mailto:archana.polampalli@windriver.com>> --- -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#103297): https://lists.openembedded.org/g/openembedded-devel/message/103297<https://urldefense.com/v3/__https://lists.openembedded.org/g/openembedded-devel/message/103297__;!!AjveYdw8EvQ!aXghoif6kxXOB1JeT_tpJfR1xIOLXbMovNRhA7X1aIsLT3EF5r21eke8x4umKY8UaiJ1WuneHFGA44mWbtI8IWZXXm_jU_4$> Mute This Topic: https://lists.openembedded.org/mt/99545598/3617156<https://urldefense.com/v3/__https://lists.openembedded.org/mt/99545598/3617156__;!!AjveYdw8EvQ!aXghoif6kxXOB1JeT_tpJfR1xIOLXbMovNRhA7X1aIsLT3EF5r21eke8x4umKY8UaiJ1WuneHFGA44mWbtI8IWZXEAgYcfw$> Group Owner: openembedded-devel+owner@lists.openembedded.org<mailto:openembedded-devel%2Bowner@lists.openembedded.org> Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub<https://urldefense.com/v3/__https://lists.openembedded.org/g/openembedded-devel/unsub__;!!AjveYdw8EvQ!aXghoif6kxXOB1JeT_tpJfR1xIOLXbMovNRhA7X1aIsLT3EF5r21eke8x4umKY8UaiJ1WuneHFGA44mWbtI8IWZXQo6uWyE$> [Martin.Jansa@gmail.com<mailto:Martin.Jansa@gmail.com>] -=-=-=-=-=-=-=-=-=-=-=- [-- Attachment #2: Type: text/html, Size: 8493 bytes --] ^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2023-06-15 17:24 UTC | newest] Thread overview: 8+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2023-06-15 10:06 [oe][meta-networking][kirkstone][PATCH 1/1] samba: fix CVE-2022-41916 Archana Polampalli 2023-06-15 10:47 ` Sanjaykumar kantibhai Chitroda -X (schitrod - E-INFO CHIPS INC at Cisco) 2023-06-15 11:10 ` Polampalli, Archana 2023-06-15 12:01 ` [meta-networking][kirkstone][PATCH " DC 2023-06-15 16:12 ` [oe][meta-networking][kirkstone][PATCH " Sanjaykumar kantibhai Chitroda -X (schitrod - E-INFO CHIPS INC at Cisco) 2023-06-15 16:55 ` [meta-networking][kirkstone][PATCH " DC 2023-06-15 17:20 ` [oe][meta-networking][kirkstone][PATCH " Martin Jansa 2023-06-15 17:24 ` Polampalli, Archana
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.