MIRRORS/poky
1
0
Fork 0
mirror of git://git.yoctoproject.org/poky.git synced 2025-08-22 00:42:05 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
yocto-4.0.28
poky/meta/recipes-connectivity/connman
History
Praveen Kumar 23a8405509 connman :fix CVE-2025-32366 
In ConnMan through 1.44, parse_rr in dnsproxy.c has a memcpy length
that depends on an RR RDLENGTH value, i.e., *rdlen=ntohs(rr->rdlen)
and memcpy(response+offset,*end,*rdlen) without a check for whether
the sum of *end and *rdlen exceeds max. Consequently, *rdlen may be
larger than the amount of remaining packet data in the current state
of parsing. Values of stack memory locations may be sent over the
network in a response.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-32366

Upstream-patch:
https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=8d3be0285f1d4667bfe85dba555c663eb3d704b4

(From OE-Core rev: 1b9156124b4a07e0e3e0ab09e87d654eae6c7b4e)

Signed-off-by: Praveen Kumar <praveen.kumar@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-05-28 08:46:32 -07:00
..
connman connman :fix CVE-2025-32366 2025-05-28 08:46:32 -07:00
connman-conf connman-conf: ignore eth0 in qemu in a way that is not sysvinit-specific 2022-04-08 17:49:58 +01:00
connman-gnome Revert "connman-gnome: StatusIcon adapts to size changes" 2016-10-05 10:10:11 +01:00
connman_1.41.bb connman :fix CVE-2025-32366 2025-05-28 08:46:32 -07:00
connman-conf.bb connman-conf: ignore eth0 in qemu in a way that is not sysvinit-specific 2022-04-08 17:49:58 +01:00
connman-gnome_0.7.bb meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers 2022-02-20 16:45:25 +00:00
connman.inc connman: fix warning by specifying runstatedir at configure time 2023-07-01 08:37:25 -10:00