aboutsummaryrefslogtreecommitdiffstats
path: root/meta-oe/recipes-support/dstat/dstat_0.7.4.bb
diff options
context:
space:
mode:
authorYi Zhao <yi.zhao@windriver.com>2021-09-06 14:32:53 +0800
committerArmin Kuster <akuster@mvista.com>2021-09-10 13:23:06 -0700
commit06d80777f47891ec876b55212790deb5fef9116e (patch)
tree52c29f0f9737d5c9490c5fdebc32e27ad4881cf2 /meta-oe/recipes-support/dstat/dstat_0.7.4.bb
parent892b724cd147de92dd806235e22c15516931ea64 (diff)
downloadmeta-openembedded-06d80777f47891ec876b55212790deb5fef9116e.tar.gz
meta-openembedded-06d80777f47891ec876b55212790deb5fef9116e.tar.bz2
meta-openembedded-06d80777f47891ec876b55212790deb5fef9116e.zip
krb5: fix CVE-2021-36222
Source: https://git.openembedded.org/meta-openembedded MR: 112165 Type: Security Fix Disposition: Backport from https://git.openembedded.org/meta-openembedded/commit/meta-oe/recipes-connectivity/krb5?id=69087d69d01a4530e2d588036fcbeaf8856b2ff1 ChangeID: e7cdfd1c4530312b4773103cf58d322451af1421 Description: CVE-2021-36222: ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation. References: https://nvd.nist.gov/vuln/detail/CVE-2021-36222 Patches from: https://github.com/krb5/krb5/commit/fc98f520caefff2e5ee9a0026fdf5109944b3562 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 620badcbf8a59fbd2cdda6ab01c4ffba1c3ee327) Signed-off-by: Armin Kuster <akuster808@gmail.com> (cherry picked from commit 523f6d834d2fddb0ecc73c6d7d8b1845f65f5279) [Fixup for Dunfell context] Signed-off-by: Armin Kuster <akuster@mvista.com>
Diffstat (limited to 'meta-oe/recipes-support/dstat/dstat_0.7.4.bb')
0 files changed, 0 insertions, 0 deletions