diff options
author | Yogita Urade <yogita.urade@windriver.com> | 2023-09-08 14:01:15 +0000 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2023-09-09 22:13:24 +0100 |
commit | aa392840d625f5c45832e7ddf60c4dfaba3c4287 (patch) | |
tree | 724b1235b2e603e8b4657c90cbf6ec6eb1d02268 /meta/recipes-core/dropbear/dropbear_2022.83.bb | |
parent | 1a209ef31165049c450018c7722013aa4d983fd8 (diff) | |
download | openembedded-core-aa392840d625f5c45832e7ddf60c4dfaba3c4287.tar.gz |
dropbear: fix CVE-2023-36328
Integer Overflow vulnerability in mp_grow in libtom libtommath before
commit beba892bc0d4e4ded4d667ab1d2a94f4d75109a9, allows attackers to
execute arbitrary code and cause a denial of service (DoS).
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-36328
https://github.com/libtom/libtommath/pull/546
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-core/dropbear/dropbear_2022.83.bb')
-rw-r--r-- | meta/recipes-core/dropbear/dropbear_2022.83.bb | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-core/dropbear/dropbear_2022.83.bb b/meta/recipes-core/dropbear/dropbear_2022.83.bb index 0c7a8f4caa..12ac732f58 100644 --- a/meta/recipes-core/dropbear/dropbear_2022.83.bb +++ b/meta/recipes-core/dropbear/dropbear_2022.83.bb @@ -21,6 +21,7 @@ SRC_URI = "http://matt.ucc.asn.au/dropbear/releases/dropbear-${PV}.tar.bz2 \ file://dropbear.default \ ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \ ${@bb.utils.contains('PACKAGECONFIG', 'disable-weak-ciphers', 'file://dropbear-disable-weak-ciphers.patch', '', d)} \ + file://CVE-2023-36328.patch \ " SRC_URI[sha256sum] = "bc5a121ffbc94b5171ad5ebe01be42746d50aa797c9549a4639894a16749443b" |