code.ossystems Code Review - openembedded-core.git/commit

author	Steve Sakoman <steve@sakoman.com>
	Mon, 7 Feb 2022 16:26:40 +0000 (06:26 -1000)
committer	Steve Sakoman <steve@sakoman.com>
	Wed, 9 Feb 2022 14:45:36 +0000 (04:45 -1000)
commit	b8d925c1443c84500df74958aa2f75113b992453
tree	57903b62c1325009054734f41a950949773646ce	tree \| snapshot
parent	6a0c9607656970c669ff12cdafd39f4fb7082f6c	commit \| diff

connman: fix CVE-2022-23096-7

An issue was discovered in the DNS proxy in Connman through 1.40.
The TCP server reply implementation lacks a check for the presence
of sufficient Header Data, leading to an out-of-bounds read (CVE-2022-23096)

An issue was discovered in the DNS proxy in Connman through 1.40.
forward_dns_reply mishandles a strnlen call, leading to an out-of-bounds
read (CVE-2022-23097)

Backport patch from:
https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=e5a313736e13c90d19085e953a26256a198e4950

CVE: CVE-2022-23096 CVE-2022-23097

Signed-off-by: Steve Sakoman

meta/recipes-connectivity/connman/connman/CVE-2022-23096-7.patch	[new file with mode: 0644]	blob
meta/recipes-connectivity/connman/connman_1.37.bb		diff \| blob \| history