meta-openembedded

mirror of git://git.openembedded.org/meta-openembedded synced 2026-05-21 01:07:13 +00:00

Go to file

Li Wang aeae0a34cf apache2: fix CVE-2020-13950 CVE-2020-35452 CVE-2021-26690 CVE-2021-26691 CVE-2021-30641

CVE-2020-13950:
Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be
made to crash (NULL pointer dereference) with specially crafted
requests using both Content-Length and Transfer-Encoding headers,
leading to a Denial of Service

References:
https://nvd.nist.gov/vuln/detail/CVE-2020-13950

Upstream patches:
https://bugzilla.redhat.com/show_bug.cgi?id=1966738
8c162db8b6

CVE-2020-35452:
Apache HTTP Server versions 2.4.0 to 2.4.46 A specially
crafted Digest nonce can cause a stack overflow in
mod_auth_digest. There is no report of this overflow
being exploitable, nor the Apache HTTP Server team could
create one, though some particular compiler and/or
compilation option might make it possible, with limited
consequences anyway due to the size (a single byte) and
the value (zero byte) of the overflow

References:
https://nvd.nist.gov/vuln/detail/CVE-2020-35452

Upstream patches:
https://security-tracker.debian.org/tracker/CVE-2020-35452
3b6431eb9c

CVE-2021-26690:
Apache HTTP Server versions 2.4.0 to 2.4.46 A specially
crafted Cookie header handled by mod_session can cause
a NULL pointer dereference and crash, leading to a
possible Denial Of Service

References:
https://nvd.nist.gov/vuln/detail/CVE-2021-26690

Upstream patches:
https://security-tracker.debian.org/tracker/CVE-2021-26690
67bd9bfe6c

CVE-2021-26691:
In Apache HTTP Server versions 2.4.0 to 2.4.46 a
specially crafted SessionHeader sent by an origin server
could cause a heap overflow

References:
https://nvd.nist.gov/vuln/detail/CVE-2021-26691

Upstream patches:
https://bugzilla.redhat.com/show_bug.cgi?id=1966732
7e09dd714f

CVE-2021-30641:
Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected
matching behavior with 'MergeSlashes OFF'

References:
https://nvd.nist.gov/vuln/detail/CVE-2021-30641

Upstream patches:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-30641
6141d5aa3f

Signed-off-by: Li Wang <li.wang@windriver.com>
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit 70b1aa0a4cd4bfd08b6c8d36a76f9b7cf20d61a6)
Signed-off-by: Armin Kuster <akuster808@gmail.com>

2021-07-10 21:15:33 -07:00

contrib

tesseract: upgrade to 3.04

2016-10-21 18:20:43 +02:00

meta-filesystems

fuse: Whitelisted CVE-2019-14860

2021-05-14 10:03:51 -07:00

meta-gnome

gedit: Inherit python3targetconfig

2021-02-19 07:17:12 -08:00

meta-initramfs

ubi-utils-klibc: Remove trailing slash from S

2020-11-09 18:56:22 -08:00

meta-multimedia

libupnp: Fix CVE-2020-13848

2021-04-23 19:13:09 -07:00

meta-networking

dovecot: add CVE-2016-4983 to allowlist

2021-07-06 07:50:13 -07:00

meta-oe

nss: Fix build on Centos 7

2021-06-06 20:42:32 -07:00

meta-perl

libnet-dns-perl: upgrade 1.23 -> 1.24

2020-06-12 09:32:24 -07:00

meta-python

python3-django: upgrade 2.2.23 -> 2.2.24

2021-07-05 15:25:06 -07:00

meta-webserver

apache2: fix CVE-2020-13950 CVE-2020-35452 CVE-2021-26690 CVE-2021-26691 CVE-2021-30641

2021-07-10 21:15:33 -07:00

meta-xfce

thunar: upgrade 1.8.14 -> 1.8.15

2020-05-28 21:50:13 -07:00

.gitignore

.gitignore: add *.pyc and *.pyo

2019-06-15 16:45:33 -07:00

COPYING.MIT

add README and license for this layer

2011-02-13 16:47:32 +01:00

README

README: updated Maintainers list for Dunfell

2020-05-05 16:47:34 -07:00

README

Collection of layers for the OE-core universe

dunfell maintainer: Armin Kuster  <akuster808@gmail.com>

This repository is a collection of layers to suppliment OE-Core
with additional packages, Each layer have designated maintainer
Please see the respective READMEs in the layer subdirectories

Languages

BitBake 85%

Shell 6.2%

C 3%

Roff 2.1%

NASL 1.9%

Other 1.6%