Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2019-19945: Commits · openwrt/openwrt

uhttpd in OpenWrt through 18.06.5 and 19.x through 19.07.0-rc2 has an integer signedness error. This leads to out-of-bounds access to a heap buffer and a subsequent crash. It can be triggered with an HTTP POST request to a CGI script, specifying both “Transfer-Encoding: chunked” and a large negative Content-Length value.

CVE
Open in Source
#mac#linux#wifi

Commits on May 23, 2023

  1. ubnt-ledbar: add kernel 6.1 compat

    As of ed5c2f5fd10d (“i2c: Make remove callback return void”) return value of remove function is ignored.

    Signed-off-by: Tomasz Maciej Nowak [email protected]

  1. kernel: qca-ssdk: backport support for building as kernel module

    Currently, SSDK is rather special in the sense that its not being built as a proper out of tree module at all but rather like a userspace application and that involves a lot of make magic which unfortunately broke with make version 4.4 and newer.

    Luckily QCA finally added a way to build SSDK as an out of tree module and it uses the kernel buildsystem which makes it compile with make 4.4 as well. So lets backport the support for it and switch to using it.

    Signed-off-by: Robert Marko [email protected]

  1. prereq: SetupHostCommand: fix wrong check result
Tony has reported, that CI tools job is failing for him in macOS
container due to prereq check failure for GNU \`install\` utility.

Michael diagnosed it and from his traces it was clear, that the issue is
caused by a wrong return value in the success check case, so lets fix it
accordingly.

Fixes: f752040 ("prereq-build: allow host command symlinks to update")
Reported-by: Tony Ambardar <[email protected]>
Diagnosed-by: Michael Pratt <[email protected]>
Signed-off-by: Petr Štetiar <[email protected]>

ynezz committed

May 23, 2023
  1. mediatek: add driver for built-in 2.5G Ethernet PHY
Add driver for the built-in 2.5G Ethernet PHY found in the MT7988 SoC.
To function the PHY also needs firmware files which have not yet been
published via linux-firmware.

Signed-off-by: Daniel Golle <[email protected]>
  1. generic: mt7530: backport support for the MT7988 built-in switch
Backport commits adding support for the MT7988 built-in switch to the
mt7530 driver.

This change results in the Kconfig symbol NET\_DSA\_MT7530 to be extended
by NET\_DSA\_MT7530\_MDIO (everything formally covered by NET\_DSA\_MT7530)
and NET\_DSA\_MT7530\_MMIO (a new driver for the MMIO-connected built-in
switch of the MT7988 SoC).

Select NET\_DSA\_MT7530\_MDIO for all targets previously selecting
NET\_DSA\_MT7530, with the exception of mediatek/filogic which also
selects NET\_DSA\_MT7530\_MMIO.

Signed-off-by: Daniel Golle <[email protected]>
  1. generic: add support for MediaTek NETSYS v3
In order to support Ethernet on the MT7988 SoC add support for NETSYS v3
as well as new paths and USXGMII SerDes to the mtk\_eth\_soc driver.

Signed-off-by: Daniel Golle <[email protected]>
  1. mediatek: add mt7988 pinctrl driver support
This adds provisional pinctrl driver support for the MediaTek MT7988 SoC.

Signed-off-by: Sam Shih <[email protected]>
Signed-off-by: Daniel Golle <[email protected]>
  1. kernel: sort generic configuration
This was done by executing these commands:

$ ./scripts/kconfig.pl '+' target/linux/generic/config-5.15 /dev/null > target/linux/generic/config-5.15-new
$ mv target/linux/generic/config-5.15-new target/linux/generic/config-5.15

$ ./scripts/kconfig.pl '+' target/linux/generic/config-6.1 /dev/null > target/linux/generic/config-6.1-new
$ mv target/linux/generic/config-6.1-new target/linux/generic/config-6.1

Signed-off-by: Aleksander Jan Bajkowski <[email protected]>
  1. mac80211: backport merged version of A-MSDU mesh patch
Kernel 6.1 now has fortify\_memcpy\_chk() and it is causing the following
warning while trying to compile backports:
  CC \[M\]  /home/robimarko/Building/AX3600/ipq807x-5.15/build\_dir/target-aarch64\_cortex-a53\_musl/linux-ipq807x\_generic/backports-6.1.24/net/wireless/util.o
In file included from ./include/linux/string.h:253,
                 from /home/robimarko/Building/AX3600/ipq807x-5.15/build\_dir/target-aarch64\_cortex-a53\_musl/linux-ipq807x\_generic/backports-6.1.24/backport-include/linux/string.h:3,
                 from ./include/linux/bitmap.h:11,
                 from ./include/linux/cpumask.h:12,
                 from ./include/linux/smp.h:13,
                 from ./arch/arm64/include/asm/arch\_timer.h:18,
                 from ./arch/arm64/include/asm/timex.h:8,
                 from ./include/linux/timex.h:67,
                 from ./include/linux/time32.h:13,
                 from ./include/linux/time.h:60,
                 from /home/robimarko/Building/AX3600/ipq807x-5.15/build\_dir/target-aarch64\_cortex-a53\_musl/linux-ipq807x\_generic/backports-6.1.24/backport-include/linux/time.h:3,
                 from ./include/linux/skbuff.h:15,
                 from /home/robimarko/Building/AX3600/ipq807x-5.15/build\_dir/target-aarch64\_cortex-a53\_musl/linux-ipq807x\_generic/backports-6.1.24/backport-include/linux/skbuff.h:3,
                 from ./include/linux/if\_ether.h:19,
                 from /home/robimarko/Building/AX3600/ipq807x-5.15/build\_dir/target-aarch64\_cortex-a53\_musl/linux-ipq807x\_generic/backports-6.1.24/backport-include/linux/if\_ether.h:3,
                 from ./include/linux/etherdevice.h:20,
                 from /home/robimarko/Building/AX3600/ipq807x-5.15/build\_dir/target-aarch64\_cortex-a53\_musl/linux-ipq807x\_generic/backports-6.1.24/backport-include/linux/etherdevice.h:3,
                 from /home/robimarko/Building/AX3600/ipq807x-5.15/build\_dir/target-aarch64\_cortex-a53\_musl/linux-ipq807x\_generic/backports-6.1.24/net/wireless/util.c:12:
In function 'fortify\_memcpy\_chk',
    inlined from 'ieee80211\_strip\_8023\_mesh\_hdr' at /home/robimarko/Building/AX3600/ipq807x-5.15/build\_dir/target-aarch64\_cortex-a53\_musl/linux-ipq807x\_generic/backports-6.1.24/net/wireless/util.c:590:3:
./include/linux/fortify-string.h:404:25: error: call to '\_\_write\_overflow\_field' declared with attribute warning: detected write beyond size of field (1st parameter); maybe use struct\_group()? \[-Werror=attribute-warning\]
  404 |                         \_\_write\_overflow\_field(p\_size\_field, size);
      |                         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors

This issue was fixed in the final version of
("wifi: mac80211: fix receiving A-MSDU frames on mesh interfaces") that was
merged upstream but we have a older version that is using:
memcpy(&payload.eth.h\_dest, mesh\_addr, 2 \* ETH\_ALEN);
instead of:
memcpy(&payload.eth, mesh\_addr, 2 \* ETH\_ALEN);

So, lets just backport the merged version of patch to fix the issue.

Signed-off-by: Robert Marko <[email protected]>

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE