diff options
| author | Ross Burton <ross.burton@arm.com> | 2025-11-03 14:21:46 +0000 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2025-11-06 15:09:32 +0000 |
| commit | 1db7c5487bb9c20b40efef7c31d2a0ec31620d0d (patch) | |
| tree | 63a777f7f1107cb5ec06da015e65783962048e68 /meta-extras/packages/python/python-urlgrabber/git@git.enea.com:linux | |
| parent | 310183b813dea5898aff8d425b5d5c5063af354a (diff) | |
| download | poky-1db7c5487bb9c20b40efef7c31d2a0ec31620d0d.tar.gz | |
kea: fix CVE-2025-11232
Backport a patch from upstream to resolve CVE-2025-11232:
Invalid characters cause assert
To trigger the issue, three configuration parameters must have
specific settings: "hostname-char-set" must be left at the default
setting, which is "[^A-Za-z0-9.-]"; "hostname-char-replacement" must
be empty (the default); and "ddns-qualifying-suffix" must NOT be empty
(the default is empty). DDNS updates do not need to be enabled for
this issue to manifest. A client that sends certain option content
would then cause kea-dhcp4 to exit unexpectedly.
(From OE-Core rev: f9331b42fd8b0df64517969a794a93d41624bd96)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta-extras/packages/python/python-urlgrabber/git@git.enea.com:linux')
0 files changed, 0 insertions, 0 deletions