Recommended
Released:
Feb 8, 2023 Updated: Aug 31, 2023
Wind River Security Vulnerability Notice: Hot fix of 24 CVE issues for LTS23 GA release
Wind River Linux LTS 23
The release of WRLinux LTS23 GA is imminent, and 24 recently published CVE issues have missed this release.
Here we will fix all these CVE through hotpatch, they will be included into later releases.
CVE list:
- bind - CVE-2023-2828
- bind - CVE-2023-2911
- frr - CVE-2023-41358
- frr - CVE-2023-41360
- hwloc - CVE-2022-47022
- inetutils - CVE-2023-40303
- iperf3 - CVE-2023-3840
- iperf3 - CVE-2023-38403
- ncurses - CVE-2023-29491
- nodejs - CVE-2022-25883
- nodejs - CVE-2023-30581
- nodejs - CVE-2023-30585
- nodejs - CVE-2023-30588
- nodejs - CVE-2023-30589
- nodejs - CVE-2023-30590
- nodejs - CVE-2023-32002
- nodejs - CVE-2023-32006
- nodejs - CVE-2023-32559
- openssh - CVE-2023-38408
- php - CVE-2023-3824
- python3-git - CVE-2023-40267
- redis - CVE-2022-24834
- redis - CVE-2023-36824
- vim - CVE-2023-3896
Hot patch
Two hot patches for layer "oe-core" and "meta-openembedded".
$ cd layers/meta-openembedded/
$ tar xzvf /path/to/0001-meta-openembedded.tar.gz
$ git am /path/to/0001-meta-openembedded/*.patch
$ cd layers/oe-core
$ tar xzvf /path/to/0009-oe-core.tar.gz
$ git am /path/to/0009-oe-core/*.patch