Wind River Support Network

HomeSafety and Security NoticesWind River Security Vulnerability Notice: Hot fix of 24 CVE issues for LTS23 GA release

Recommended

Wind River Security Vulnerability Notice: Hot fix of 24 CVE issues for LTS23 GA release

Released: Feb 8, 2023 Updated: Aug 31, 2023

Summary

Wind River Security Vulnerability Notice: Hot fix of 24 CVE issues for LTS23 GA release

Affected Product Versions

Wind River Linux LTS 23

Downloads

Hotfix for layer meta-openembedded

Hotfix for layer oe-core

Description

The release of WRLinux LTS23 GA is imminent, and 24 recently published CVE issues have missed this release.

Here we will fix all these CVE through hotpatch, they will be included into later releases.

CVE list:

- bind - CVE-2023-2828
- bind - CVE-2023-2911
- frr - CVE-2023-41358
- frr - CVE-2023-41360
- hwloc - CVE-2022-47022
- inetutils - CVE-2023-40303
- iperf3 - CVE-2023-3840
- iperf3 - CVE-2023-38403
- ncurses - CVE-2023-29491
- nodejs - CVE-2022-25883
- nodejs - CVE-2023-30581
- nodejs - CVE-2023-30585
- nodejs - CVE-2023-30588
- nodejs - CVE-2023-30589
- nodejs - CVE-2023-30590
- nodejs - CVE-2023-32002
- nodejs - CVE-2023-32006
- nodejs - CVE-2023-32559
- openssh - CVE-2023-38408
- php - CVE-2023-3824
- python3-git - CVE-2023-40267
- redis - CVE-2022-24834
- redis - CVE-2023-36824
- vim - CVE-2023-3896

Hot patch

Two hot patches for layer "oe-core" and "meta-openembedded".

Changelog

8/31/2023: Initial

Installation Notes

$ cd layers/meta-openembedded/
$ tar xzvf /path/to/0001-meta-openembedded.tar.gz
$ git am /path/to/0001-meta-openembedded/*.patch

$ cd layers/oe-core
$ tar xzvf /path/to/0009-oe-core.tar.gz
$ git am /path/to/0009-oe-core/*.patch