package/ofono: security bump to v2.18
This fixes the following vulnerabilities:
- CVE-2023-2794:
A flaw was found in ofono, an Open Source Telephony on Linux. A stack
overflow bug is triggered within the decode_deliver() function during
the SMS decoding. It is assumed that the attack scenario is accessible
from a compromised modem, a malicious base station, or just SMS. There
is a bound check for this memcpy length in decode_submit(), but it was
forgotten in decode_deliver().
https://www.cve.org/CVERecord?id=CVE-2023-2794
- CVE-2024-7537:
oFono QMI SMS Handling Out-Of-Bounds Read Information Disclosure
Vulnerability. This vulnerability allows local attackers to disclose
sensitive information on affected installations of oFono.
Authentication is not required to exploit this vulnerability. The
specific flaw exists within the processing of SMS message lists. The
issue results from the lack of proper validation of user-supplied
data, which can result in a read past the end of an allocated buffer.
An attacker can leverage this in conjunction with other
vulnerabilities to execute arbitrary code in the context of root. Was
ZDI-CAN-23157.
https://www.cve.org/CVERecord?id=CVE-2024-7537
- CVE-2024-7539:
oFono CUSD Stack-based Buffer Overflow Code Execution Vulnerability.
This vulnerability allows local attackers to execute arbitrary code on
affected installations of oFono. An attacker must first obtain the
ability to execute code on the target modem in order to exploit this
vulnerability. The specific flaw exists within the parsing of
responses from AT+CUSD commands. The issue results from the lack of
proper validation of the length of user-supplied data prior to copying
it to a stack-based buffer. An attacker can leverage this
vulnerability to execute code in the context of root. Was ZDI-
CAN-23195.
https://www.cve.org/CVERecord?id=CVE-2024-7539
- CVE-2024-7540:
oFono AT CMGL Command Uninitialized Variable Information Disclosure
Vulnerability. This vulnerability allows local attackers to disclose
sensitive information on affected installations of oFono. An attacker
must first obtain the ability to execute code on the target modem in
order to exploit this vulnerability. The specific flaw exists within
the parsing of responses from AT+CMGL commands. The issue results from
the lack of proper initialization of memory prior to accessing it. An
attacker can leverage this in conjunction with other vulnerabilities
to execute arbitrary code in the context of root. Was ZDI-CAN-23307.
https://www.cve.org/CVERecord?id=CVE-2024-7540
- CVE-2024-7541:
oFono AT CMT Command Uninitialized Variable Information Disclosure
Vulnerability. This vulnerability allows local attackers to disclose
sensitive information on affected installations of oFono. An attacker
must first obtain the ability to execute code on the target modem in
order to exploit this vulnerability. The specific flaw exists within
the parsing of responses from AT+CMT commands. The issue results from
the lack of proper initialization of memory prior to accessing it. An
attacker can leverage this in conjunction with other vulnerabilities
to execute arbitrary code in the context of root. Was ZDI-CAN-23308.
https://www.cve.org/CVERecord?id=CVE-2024-7541
- CVE-2024-7542:
oFono AT CMGR Command Uninitialized Variable Information Disclosure
Vulnerability. This vulnerability allows local attackers to disclose
sensitive information on affected installations of oFono. An attacker
must first obtain the ability to execute code on the target modem in
order to exploit this vulnerability. The specific flaw exists within
the parsing of responses from AT+CMGR commands. The issue results from
the lack of proper initialization of memory prior to accessing it. An
attacker can leverage this in conjunction with other vulnerabilities
to execute arbitrary code in the context of root. Was ZDI-CAN-23309.
https://www.cve.org/CVERecord?id=CVE-2024-7542
Also drop local patch that is no longer applicable, since upstream now
relies on HAS_BACKTRACE as well.
Signed-off-by: Titouan Christophe <titouan.christophe@mind.be>
Reviewed-by: Petr Vorel <petr.vorel@gmail.com>
[Julien: remove .checkpackageignore entry to fix check-package error]
Signed-off-by: Julien Olivain <ju.o@free.fr>
This commit is contained in:
Titouan Christophe
committed by
Julien Olivain
Julien Olivain
parent
5927f9778f
commit
611a795cfc
@@ -861,7 +861,6 @@ package/ntpsec/0001-wscript-remove-checks-for-bsd-string.h-fixes-host-co.patch l
|
||||
package/nuttcp/0001-susv3-legacy.patch lib_patch.Upstream
|
||||
package/nvidia-driver/0001-use-LDFLAGS.patch lib_patch.Upstream
|
||||
package/octave/0001-Fix-BLAS-library-integer-size-detection.patch lib_patch.Upstream
|
||||
package/ofono/0001-uclibc-backtrace.patch lib_patch.Upstream
|
||||
package/ofono/S46ofono lib_sysv.Variables
|
||||
package/ola/0001-ola-fix-compilation-with-musl-1-2-3.patch lib_patch.Upstream
|
||||
package/olsr/0001-olsrd-migrate-to-using-bison-3.7.1.patch lib_patch.Upstream
|
||||
|
||||
@@ -1,49 +0,0 @@
|
||||
[PATCH] fix build on uClibc without UCLIBC_HAS_BACKTRACE
|
||||
|
||||
Backtrace support is only used for logging on signal errors, which
|
||||
isn't really critical, so simply remove backtrace info if not
|
||||
available in uClibc.
|
||||
|
||||
NOTE: based on patch from Peter Korsgaard <jacmet@sunsite.dk>
|
||||
|
||||
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
|
||||
---
|
||||
--- ofono-1.7.orig/src/log.c
|
||||
+++ ofono-1.7/src/log.c
|
||||
@@ -30,7 +30,8 @@
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <syslog.h>
|
||||
-#ifdef __GLIBC__
|
||||
+#if defined(__GLIBC__) && !(defined(__UCLIBC__) && !defined (__UCLIBC_HAS_BACKTRACE__))
|
||||
+#define HAVE_BACKTRACE
|
||||
#include <execinfo.h>
|
||||
#endif
|
||||
#include <dlfcn.h>
|
||||
@@ -115,7 +116,7 @@
|
||||
va_end(ap);
|
||||
}
|
||||
|
||||
-#ifdef __GLIBC__
|
||||
+#ifdef HAVE_BACKTRACE
|
||||
static void print_backtrace(unsigned int offset)
|
||||
{
|
||||
void *frames[99];
|
||||
@@ -312,7 +313,7 @@
|
||||
if (detach == FALSE)
|
||||
option |= LOG_PERROR;
|
||||
|
||||
-#ifdef __GLIBC__
|
||||
+#ifdef HAVE_BACKTRACE
|
||||
signal_setup(signal_handler);
|
||||
#endif
|
||||
|
||||
@@ -329,7 +330,7 @@
|
||||
|
||||
closelog();
|
||||
|
||||
-#ifdef __GLIBC__
|
||||
+#ifdef HAVE_BACKTRACE
|
||||
signal_setup(SIG_DFL);
|
||||
#endif
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
# From https://www.kernel.org/pub/linux/network/ofono/sha256sums.asc
|
||||
sha256 5e13121c0f885a81ad882db065549ea13477abbcc219f150b38a8d2ac92521de ofono-2.2.tar.xz
|
||||
sha256 f74c3bba7ebac488fed7bcfa6113b0e39e723d2e1a24b53f79c9f18a1c85dd00 ofono-2.18.tar.xz
|
||||
# Locally computed
|
||||
sha256 e6d6a009505e345fe949e1310334fcb0747f28dae2856759de102ab66b722cb4 COPYING
|
||||
|
||||
@@ -4,7 +4,7 @@
|
||||
#
|
||||
################################################################################
|
||||
|
||||
OFONO_VERSION = 2.2
|
||||
OFONO_VERSION = 2.18
|
||||
OFONO_SOURCE = ofono-$(OFONO_VERSION).tar.xz
|
||||
OFONO_SITE = $(BR2_KERNEL_MIRROR)/linux/network/ofono
|
||||
OFONO_LICENSE = GPL-2.0
|
||||
|
||||
Reference in New Issue
Block a user