git.ipfire.org Git - thirdparty/openembedded/openembedded-core.git/commit

author	Ross Burton <ross.burton@arm.com>
	Mon, 3 Nov 2025 14:21:46 +0000 (14:21 +0000)
committer	Richard Purdie <richard.purdie@linuxfoundation.org>
	Thu, 6 Nov 2025 15:09:29 +0000 (15:09 +0000)
commit	f9331b42fd8b0df64517969a794a93d41624bd96
tree	ba40a585233c936564472ca0cacccd6e6a6fe197	tree
parent	a15e1ac27bc1ec9465c91d5c78a0e563ce76ebe4	commit \| diff

kea: fix CVE-2025-11232

Backport a patch from upstream to resolve CVE-2025-11232:

  Invalid characters cause assert

  To trigger the issue, three configuration parameters must have
  specific settings: "hostname-char-set" must be left at the default
  setting, which is "[^A-Za-z0-9.-]"; "hostname-char-replacement" must
  be empty (the default); and "ddns-qualifying-suffix" must NOT be empty
  (the default is empty). DDNS updates do not need to be enabled for
  this issue to manifest. A client that sends certain option content
  would then cause kea-dhcp4 to exit unexpectedly.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

meta/recipes-connectivity/kea/files/CVE-2025-11232.patch	[new file with mode: 0644]	blob
meta/recipes-connectivity/kea/kea_3.0.1.bb		diff \| blob \| blame \| history