diff options
author | Yi Zhao <yi.zhao@windriver.com> | 2019-04-15 14:58:34 +0800 |
---|---|---|
committer | Khem Raj <raj.khem@gmail.com> | 2019-04-16 21:07:25 -0700 |
commit | b701de37b4dd3593a1ac557a6863013a26543c85 (patch) | |
tree | b95916541bc4efb1cd84c6c994c31e5c00a0bd8f | |
parent | 3bcb2258fac8402ad13a31ad6418af9109bd6bf2 (diff) | |
download | meta-openembedded-b701de37b4dd3593a1ac557a6863013a26543c85.tar.gz |
netkit-rsh: security fixes
Fix CVE-2019-7282, CVE-2019-7283
References:
https://nvd.nist.gov/vuln/detail/CVE-2019-7282
https://nvd.nist.gov/vuln/detail/CVE-2019-7283
Patch from:
https://sources.debian.org/src/netkit-rsh/0.17-20/debian/patches/fix-CVE-2018-20685-and-CVE-2019-6111.patch
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
-rw-r--r-- | meta-networking/recipes-netkit/netkit-rsh/netkit-rsh/CVE-2019-7282-and-CVE-2019-7283.patch | 33 | ||||
-rw-r--r-- | meta-networking/recipes-netkit/netkit-rsh/netkit-rsh_0.17.bb | 1 |
2 files changed, 34 insertions, 0 deletions
diff --git a/meta-networking/recipes-netkit/netkit-rsh/netkit-rsh/CVE-2019-7282-and-CVE-2019-7283.patch b/meta-networking/recipes-netkit/netkit-rsh/netkit-rsh/CVE-2019-7282-and-CVE-2019-7283.patch new file mode 100644 index 000000000..4381f5bf8 --- /dev/null +++ b/meta-networking/recipes-netkit/netkit-rsh/netkit-rsh/CVE-2019-7282-and-CVE-2019-7283.patch | |||
@@ -0,0 +1,33 @@ | |||
1 | From a7831a16c3e0e1463d5eb08a58af152cb75ca976 Mon Sep 17 00:00:00 2001 | ||
2 | From: Yi Zhao <yi.zhao@windriver.com> | ||
3 | Date: Mon, 15 Apr 2019 06:05:58 +0000 | ||
4 | Subject: [PATCH] Fix CVE-2019-7282 and CVE-2019-7283 | ||
5 | |||
6 | Description: Fix CVE-2018-20685 and CVE-2019-6111 | ||
7 | Bug-Debian: https://bugs.debian.org/920486 | ||
8 | Origin: https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa8860c061bf7105eb7f8b2#diff-9f340c228413d5a9a9206ea2ed2bc624R1114 | ||
9 | |||
10 | Upstream-Status: Backport [Debian] | ||
11 | [https://sources.debian.org/src/netkit-rsh/0.17-20/debian/patches/fix-CVE-2018-20685-and-CVE-2019-6111.patch] | ||
12 | |||
13 | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> | ||
14 | --- | ||
15 | rcp/rcp.c | 5 +++++ | ||
16 | 1 file changed, 5 insertions(+) | ||
17 | |||
18 | diff --git a/rcp/rcp.c b/rcp/rcp.c | ||
19 | index ca61c18..77d8ff8 100644 | ||
20 | --- a/rcp/rcp.c | ||
21 | +++ b/rcp/rcp.c | ||
22 | @@ -740,6 +740,11 @@ sink(int argc, char *argv[]) | ||
23 | size = size * 10 + (*cp++ - '0'); | ||
24 | if (*cp++ != ' ') | ||
25 | SCREWUP("size not delimited"); | ||
26 | + if (*cp == '\0' || strchr(cp, '/') != NULL || | ||
27 | + strcmp(cp, ".") == 0 || strcmp(cp, "..") == 0) { | ||
28 | + error("error: unexpected filename: %s", cp); | ||
29 | + exit(1); | ||
30 | + } | ||
31 | if (targisdir) { | ||
32 | static char *namebuf; | ||
33 | static int cursize; | ||
diff --git a/meta-networking/recipes-netkit/netkit-rsh/netkit-rsh_0.17.bb b/meta-networking/recipes-netkit/netkit-rsh/netkit-rsh_0.17.bb index d034cd8ed..6f203c5a8 100644 --- a/meta-networking/recipes-netkit/netkit-rsh/netkit-rsh_0.17.bb +++ b/meta-networking/recipes-netkit/netkit-rsh/netkit-rsh_0.17.bb | |||
@@ -16,6 +16,7 @@ SRC_URI = "${DEBIAN_MIRROR}/main/n/netkit-rsh/netkit-rsh_${PV}.orig.tar.gz;name= | |||
16 | file://netkit-rsh-0.17-rexec-ipv6.patch \ | 16 | file://netkit-rsh-0.17-rexec-ipv6.patch \ |
17 | file://fix-host-variable.patch \ | 17 | file://fix-host-variable.patch \ |
18 | file://fixup_wait3_api_change.patch \ | 18 | file://fixup_wait3_api_change.patch \ |
19 | file://CVE-2019-7282-and-CVE-2019-7283.patch \ | ||
19 | " | 20 | " |
20 | 21 | ||
21 | SRC_URI[archive.md5sum] = "65f5f28e2fe22d9ad8b17bb9a10df096" | 22 | SRC_URI[archive.md5sum] = "65f5f28e2fe22d9ad8b17bb9a10df096" |