diff options
author | Hitendra Prajapati <hprajapati@mvista.com> | 2023-04-20 12:25:02 +0530 |
---|---|---|
committer | Steve Sakoman <steve@sakoman.com> | 2023-04-26 04:19:06 -1000 |
commit | 51a1d78e2af26be39587f29c3d169a35a7ae150e (patch) | |
tree | e1928e0d33c1383315811e4408ba7ca1e4d92dfd | |
parent | e610a24db73225d039ac7140cb7d58835cc6b2fd (diff) | |
download | poky-51a1d78e2af26be39587f29c3d169a35a7ae150e.tar.gz |
screen: CVE-2023-24626 allows sending SIGHUP to arbitrary PIDs
Upstream-Status: Backport from https://git.savannah.gnu.org/cgit/screen.git/commit/?id=e9ad41bfedb4537a6f0de20f00b27c7739f168f7
(From OE-Core rev: d1f99b928b0a57bec879dde1b1b94c3c09286ea0)
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
-rw-r--r-- | meta/recipes-extended/screen/screen/CVE-2023-24626.patch | 40 | ||||
-rw-r--r-- | meta/recipes-extended/screen/screen_4.8.0.bb | 1 |
2 files changed, 41 insertions, 0 deletions
diff --git a/meta/recipes-extended/screen/screen/CVE-2023-24626.patch b/meta/recipes-extended/screen/screen/CVE-2023-24626.patch new file mode 100644 index 0000000000..73caf9d81b --- /dev/null +++ b/meta/recipes-extended/screen/screen/CVE-2023-24626.patch | |||
@@ -0,0 +1,40 @@ | |||
1 | From e9ad41bfedb4537a6f0de20f00b27c7739f168f7 Mon Sep 17 00:00:00 2001 | ||
2 | From: Alexander Naumov <alexander_naumov@opensuse.org> | ||
3 | Date: Mon, 30 Jan 2023 17:22:25 +0200 | ||
4 | Subject: fix: missing signal sending permission check on failed query messages | ||
5 | |||
6 | Signed-off-by: Alexander Naumov <alexander_naumov@opensuse.org> | ||
7 | |||
8 | CVE: CVE-2023-24626 | ||
9 | Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/screen.git/commit/?id=e9ad41bfedb4537a6f0de20f00b27c7739f168f7] | ||
10 | Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> | ||
11 | --- | ||
12 | socket.c | 9 +++++++-- | ||
13 | 1 file changed, 7 insertions(+), 2 deletions(-) | ||
14 | |||
15 | diff --git a/socket.c b/socket.c | ||
16 | index bb68b35..9d87445 100644 | ||
17 | --- a/socket.c | ||
18 | +++ b/socket.c | ||
19 | @@ -1285,11 +1285,16 @@ ReceiveMsg() | ||
20 | else | ||
21 | queryflag = -1; | ||
22 | |||
23 | - Kill(m.m.command.apid, | ||
24 | + if (CheckPid(m.m.command.apid)) { | ||
25 | + Msg(0, "Query attempt with bad pid(%d)!", m.m.command.apid); | ||
26 | + } | ||
27 | + else { | ||
28 | + Kill(m.m.command.apid, | ||
29 | (queryflag >= 0) | ||
30 | ? SIGCONT | ||
31 | : SIG_BYE); /* Send SIG_BYE if an error happened */ | ||
32 | - queryflag = -1; | ||
33 | + queryflag = -1; | ||
34 | + } | ||
35 | } | ||
36 | break; | ||
37 | case MSG_COMMAND: | ||
38 | -- | ||
39 | 2.25.1 | ||
40 | |||
diff --git a/meta/recipes-extended/screen/screen_4.8.0.bb b/meta/recipes-extended/screen/screen_4.8.0.bb index fe640c262b..c4faa27023 100644 --- a/meta/recipes-extended/screen/screen_4.8.0.bb +++ b/meta/recipes-extended/screen/screen_4.8.0.bb | |||
@@ -22,6 +22,7 @@ SRC_URI = "${GNU_MIRROR}/screen/screen-${PV}.tar.gz \ | |||
22 | file://0001-fix-for-multijob-build.patch \ | 22 | file://0001-fix-for-multijob-build.patch \ |
23 | file://0001-Remove-more-compatibility-stuff.patch \ | 23 | file://0001-Remove-more-compatibility-stuff.patch \ |
24 | file://CVE-2021-26937.patch \ | 24 | file://CVE-2021-26937.patch \ |
25 | file://CVE-2023-24626.patch \ | ||
25 | " | 26 | " |
26 | 27 | ||
27 | SRC_URI[md5sum] = "d276213d3acd10339cd37848b8c4ab1e" | 28 | SRC_URI[md5sum] = "d276213d3acd10339cd37848b8c4ab1e" |