diff options
author | Ralph Siemsen <ralph.siemsen@linaro.org> | 2021-08-09 15:10:17 -0400 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2021-08-18 18:00:19 +0100 |
commit | 9a93dde4e3d8c19b544488d0f039b255033e247d (patch) | |
tree | d9e04b50850bb7988dfbbefeb7adbf64f93cff4e | |
parent | 55b0822504a810f8517dc3e2b67dcbdba86e30f8 (diff) | |
download | poky-9a93dde4e3d8c19b544488d0f039b255033e247d.tar.gz |
glibc: Document and whitelist CVE-2021-35942
This CVE is fixed in the upstream glibc-2.31 branch, and dunfell already
includes an update to this version in commit e1e89ff7d75c3d22 ("glibc:
update to lastest 2.31 release HEAD")
(From OE-Core rev: c1d49cee0a3a7391708b19647889f48036d7e4e8)
Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r-- | meta/recipes-core/glibc/glibc_2.31.bb | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/meta/recipes-core/glibc/glibc_2.31.bb b/meta/recipes-core/glibc/glibc_2.31.bb index 23242fff76..8742efc36f 100644 --- a/meta/recipes-core/glibc/glibc_2.31.bb +++ b/meta/recipes-core/glibc/glibc_2.31.bb | |||
@@ -18,6 +18,16 @@ CVE_CHECK_WHITELIST += "CVE-2019-1010022 CVE-2019-1010023 CVE-2019-1010024" | |||
18 | # Potential patch at https://sourceware.org/bugzilla/show_bug.cgi?id=22853 | 18 | # Potential patch at https://sourceware.org/bugzilla/show_bug.cgi?id=22853 |
19 | CVE_CHECK_WHITELIST += "CVE-2019-1010025" | 19 | CVE_CHECK_WHITELIST += "CVE-2019-1010025" |
20 | 20 | ||
21 | # glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35942 | ||
22 | # The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash | ||
23 | # or read arbitrary memory in parse_param (in posix/wordexp.c) when called with | ||
24 | # an untrusted, crafted pattern, potentially resulting in a denial of service | ||
25 | # or disclosure of information. Patch was backported to 2.31 branch already: | ||
26 | # https://sourceware.org/git/?p=glibc.git;a=commit;h=4f0a61f75385c9a5879cbe7202042e88f692a3c8 | ||
27 | # which is already included in the dunfell branch of poky: | ||
28 | # https://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?h=dunfell&id=e1e89ff7d75c3d2223f9e3bd875b9b0c5e15836b | ||
29 | CVE_CHECK_WHITELIST += "CVE-2021-35942" | ||
30 | |||
21 | DEPENDS += "gperf-native bison-native make-native" | 31 | DEPENDS += "gperf-native bison-native make-native" |
22 | 32 | ||
23 | NATIVESDKFIXES ?= "" | 33 | NATIVESDKFIXES ?= "" |