diff options
author | George McCollister <george.mccollister@gmail.com> | 2019-02-25 10:37:12 -0600 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2019-03-24 16:49:54 +0000 |
commit | 4c55db6d5c6f93e5fd851ed2d0c8ebc5ec043cab (patch) | |
tree | 42fc8e334fd3ecc0be5a5cbf106677e54870ccb5 /meta/lib | |
parent | d4e0f9252852ebfe5677d2bf0e6d70aacd7a984a (diff) | |
download | poky-4c55db6d5c6f93e5fd851ed2d0c8ebc5ec043cab.tar.gz |
systemd: fix CVE-2018-6954
Apply patches to fix CVE-2018-6954
NVD description from https://nvd.nist.gov/vuln/detail/CVE-2018-6954
systemd-tmpfiles in systemd through 237 mishandles symlinks present in
non-terminal path components, which allows local users to obtain
ownership of arbitrary files via vectors involving creation of a
directory and a file under that directory, and later replacing that
directory with a symlink. This occurs even if the fs.protected_symlinks
sysctl is turned on.
Patches from systemd_237-3ubuntu10.13.debian.
These patches shouldn't be required on newer OE releases since they use
systemd v239 or higher.
(From OE-Core rev: 607350d98aa4c65b71fe1f10900e205fad81d1ec)
Signed-off-by: George McCollister <george.mccollister@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/lib')
0 files changed, 0 insertions, 0 deletions