diff options
author | Steve Sakoman <steve@sakoman.com> | 2021-07-21 07:33:19 -1000 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2021-08-10 11:14:11 +0100 |
commit | 1d36ed33069d76898115eaf271fa1f15dea9b657 (patch) | |
tree | a8b586014cd27057e9289f719d9d9437a65716aa /meta/recipes-connectivity/avahi/avahi.inc | |
parent | f30d69e51f475773bf8e05a7ed328b9f908879b7 (diff) | |
download | poky-1d36ed33069d76898115eaf271fa1f15dea9b657.tar.gz |
avahi: fix CVE-2021-3468
A flaw was found in avahi in versions 0.6 up to 0.8. The event used
to signal the termination of the client connection on the avahi Unix
socket is not correctly handled in the client_work function,
allowing a local attacker to trigger an infinite loop. The highest
threat from this vulnerability is to the availability of the avahi
service, which becomes unresponsive after this flaw is triggered.
https://nvd.nist.gov/vuln/detail/CVE-2021-3468
CVE: CVE-2021-3468
(From OE-Core rev: 7ca7aeb7c703bfa22c9f128849e11b62f93d81b5)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-connectivity/avahi/avahi.inc')
-rw-r--r-- | meta/recipes-connectivity/avahi/avahi.inc | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/avahi/avahi.inc b/meta/recipes-connectivity/avahi/avahi.inc index 6acedb5412..25bb41b738 100644 --- a/meta/recipes-connectivity/avahi/avahi.inc +++ b/meta/recipes-connectivity/avahi/avahi.inc | |||
@@ -21,6 +21,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=2d5025d4aa3495befef8f17206a5b0a1 \ | |||
21 | 21 | ||
22 | SRC_URI = "https://github.com/lathiat/avahi/releases/download/v${PV}/avahi-${PV}.tar.gz \ | 22 | SRC_URI = "https://github.com/lathiat/avahi/releases/download/v${PV}/avahi-${PV}.tar.gz \ |
23 | file://fix-CVE-2017-6519.patch \ | 23 | file://fix-CVE-2017-6519.patch \ |
24 | file://CVE-2021-3468.patch \ | ||
24 | " | 25 | " |
25 | 26 | ||
26 | UPSTREAM_CHECK_URI = "https://github.com/lathiat/avahi/releases/" | 27 | UPSTREAM_CHECK_URI = "https://github.com/lathiat/avahi/releases/" |