avahi: fix CVE-2021-3468

A flaw was found in avahi in versions 0.6 up to 0.8. The event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the client_work function, allowing a local attacker to trigger an infinite loop. The highest threat from this vulnerability is to the availability of the avahi service, which becomes unresponsive after this flaw is triggered. https://nvd.nist.gov/vuln/detail/CVE-2021-3468 CVE: CVE-2021-3468 (From OE-Core rev: 7ca7aeb7c703bfa22c9f128849e11b62f93d81b5) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Steve Sakoman <steve@sakoman.com> 2021-07-21 07:33:19 -1000
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2021-08-10 11:14:11 +0100
commit: 1d36ed33069d76898115eaf271fa1f15dea9b657 (patch)
tree: a8b586014cd27057e9289f719d9d9437a65716aa /meta/recipes-connectivity/avahi/avahi.inc
parent: f30d69e51f475773bf8e05a7ed328b9f908879b7 (diff)
download: poky-1d36ed33069d76898115eaf271fa1f15dea9b657.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/avahi/avahi.inc b/meta/recipes-connectivity/avahi/avahi.inc
index 6acedb5412..25bb41b738 100644
--- a/meta/recipes-connectivity/avahi/avahi.inc
+++ b/meta/recipes-connectivity/avahi/avahi.inc
@@ -21,6 +21,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=2d5025d4aa3495befef8f17206a5b0a1 \
 SRC_URI = "https://github.com/lathiat/avahi/releases/download/v${PV}/avahi-${PV}.tar.gz \
           file://fix-CVE-2017-6519.patch \
+           file://CVE-2021-3468.patch \
           "
 UPSTREAM_CHECK_URI = "https://github.com/lathiat/avahi/releases/"
author	Steve Sakoman <steve@sakoman.com>	2021-07-21 07:33:19 -1000
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2021-08-10 11:14:11 +0100
commit	1d36ed33069d76898115eaf271fa1f15dea9b657 (patch)
tree	a8b586014cd27057e9289f719d9d9437a65716aa /meta/recipes-connectivity/avahi/avahi.inc
parent	f30d69e51f475773bf8e05a7ed328b9f908879b7 (diff)
download	poky-1d36ed33069d76898115eaf271fa1f15dea9b657.tar.gz

diff --git a/meta/recipes-connectivity/avahi/avahi.inc b/meta/recipes-connectivity/avahi/avahi.inc index 6acedb5412..25bb41b738 100644 --- a/meta/recipes-connectivity/avahi/avahi.inc +++ b/meta/recipes-connectivity/avahi/avahi.inc
@@ -21,6 +21,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=2d5025d4aa3495befef8f17206a5b0a1 \
21		21
22	SRC_URI = "https://github.com/lathiat/avahi/releases/download/v${PV}/avahi-${PV}.tar.gz \	22	SRC_URI = "https://github.com/lathiat/avahi/releases/download/v${PV}/avahi-${PV}.tar.gz \
23	file://fix-CVE-2017-6519.patch \	23	file://fix-CVE-2017-6519.patch \
		24	file://CVE-2021-3468.patch \
24	"	25	"
25		26
26	UPSTREAM_CHECK_URI = "https://github.com/lathiat/avahi/releases/"	27	UPSTREAM_CHECK_URI = "https://github.com/lathiat/avahi/releases/"