diff options
author | Minjae Kim <flowergom@gmail.com> | 2021-07-08 22:22:40 +0900 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2021-07-15 15:27:49 +0100 |
commit | e643a5b966756f383e71c138944e4e1c65c8cd46 (patch) | |
tree | 5f843ae8bd2a1c8fe2dbbb81b39205ca3ecc7c28 /meta/recipes-connectivity/dhcp/dhcp_4.4.2.bb | |
parent | 1fe2f91cf39dd43661c7e229a48ec50cdc28b7bc (diff) | |
download | poky-e643a5b966756f383e71c138944e4e1c65c8cd46.tar.gz |
dhcp: fix CVE-2021-25217
A buffer overrun in lease file parsing code
can be used to exploit a common vulnerability shared by dhcpd and dhclient.
reference:
https://www.openwall.com/lists/oss-security/2021/05/26/6
https://kb.isc.org/docs/cve-2021-25217
(From OE-Core rev: 58fa175702f0cd8f00dc5e7938fb55108921d324)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-connectivity/dhcp/dhcp_4.4.2.bb')
-rw-r--r-- | meta/recipes-connectivity/dhcp/dhcp_4.4.2.bb | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/dhcp/dhcp_4.4.2.bb b/meta/recipes-connectivity/dhcp/dhcp_4.4.2.bb index b56a204821..5609a350cc 100644 --- a/meta/recipes-connectivity/dhcp/dhcp_4.4.2.bb +++ b/meta/recipes-connectivity/dhcp/dhcp_4.4.2.bb | |||
@@ -10,6 +10,7 @@ SRC_URI += "file://0001-define-macro-_PATH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.pat | |||
10 | file://0012-dhcp-correct-the-intention-for-xml2-lib-search.patch \ | 10 | file://0012-dhcp-correct-the-intention-for-xml2-lib-search.patch \ |
11 | file://0013-fixup_use_libbind.patch \ | 11 | file://0013-fixup_use_libbind.patch \ |
12 | file://0001-workaround-busybox-limitation-in-linux-dhclient-script.patch \ | 12 | file://0001-workaround-busybox-limitation-in-linux-dhclient-script.patch \ |
13 | file://CVE-2021-25217.patch \ | ||
13 | " | 14 | " |
14 | 15 | ||
15 | SRC_URI[md5sum] = "2afdaf8498dc1edaf3012efdd589b3e1" | 16 | SRC_URI[md5sum] = "2afdaf8498dc1edaf3012efdd589b3e1" |