diff options
author | Yi Zhao <yi.zhao@windriver.com> | 2020-02-13 16:55:01 +0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2020-02-14 13:07:23 +0000 |
commit | dbfc4e69488f68ebe45cfb8f953d7d7742a0325c (patch) | |
tree | 5349770228767297eb2e45593b2babe8bd1f80e6 /meta/recipes-connectivity/ppp/ppp_2.4.7.bb | |
parent | 16c9a82c6ce255f18837ee31fdf587f8c58320f0 (diff) | |
download | poky-dbfc4e69488f68ebe45cfb8f953d7d7742a0325c.tar.gz |
ppp: Security fix CVE-2020-8597
CVE-2020-8597: eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname
buffer overflow in the eap_request and eap_response functions.
References:
https://nvd.nist.gov/vuln/detail/CVE-2020-8597
Patch from:
https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426
(From OE-Core rev: b01505e018ff46f1af34f98219d55f4ca700cd5a)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-connectivity/ppp/ppp_2.4.7.bb')
-rw-r--r-- | meta/recipes-connectivity/ppp/ppp_2.4.7.bb | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/ppp/ppp_2.4.7.bb b/meta/recipes-connectivity/ppp/ppp_2.4.7.bb index 644cde4562..60c56dd0bd 100644 --- a/meta/recipes-connectivity/ppp/ppp_2.4.7.bb +++ b/meta/recipes-connectivity/ppp/ppp_2.4.7.bb | |||
@@ -33,6 +33,7 @@ SRC_URI = "https://download.samba.org/pub/${BPN}/${BP}.tar.gz \ | |||
33 | file://0001-pppoe-include-netinet-in.h-before-linux-in.h.patch \ | 33 | file://0001-pppoe-include-netinet-in.h-before-linux-in.h.patch \ |
34 | file://0001-ppp-Remove-unneeded-include.patch \ | 34 | file://0001-ppp-Remove-unneeded-include.patch \ |
35 | file://ppp-2.4.7-DES-openssl.patch \ | 35 | file://ppp-2.4.7-DES-openssl.patch \ |
36 | file://0001-pppd-Fix-bounds-check-in-EAP-code.patch \ | ||
36 | " | 37 | " |
37 | 38 | ||
38 | SRC_URI_append_libc-musl = "\ | 39 | SRC_URI_append_libc-musl = "\ |