diff options
author | Kai Kang <kai.kang@windriver.com> | 2014-10-15 13:56:24 +0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2014-10-23 16:13:31 +0100 |
commit | 4b22a21b4eb2b588338ad39355e576ab5bd8c1d7 (patch) | |
tree | 2d03026d0252c2159ace4ad7857d6cfe9bd15763 /meta/recipes-core/readline/readline_6.3.bb | |
parent | 27a877becf76a1410aa96c02a25bb885bfbddf04 (diff) | |
download | poky-4b22a21b4eb2b588338ad39355e576ab5bd8c1d7.tar.gz |
readline: Security Advisory - readline - CVE-2014-2524
The _rl_tropen function in util.c in GNU readline before 6.3 patch 3
allows local users to create or overwrite arbitrary files via a symlink
attack on a /var/tmp/rltrace.[PID] file.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2524
(From OE-Core rev: a4fa519de008ccd5b9411fcb1880e0a64383ce9c)
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-core/readline/readline_6.3.bb')
-rw-r--r-- | meta/recipes-core/readline/readline_6.3.bb | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/meta/recipes-core/readline/readline_6.3.bb b/meta/recipes-core/readline/readline_6.3.bb index aa30f668b4..2ae73ea945 100644 --- a/meta/recipes-core/readline/readline_6.3.bb +++ b/meta/recipes-core/readline/readline_6.3.bb | |||
@@ -1,5 +1,7 @@ | |||
1 | require readline.inc | 1 | require readline.inc |
2 | 2 | ||
3 | SRC_URI_append = " file://readline63-003" | ||
4 | |||
3 | SRC_URI[archive.md5sum] = "33c8fb279e981274f485fd91da77e94a" | 5 | SRC_URI[archive.md5sum] = "33c8fb279e981274f485fd91da77e94a" |
4 | SRC_URI[archive.sha256sum] = "56ba6071b9462f980c5a72ab0023893b65ba6debb4eeb475d7a563dc65cafd43" | 6 | SRC_URI[archive.sha256sum] = "56ba6071b9462f980c5a72ab0023893b65ba6debb4eeb475d7a563dc65cafd43" |
5 | 7 | ||