diff options
author | yanjun.zhu <yanjun.zhu@windriver.com> | 2012-12-11 18:00:32 +0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2012-12-17 17:24:54 +0000 |
commit | 5b3ffcea5e08fe097b417e29c7282ed37feaacc7 (patch) | |
tree | 631c70d9be633f2739e4ead74673100acda1f932 /meta/recipes-devtools/squashfs-tools/squashfs-tools_4.2.bb | |
parent | f023d0589815a0068435b711e723d21c9560e30d (diff) | |
download | poky-5b3ffcea5e08fe097b417e29c7282ed37feaacc7.tar.gz |
squashfs: fix CVE-2012-4025
CQID:WIND00366813
Reference: http://squashfs.git.sourceforge.net/git/gitweb.cgi?
p=squashfs/squashfs;a=patch;h=8515b3d420f502c5c0236b86e2d6d7e3b23c190e
Integer overflow in the queue_init function in unsquashfs.c in
unsquashfs in Squashfs 4.2 and earlier allows remote attackers
to execute arbitrary code via a crafted block_log field in the
superblock of a .sqsh file, leading to a heap-based buffer overflow.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4025
(From OE-Core rev: bb1611d4830bb7aff2371afdb2a77a4ca7298c7d)
Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
[YOCTO #3564]
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools/squashfs-tools/squashfs-tools_4.2.bb')
-rw-r--r-- | meta/recipes-devtools/squashfs-tools/squashfs-tools_4.2.bb | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/meta/recipes-devtools/squashfs-tools/squashfs-tools_4.2.bb b/meta/recipes-devtools/squashfs-tools/squashfs-tools_4.2.bb index 9922f1ef51..528efed1dd 100644 --- a/meta/recipes-devtools/squashfs-tools/squashfs-tools_4.2.bb +++ b/meta/recipes-devtools/squashfs-tools/squashfs-tools_4.2.bb | |||
@@ -8,12 +8,15 @@ LIC_FILES_CHKSUM = "file://../COPYING;md5=0636e73ff0215e8d672dc4c32c317bb3 \ | |||
8 | file://../../7zC.txt;beginline=12;endline=16;md5=2056cd6d919ebc3807602143c7449a7c \ | 8 | file://../../7zC.txt;beginline=12;endline=16;md5=2056cd6d919ebc3807602143c7449a7c \ |
9 | " | 9 | " |
10 | DEPENDS = "attr zlib xz" | 10 | DEPENDS = "attr zlib xz" |
11 | PR = "1" | 11 | PR = "r2" |
12 | 12 | ||
13 | SRC_URI = "${SOURCEFORGE_MIRROR}/squashfs/squashfs${PV}.tar.gz;name=squashfs \ | 13 | SRC_URI = "${SOURCEFORGE_MIRROR}/squashfs/squashfs${PV}.tar.gz;name=squashfs \ |
14 | http://downloads.sourceforge.net/sevenzip/lzma465.tar.bz2;name=lzma \ | 14 | http://downloads.sourceforge.net/sevenzip/lzma465.tar.bz2;name=lzma \ |
15 | " | 15 | " |
16 | SRC_URI += "file://squashfs-4.2-fix-CVE-2012-4024.patch \ | 16 | SRC_URI += "file://squashfs-4.2-fix-CVE-2012-4024.patch \ |
17 | file://squashfs-add-a-commment-and-fix-some-other-comments.patch \ | ||
18 | file://squashfs-fix-open-file-limit.patch \ | ||
19 | file://squashfs-4.2-fix-CVE-2012-4025.patch \ | ||
17 | " | 20 | " |
18 | SRC_URI[squashfs.md5sum] = "1b7a781fb4cf8938842279bd3e8ee852" | 21 | SRC_URI[squashfs.md5sum] = "1b7a781fb4cf8938842279bd3e8ee852" |
19 | SRC_URI[squashfs.sha256sum] = "d9e0195aa922dbb665ed322b9aaa96e04a476ee650f39bbeadb0d00b24022e96" | 22 | SRC_URI[squashfs.sha256sum] = "d9e0195aa922dbb665ed322b9aaa96e04a476ee650f39bbeadb0d00b24022e96" |