ncurses: Fix CVE-2023-29491 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	virendra thakur <thakur.virendra1810@gmail.com>	2024-02-06 18:01:04 +0530
committer	Steve Sakoman <steve@sakoman.com>	2024-02-16 03:35:51 -1000
commit	fa23359034e1cf72ec09601e18ebcbc3648c3e29 (patch)
tree	f5c5a49dd453a384e461b17adb8bcd27bbf89d70 /meta/recipes-sato/rxvt-unicode
parent	eb0915c699fbe86488de172d529f073a30d05b6a (diff)
download	poky-fa23359034e1cf72ec09601e18ebcbc3648c3e29.tar.gz

ncurses: Fix CVE-2023-29491

memory corruption when processing malformed terminfo data entries loaded by setuid/setgid programs CVE-2023-29491.patch change the --disable-root-environ configure option behavior. set --disable-root-environ in configuration options. --disable-root-environ option with a few additional changes to the code allows us to mitigate CVE-2023-29491 and avoid other issues that involve the possibility of malicious use of environment variables through setuid applications, and, therefore, it was the fix chosen in order to resolve this vulnerability. Reference: https://ubuntu.com/security/CVE-2023-29491 https://launchpad.net/ubuntu/+source/ncurses/6.2-0ubuntu2.1 (From OE-Core rev: 041433f0767ae9112f6a74a7d7c93ce9b411792c) Signed-off-by: virendra thakur <virendrak@kpit.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>

Diffstat (limited to 'meta/recipes-sato/rxvt-unicode')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: