From c4061a0a689fd3f4e3fb5d5dd6357dc542973d45 Mon Sep 17 00:00:00 2001 From: Sona Sarmadi Date: Wed, 2 Nov 2016 10:52:11 +0100 Subject: dropbear: fix multiple CVEs CVE-2016-7406 CVE-2016-7407 CVE-2016-7408 CVE-2016-7409 References: https://matt.ucc.asn.au/dropbear/CHANGES http://seclists.org/oss-sec/2016/q3/504 [YOCTO #10443] (From OE-Core rev: cca372506522c1d588f9ebc66c6051089743d2a9) Signed-off-by: Sona Sarmadi Signed-off-by: Armin Kuster Signed-off-by: Richard Purdie --- .../dropbear/dropbear/CVE-2016-7409.patch | 27 ++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 meta/recipes-core/dropbear/dropbear/CVE-2016-7409.patch (limited to 'meta/recipes-core/dropbear/dropbear/CVE-2016-7409.patch') diff --git a/meta/recipes-core/dropbear/dropbear/CVE-2016-7409.patch b/meta/recipes-core/dropbear/dropbear/CVE-2016-7409.patch new file mode 100644 index 0000000000..1475475b4d --- /dev/null +++ b/meta/recipes-core/dropbear/dropbear/CVE-2016-7409.patch @@ -0,0 +1,27 @@ + +# HG changeset patch +# User Matt Johnston +# Date 1468245085 -28800 +# Node ID 6a14b1f6dc04e70933c49ea335184e68c1deeb94 +# Parent 309e1c4a87682b6ca7d80b8555a1db416c3cb7ac +better TRACE of failed remote ident + +CVE: CVE-2016-7409 +Upstream-Status: Backport [backported from: +https://secure.ucc.asn.au/hg/dropbear/raw-rev/6a14b1f6dc04] + +Signed-off-by: Sona Sarmadi + +diff -r 309e1c4a8768 -r 6a14b1f6dc04 common-session.c +--- a/common-session.c Fri Mar 18 22:44:36 2016 +0800 ++++ b/common-session.c Mon Jul 11 21:51:25 2016 +0800 +@@ -361,7 +361,7 @@ + } + + if (!done) { +- TRACE(("err: %s for '%s'\n", strerror(errno), linebuf)) ++ TRACE(("error reading remote ident: %s\n", strerror(errno))) + ses.remoteclosed(); + } else { + /* linebuf is already null terminated */ + -- cgit v1.2.3-54-g00ecf