From eaec7e962433fa09ec5723afc9bada22ba4d6a45 Mon Sep 17 00:00:00 2001 From: Joshua Lock Date: Wed, 29 Feb 2012 16:34:27 -0800 Subject: sudo: backport patch to address CVE 2012-0809 This is a format string vulnerability "that can be used to crash sudo or potentially allow an unauthorized user to elevate privileges." (From OE-Core rev: 286cdd5db60b4f668e75cd9e05efb97acb08b7a6) Signed-off-by: Joshua Lock Signed-off-by: Richard Purdie --- .../sudo/files/format-string.patch | 33 ++++++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 meta/recipes-extended/sudo/files/format-string.patch (limited to 'meta/recipes-extended/sudo/files/format-string.patch') diff --git a/meta/recipes-extended/sudo/files/format-string.patch b/meta/recipes-extended/sudo/files/format-string.patch new file mode 100644 index 0000000000..15056fd4cc --- /dev/null +++ b/meta/recipes-extended/sudo/files/format-string.patch @@ -0,0 +1,33 @@ +This patch, extracted from upstreams sudo-1.8.3p2.patch.gz addresses the +recent Sudo format string vulnerability CVE 2012-0809. + +http://www.sudo.ws/sudo/alerts/sudo_debug.html + +Signed-off-by: Joshua Lock + +Upstream-Status: Backport + +diff -urNa sudo-1.8.3p1/src/sudo.c sudo-1.8.3p2/src/sudo.c +--- sudo-1.8.3p1/src/sudo.c Fri Oct 21 09:01:26 2011 ++++ sudo-1.8.3p2/src/sudo.c Tue Jan 24 15:59:03 2012 +@@ -1208,15 +1208,15 @@ + sudo_debug(int level, const char *fmt, ...) + { + va_list ap; +- char *fmt2; ++ char *buf; + + if (level > debug_level) + return; + +- /* Backet fmt with program name and a newline to make it a single write */ +- easprintf(&fmt2, "%s: %s\n", getprogname(), fmt); ++ /* Bracket fmt with program name and a newline to make it a single write */ + va_start(ap, fmt); +- vfprintf(stderr, fmt2, ap); ++ evasprintf(&buf, fmt, ap); + va_end(ap); +- efree(fmt2); ++ fprintf(stderr, "%s: %s\n", getprogname(), buf); ++ efree(buf); + } -- cgit v1.2.3-54-g00ecf