diff options
| author | Gyorgy Sarvari <skandigraun@gmail.com> | 2025-12-25 13:51:32 +0100 |
|---|---|---|
| committer | Gyorgy Sarvari <skandigraun@gmail.com> | 2025-12-25 13:56:58 +0100 |
| commit | 360720faba93bec4bc44fbfde1379d4281bb080b (patch) | |
| tree | ec6b6a738d7034409002d0a9b06c31d03d413c62 | |
| parent | 0cc9b2df36fac9682afc3654906561f7e9bf9a93 (diff) | |
| download | meta-openembedded-360720faba93bec4bc44fbfde1379d4281bb080b.tar.gz | |
mtr: patch CVE-2025-49809
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-49809
Pick the patch mentioned in the NVD report.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
| -rw-r--r-- | meta-networking/recipes-support/mtr/mtr/CVE-2025-49809.patch | 38 | ||||
| -rw-r--r-- | meta-networking/recipes-support/mtr/mtr_0.95.bb | 4 |
2 files changed, 41 insertions, 1 deletions
diff --git a/meta-networking/recipes-support/mtr/mtr/CVE-2025-49809.patch b/meta-networking/recipes-support/mtr/mtr/CVE-2025-49809.patch new file mode 100644 index 0000000000..1f8ac4aeb9 --- /dev/null +++ b/meta-networking/recipes-support/mtr/mtr/CVE-2025-49809.patch | |||
| @@ -0,0 +1,38 @@ | |||
| 1 | From 5eefb172ef1ab9e46d79c6bae60dbe7983c9f704 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: "R.E. Wolff" <R.E.Wolff@BitWizard.nl> | ||
| 3 | Date: Sun, 29 Jun 2025 14:06:00 +0200 | ||
| 4 | Subject: [PATCH] Added protection against use of MTR_PACKET under special | ||
| 5 | circumstances | ||
| 6 | |||
| 7 | CVE: CVE-2025-49809 | ||
| 8 | Upstream-Status: Backport [https://github.com/traviscross/mtr/commit/5226f105f087c29d3cfad9f28000e7536af91ac6] | ||
| 9 | Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> | ||
| 10 | --- | ||
| 11 | ui/cmdpipe.c | 13 ++++++++++--- | ||
| 12 | 1 file changed, 10 insertions(+), 3 deletions(-) | ||
| 13 | |||
| 14 | diff --git a/ui/cmdpipe.c b/ui/cmdpipe.c | ||
| 15 | index d22b236..1a66293 100644 | ||
| 16 | --- a/ui/cmdpipe.c | ||
| 17 | +++ b/ui/cmdpipe.c | ||
| 18 | @@ -220,10 +220,17 @@ void execute_packet_child( | ||
| 19 | the path to the mtr-packet executable. This is necessary | ||
| 20 | for debugging changes for mtr-packet. | ||
| 21 | */ | ||
| 22 | - char *mtr_packet_path = getenv("MTR_PACKET"); | ||
| 23 | - if (mtr_packet_path == NULL) { | ||
| 24 | + char * mtr_packet_path = NULL; | ||
| 25 | + | ||
| 26 | + // In the rare case that mtr-packet is not setuid-root, | ||
| 27 | + // and a select group of users has sudo privileges to run | ||
| 28 | + // mtr and not much else, THEN create /etc/mtr.is.run.under.sudo | ||
| 29 | + // to prevent a privilege escalation when one of those accounts | ||
| 30 | + // is compromised. CVE-2025-49809 | ||
| 31 | + if (access ("/etc/mtr.is.run.under.sudo", F_OK) != 0) | ||
| 32 | + mtr_packet_path = getenv("MTR_PACKET"); | ||
| 33 | + if (mtr_packet_path == NULL) | ||
| 34 | mtr_packet_path = "mtr-packet"; | ||
| 35 | - } | ||
| 36 | |||
| 37 | /* | ||
| 38 | First, try to execute mtr-packet from PATH | ||
diff --git a/meta-networking/recipes-support/mtr/mtr_0.95.bb b/meta-networking/recipes-support/mtr/mtr_0.95.bb index 92f9c4bfc0..8c385ae46a 100644 --- a/meta-networking/recipes-support/mtr/mtr_0.95.bb +++ b/meta-networking/recipes-support/mtr/mtr_0.95.bb | |||
| @@ -9,7 +9,9 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ | |||
| 9 | file://ui/mtr.c;beginline=5;endline=16;md5=00a894a39d53726a27386534d1c4e468" | 9 | file://ui/mtr.c;beginline=5;endline=16;md5=00a894a39d53726a27386534d1c4e468" |
| 10 | 10 | ||
| 11 | SRCREV = "852e5617fbf331cf292723702161f0ac9afe257c" | 11 | SRCREV = "852e5617fbf331cf292723702161f0ac9afe257c" |
| 12 | SRC_URI = "git://github.com/traviscross/mtr;branch=master;protocol=https" | 12 | SRC_URI = "git://github.com/traviscross/mtr;branch=master;protocol=https \ |
| 13 | file://CVE-2025-49809.patch \ | ||
| 14 | " | ||
| 13 | 15 | ||
| 14 | S = "${WORKDIR}/git" | 16 | S = "${WORKDIR}/git" |
| 15 | 17 | ||