aboutsummaryrefslogtreecommitdiffstats
path: root/meta-networking/recipes-support/tcpdump/tcpdump_4.9.2.bb
diff options
context:
space:
mode:
authorPeiran Hong <peiran.hong@windriver.com>2019-09-16 13:41:59 -0400
committerArmin Kuster <akuster808@gmail.com>2019-10-03 12:29:21 -0700
commit047ca1f051564dc9c35c2e0bd3946cbbc716e2eb (patch)
treeaa4f26dd85cf031d21a42db66de48faf134b5b1b /meta-networking/recipes-support/tcpdump/tcpdump_4.9.2.bb
parenta7ab9ee13c0ea691d06fa8d8dfe48ac8799953f7 (diff)
downloadmeta-openembedded-contrib-stable/thud-nmut.tar.gz
tcpdump: Fix CVE-2017-16808stable/thud-nmut
Backport selected parts of three upstream commits to fix CVE-2017-16808 where tcpdump 4.9.2 has a heap-based buffer over-read. Upstream-Status: Backport [ several ] Upstream commits fully backported: 46aead6 [CVE-2017-16808/AoE: Add a missing bounds check] Upstream commits partially backported: 7068209 [Use nd_ types in 802.x and FDDI headers.] 84ef17a [Replace ND_TTEST2()/ND_TCHECK2() macros by macros using pointers (1/n)] 46aead6 fixes the vulnerability and requires two macros defined in 7068209 and 84ef17a, which are committed after the release of 4.9.2. Only the definition of the macros are taken from the two commits as they impact a wide range of code and are difficult to integrate. CVE: CVE-2017-16808 Signed-off-by: Peiran Hong <peiran.hong@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
Diffstat (limited to 'meta-networking/recipes-support/tcpdump/tcpdump_4.9.2.bb')
-rw-r--r--meta-networking/recipes-support/tcpdump/tcpdump_4.9.2.bb1
1 files changed, 1 insertions, 0 deletions
diff --git a/meta-networking/recipes-support/tcpdump/tcpdump_4.9.2.bb b/meta-networking/recipes-support/tcpdump/tcpdump_4.9.2.bb
index d38540e34d..14e90b092e 100644
--- a/meta-networking/recipes-support/tcpdump/tcpdump_4.9.2.bb
+++ b/meta-networking/recipes-support/tcpdump/tcpdump_4.9.2.bb
@@ -10,6 +10,7 @@ SRC_URI = " \
file://unnecessary-to-check-libpcap.patch \
file://add-ptest.patch \
file://run-ptest \
+ file://0001-CVE-2017-16808-AoE-Add-a-missing-bounds-check.patch \
"
SRC_URI[md5sum] = "9bbc1ee33dab61302411b02dd0515576"