diff options
author | Ross Burton <ross.burton@intel.com> | 2019-11-05 23:44:48 +0200 |
---|---|---|
committer | Armin Kuster <akuster808@gmail.com> | 2019-11-24 08:55:09 -0800 |
commit | afc529aa689daed18af29ecc64f3dae1fcbdc282 (patch) | |
tree | 8eb87878b89702e55990520d1218540f1f76b2d5 | |
parent | 5fbf5eead50ab5a8cbacf277ddfff2eeca26f738 (diff) | |
download | openembedded-core-contrib-afc529aa689daed18af29ecc64f3dae1fcbdc282.tar.gz |
procps: whitelist CVE-2018-1121
This CVE is about race conditions in 'ps' which make it unsuitable for security
audits. As these race conditions are unavoidable ps shouldn't be used for
security auditing, so this isn't a valid CVE.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
-rw-r--r-- | meta/recipes-extended/procps/procps_3.3.15.bb | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/meta/recipes-extended/procps/procps_3.3.15.bb b/meta/recipes-extended/procps/procps_3.3.15.bb index 9756db0e7b..a20917b223 100644 --- a/meta/recipes-extended/procps/procps_3.3.15.bb +++ b/meta/recipes-extended/procps/procps_3.3.15.bb @@ -64,3 +64,6 @@ python __anonymous() { d.setVarFlag('ALTERNATIVE_LINK_NAME', prog, '%s/%s' % (d.getVar('base_sbindir'), prog)) } +# 'ps' isn't suitable for use as a security tool so whitelist this CVE. +# https://bugzilla.redhat.com/show_bug.cgi?id=1575473#c3 +CVE_CHECK_WHITELIST += "CVE-2018-1121" |