diff options
author | Minjae Kim <flowergom@gmail.com> | 2021-07-08 22:22:40 +0900 |
---|---|---|
committer | Steve Sakoman <steve@sakoman.com> | 2021-07-11 06:19:43 -1000 |
commit | 58fa175702f0cd8f00dc5e7938fb55108921d324 (patch) | |
tree | 6b71e32f85c6f389efe079ccc42890917fbda4d4 /meta/recipes-connectivity/dhcp/dhcp_4.4.2.bb | |
parent | 42098fd740fe3de68a221fcc9c44ead545757461 (diff) | |
download | openembedded-core-contrib-58fa175702f0cd8f00dc5e7938fb55108921d324.tar.gz |
dhcp: fix CVE-2021-25217
A buffer overrun in lease file parsing code
can be used to exploit a common vulnerability shared by dhcpd and dhclient.
reference:
https://www.openwall.com/lists/oss-security/2021/05/26/6
https://kb.isc.org/docs/cve-2021-25217
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Diffstat (limited to 'meta/recipes-connectivity/dhcp/dhcp_4.4.2.bb')
-rw-r--r-- | meta/recipes-connectivity/dhcp/dhcp_4.4.2.bb | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/dhcp/dhcp_4.4.2.bb b/meta/recipes-connectivity/dhcp/dhcp_4.4.2.bb index b56a204821..5609a350cc 100644 --- a/meta/recipes-connectivity/dhcp/dhcp_4.4.2.bb +++ b/meta/recipes-connectivity/dhcp/dhcp_4.4.2.bb @@ -10,6 +10,7 @@ SRC_URI += "file://0001-define-macro-_PATH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.pat file://0012-dhcp-correct-the-intention-for-xml2-lib-search.patch \ file://0013-fixup_use_libbind.patch \ file://0001-workaround-busybox-limitation-in-linux-dhclient-script.patch \ + file://CVE-2021-25217.patch \ " SRC_URI[md5sum] = "2afdaf8498dc1edaf3012efdd589b3e1" |