diff options
| author |   Yi Zhao <yi.zhao@windriver.com> | 2020-02-21 22:59:42 +0200 |
|---|---|---|
| committer |   Anuj Mittal <anuj.mittal@intel.com> | 2020-02-26 11:15:34 +0800 |
| commit | f0c7e7d03d1e9f7426031acdde3f7452118edd8c (patch) | |
| tree | 833286116fcd9059b7aad16527649b493586d9b9 /meta/recipes-connectivity/ppp/ppp_2.4.7.bb | |
| parent | 53b94d0bc839eda408d90e15937746871b7546e3 (diff) | |
| download | openembedded-core-contrib-f0c7e7d03d1e9f7426031acdde3f7452118edd8c.tar.gz | |
ppp: Security fix CVE-2020-8597
CVE-2020-8597: eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname
buffer overflow in the eap_request and eap_response functions.
References:
https://nvd.nist.gov/vuln/detail/CVE-2020-8597
Patch from:
https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426
(From OE-Core rev: b01505e018ff46f1af34f98219d55f4ca700cd5a)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Diffstat (limited to 'meta/recipes-connectivity/ppp/ppp_2.4.7.bb')
| -rw-r--r-- | meta/recipes-connectivity/ppp/ppp_2.4.7.bb | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/ppp/ppp_2.4.7.bb b/meta/recipes-connectivity/ppp/ppp_2.4.7.bb index 644cde4562..60c56dd0bd 100644 --- a/meta/recipes-connectivity/ppp/ppp_2.4.7.bb +++ b/meta/recipes-connectivity/ppp/ppp_2.4.7.bb @@ -33,6 +33,7 @@ SRC_URI = "https://download.samba.org/pub/${BPN}/${BP}.tar.gz \ file://0001-pppoe-include-netinet-in.h-before-linux-in.h.patch \ file://0001-ppp-Remove-unneeded-include.patch \ file://ppp-2.4.7-DES-openssl.patch \ + file://0001-pppd-Fix-bounds-check-in-EAP-code.patch \ " SRC_URI_append_libc-musl = "\ |