diff options
author | George McCollister <george.mccollister@gmail.com> | 2019-02-25 10:37:12 -0600 |
---|---|---|
committer | Armin Kuster <akuster808@gmail.com> | 2019-03-17 12:07:56 -0700 |
commit | e749c579acbf4c5ddef4c875635af6da89e17d17 (patch) | |
tree | cd29b557a603d2a2fb63b812437de708a5c5ebb5 /meta/recipes-core/systemd/systemd_237.bb | |
parent | 454cbaa1157be8e4e930c89983399a9b5a5aaaa0 (diff) | |
download | openembedded-core-contrib-e749c579acbf4c5ddef4c875635af6da89e17d17.tar.gz |
systemd: fix CVE-2018-6954
Apply patches to fix CVE-2018-6954
NVD description from https://nvd.nist.gov/vuln/detail/CVE-2018-6954
systemd-tmpfiles in systemd through 237 mishandles symlinks present in
non-terminal path components, which allows local users to obtain
ownership of arbitrary files via vectors involving creation of a
directory and a file under that directory, and later replacing that
directory with a symlink. This occurs even if the fs.protected_symlinks
sysctl is turned on.
Patches from systemd_237-3ubuntu10.13.debian.
These patches shouldn't be required on newer OE releases since they use
systemd v239 or higher.
Signed-off-by: George McCollister <george.mccollister@gmail.com>
Diffstat (limited to 'meta/recipes-core/systemd/systemd_237.bb')
-rw-r--r-- | meta/recipes-core/systemd/systemd_237.bb | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/meta/recipes-core/systemd/systemd_237.bb b/meta/recipes-core/systemd/systemd_237.bb index 96f419a7f9..bc33fbebdc 100644 --- a/meta/recipes-core/systemd/systemd_237.bb +++ b/meta/recipes-core/systemd/systemd_237.bb @@ -61,6 +61,8 @@ SRC_URI += "file://touchscreen.rules \ file://0025-journald-set-a-limit-on-the-number-of-fields-1k.patch \ file://0026-journal-remote-set-a-limit-on-the-number-of-fields-i.patch \ file://0027-journal-fix-out-of-bounds-read-CVE-2018-16866.patch \ + file://0001-tmpfiles-don-t-resolve-pathnames-when-traversing-rec.patch \ + file://0002-Make-tmpfiles-safe.patch \ " SRC_URI_append_qemuall = " file://0001-core-device.c-Change-the-default-device-timeout-to-2.patch" |