diff options
author | Kang Kai <kai.kang@windriver.com> | 2014-10-29 08:30:58 +0800 |
---|---|---|
committer | Martin Jansa <Martin.Jansa@gmail.com> | 2014-11-07 15:05:45 +0100 |
commit | ffb649d04322db8c3e218ee1a4499e202657375d (patch) | |
tree | 107f92a039acfb6eb4d73945dd6388db8ce346d9 /meta-oe/recipes-support/libyaml | |
parent | 59e457955474385b3ca47488ca0028fc72869b7f (diff) | |
download | meta-openembedded-contrib-ffb649d04322db8c3e218ee1a4499e202657375d.tar.gz |
postgresql: add fix for CVE-2014-0065 and CVE-2014-0066 Security Advisory
Coverity identified a number of places in which it couldn't prove that a
string being copied into a fixed-size buffer would fit. We believe that
most, perhaps all of these are in fact safe, or are copying data that is
coming from a trusted source so that any overrun is not really a
security issue. Nonetheless it seems prudent to forestall any risk by
using strlcpy() and similar functions.
Fixes by Peter Eisentraut and Jozef Mlich based on Coverity reports.
In addition, fix a potential null-pointer-dereference crash in
contrib/chkpass. The crypt(3) function is defined to return NULL on
failure, but chkpass.c didn't check for that before using the result.
The main practical case in which this could be an issue is if libc is
configured to refuse to execute unapproved hashing algorithms (e.g.,
"FIPS mode"). This ideally should've been a separate commit, but since
it touches code adjacent to one of the buffer overrun changes, I
included it in this commit to avoid last-minute merge issues. This
issue was reported by Honza Horak.
Security: CVE-2014-0065 for buffer overruns, CVE-2014-0066 for crypt()
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0065
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0066
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Diffstat (limited to 'meta-oe/recipes-support/libyaml')
0 files changed, 0 insertions, 0 deletions