diff options
author | George McCollister <george.mccollister@gmail.com> | 2019-02-25 10:37:12 -0600 |
---|---|---|
committer | Armin Kuster <akuster808@gmail.com> | 2019-03-17 12:07:56 -0700 |
commit | e749c579acbf4c5ddef4c875635af6da89e17d17 (patch) | |
tree | cd29b557a603d2a2fb63b812437de708a5c5ebb5 /meta/recipes-sato/matchbox-panel-2 | |
parent | 454cbaa1157be8e4e930c89983399a9b5a5aaaa0 (diff) | |
download | openembedded-core-contrib-e749c579acbf4c5ddef4c875635af6da89e17d17.tar.gz |
systemd: fix CVE-2018-6954
Apply patches to fix CVE-2018-6954
NVD description from https://nvd.nist.gov/vuln/detail/CVE-2018-6954
systemd-tmpfiles in systemd through 237 mishandles symlinks present in
non-terminal path components, which allows local users to obtain
ownership of arbitrary files via vectors involving creation of a
directory and a file under that directory, and later replacing that
directory with a symlink. This occurs even if the fs.protected_symlinks
sysctl is turned on.
Patches from systemd_237-3ubuntu10.13.debian.
These patches shouldn't be required on newer OE releases since they use
systemd v239 or higher.
Signed-off-by: George McCollister <george.mccollister@gmail.com>
Diffstat (limited to 'meta/recipes-sato/matchbox-panel-2')
0 files changed, 0 insertions, 0 deletions