diff options
author | Catalin Popeanga <Catalin.Popeanga@enea.com> | 2014-10-09 14:24:53 +0200 |
---|---|---|
committer | Paul Eggleton <paul.eggleton@linux.intel.com> | 2014-10-10 17:56:33 +0100 |
commit | 85961bcf81650992259cebb0ef1f1c6cdef3fefa (patch) | |
tree | ccaf004a34e671f00b24d2452f44ced060b9f9f2 /meta/recipes-extended/bash/bash_4.3.bb | |
parent | 153d1125659df9e5c09e35a58bd51be184cb13c1 (diff) | |
download | openembedded-core-85961bcf81650992259cebb0ef1f1c6cdef3fefa.tar.gz |
bash: Fix for CVE-2014-6277
Follow up bash43-026 to parse properly function definitions in the values of environment variables, to not allow remote attackers to execute arbitrary code or to cause a denial of service.
See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277
Signed-off-by: Catalin Popeanga <Catalin.Popeanga@enea.com>
Diffstat (limited to 'meta/recipes-extended/bash/bash_4.3.bb')
-rw-r--r-- | meta/recipes-extended/bash/bash_4.3.bb | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-extended/bash/bash_4.3.bb b/meta/recipes-extended/bash/bash_4.3.bb index d7bfb98660..f36c6a1710 100644 --- a/meta/recipes-extended/bash/bash_4.3.bb +++ b/meta/recipes-extended/bash/bash_4.3.bb @@ -13,6 +13,7 @@ SRC_URI = "${GNU_MIRROR}/bash/${BPN}-${PV}.tar.gz;name=tarball \ file://cve-2014-7169.patch \ file://Fix-for-bash-exported-function-namespace-change.patch \ file://cve-2014-7186_cve-2014-7187.patch \ + file://cve-2014-6277.patch \ file://run-ptest \ " |