]> code.ossystems Code Review - openembedded-core.git/commit
elfutils: Security Advisory - CVE-2015-0255
authorRoy Li <rongqing.li@windriver.com>
Tue, 28 Apr 2015 06:22:54 +0000 (14:22 +0800)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Sun, 28 Jun 2015 08:41:52 +0000 (09:41 +0100)
commit5eda84a62201461b9c69498ec35585d2c8142dec
treec5b4ecf72bf091fdd5ddea86328c9586640a6db4
parent45e105e08c56eef5ef8282f2f84778f4c291798a
elfutils: Security Advisory - CVE-2015-0255

Directory traversal vulnerability in the read_long_names function in
libelf/elf_begin.c in elfutils 0.152 and 0.161 allows remote attackers
to write to arbitrary files to the root directory via a / (slash) in a
crafted archive, as demonstrated using the ar program.

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9447

(From OE-Core rev: 4a65944b89a76f18c8ff6e148f17508882d387cf)

Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
meta/recipes-devtools/elfutils/elfutils-0.161/0001-libelf-Fix-dir-traversal-vuln-in-ar-extraction.patch [new file with mode: 0644]
meta/recipes-devtools/elfutils/elfutils_0.161.bb