]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: ddf907c) | patch
bash: fix CVE-2016-9401
authorLi Zhou <li.zhou@windriver.com>
Mon, 13 Feb 2017 02:53:24 +0000 (10:53 +0800)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Thu, 18 May 2017 12:03:41 +0000 (13:03 +0100)
commit9b5e17b45ca5b2518f1f7c13bb2f79b5b669744f
tree931e5d7c7d77e9a8a504c7b7fffb83743f6bf0bctree | snapshot
parentddf907ca95a19f54785079b4396935273b3747f6commit | diff
bash: fix CVE-2016-9401

popd in bash might allow local users to bypass the restricted shell
and cause a use-after-free via a crafted address.

Porting patch from <https://ftp.gnu.org/pub/gnu/bash/bash-4.4-patches/
bash44-006> to solve CVE-2016-9401.

Signed-off-by: Li Zhou <li.zhou@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit 6987b317d5ce8dc50a37ebba395aa8424bec358c)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
meta/recipes-extended/bash/bash/CVE-2016-9401.patch [new file with mode: 0644] blob
meta/recipes-extended/bash/bash_4.3.30.bb diff | blob | history
Mirror of the official openembedded-core repository