]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: e962e25) | patch
bash: CVE-2016-0634
authorZhixiong Chi <zhixiong.chi@windriver.com>
Thu, 20 Apr 2017 07:04:54 +0000 (15:04 +0800)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Thu, 18 May 2017 12:17:20 +0000 (13:17 +0100)
commita4b37b05140b549960baef49237ce3316e84a041
tree3ce250e8258be103f7d7cff772774bd767651845tree | snapshot
parente962e257f4c124869953d1fbb3da7dbf564f818acommit | diff
bash: CVE-2016-0634

A vulnerability was found in a way bash expands the $HOSTNAME.
Injecting the hostname with malicious code would cause it to run
each time bash expanded \h in the prompt string.

Porting patch from <https://ftp.gnu.org/gnu/bash/bash-4.3-patches/
bash43-047> to solve CVE-2016-0634

CVE: CVE-2016-0634

(From OE-Core rev: 7dd6aa1a4bf6e9fc8a1998cda6ac5397bb5cd5cb)

Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
meta/recipes-extended/bash/bash_4.3.30.bb diff | blob | history
Mirror of the official openembedded-core repository