code.ossystems Code Review - openembedded-core.git/commit

author	Chen Qi <Qi.Chen@windriver.com>
	Wed, 26 Oct 2016 06:09:47 +0000 (14:09 +0800)
committer	Richard Purdie <richard.purdie@linuxfoundation.org>
	Wed, 16 Nov 2016 10:33:33 +0000 (10:33 +0000)
commit	df3f4785fc69d3ddbd30ccd954aad3d3618c5916
tree	1660444e887882f67ce7f2466e51ed8bd316cc87	tree \| snapshot
parent	51d3cab8aab593481be16cadaca6fcddbb64bc52	commit \| diff

systemd: CVE-2016-7795

The manager_invoke_notify_message function in systemd 231 and earlier allows
local users to cause a denial of service (assertion failure and PID 1 hang)
via a zero-length message received over a notify socket.

The patch is a backport from the latest git repo.

Please see the link below for more information.
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7795

(From OE-Core rev: 543570cafa8d7f595b489d03d05f0aa4478f8539)

Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>

meta/recipes-core/systemd/systemd/CVE-2016-7795.patch	[new file with mode: 0644]	blob
meta/recipes-core/systemd/systemd_230.bb		diff \| blob \| history