code.ossystems Code Review - openembedded-core.git/commit

author	Andre McCurdy <armccurdy@gmail.com>
	Fri, 11 May 2018 23:52:03 +0000 (16:52 -0700)
committer	Richard Purdie <richard.purdie@linuxfoundation.org>
	Wed, 23 May 2018 16:41:02 +0000 (17:41 +0100)
commit	f452fbc5d2ffb9c1417079574bed0dfcdc44787a
tree	2c4fdfbf67c7f6df3aacebcf20387faf6ad7008a	tree \| snapshot
parent	82fc84b059367917690336d279cd8cab679d63ed	commit \| diff

libnl: fix CVE-2017-0553

An elevation of privilege vulnerability in libnl could enable a local
malicious application to execute arbitrary code within the context of
the Wi-Fi service. This issue is rated as Moderate because it first
requires compromising a privileged process and is mitigated by
current platform configurations. Product: Android. Versions: 5.0.2,
5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32342065. NOTE: this
issue also exists in the upstream libnl before 3.3.0 library.

  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0553

Backport fix from upstream libnl 3.3.0 release:

  https://github.com/thom311/libnl/commit/3e18948f17148e6a3c4255bdeaaf01ef6081ceeb
  http://lists.infradead.org/pipermail/libnl/2017-May/002313.html

Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>

meta/recipes-support/libnl/libnl/lib-check-for-integer-overflow-in-nlmsg_reserve.patch	[new file with mode: 0644]	blob
meta/recipes-support/libnl/libnl_3.2.29.bb		diff \| blob \| history