]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 841da7e) | patch
bash: CVE-2016-0634
authorZhixiong Chi <zhixiong.chi@windriver.com>
Thu, 20 Apr 2017 07:04:54 +0000 (15:04 +0800)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Fri, 12 May 2017 07:49:30 +0000 (08:49 +0100)
commit7dd6aa1a4bf6e9fc8a1998cda6ac5397bb5cd5cb
tree06b7c69f5ee223c53e5e5384cde292fef8504264tree | snapshot
parent841da7e566799d6a2f2c6c7f3de885d328e8a972commit | diff
bash: CVE-2016-0634

A vulnerability was found in a way bash expands the $HOSTNAME.
Injecting the hostname with malicious code would cause it to run
each time bash expanded \h in the prompt string.

Porting patch from <https://ftp.gnu.org/gnu/bash/bash-4.3-patches/
bash43-047> to solve CVE-2016-0634

CVE: CVE-2016-0634

Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
meta/recipes-extended/bash/bash_4.3.30.bb diff | blob | history
Mirror of the official openembedded-core repository