[oe-commits] [openembedded-core] 42/49: procps: whitelist CVE-2018-1121

git at git.openembedded.org git at git.openembedded.org
Wed Nov 6 20:45:29 UTC 2019


This is an automated email from the git hooks/post-receive script.

rpurdie pushed a commit to branch sumo-next
in repository openembedded-core.

commit 618a3203d53d33e6403386f1204bcaf327b68f37
Author: Ross Burton <ross.burton at intel.com>
AuthorDate: Wed Nov 6 17:37:55 2019 +0200

    procps: whitelist CVE-2018-1121
    
    This CVE is about race conditions in 'ps' which make it unsuitable for security
    audits.  As these race conditions are unavoidable ps shouldn't be used for
    security auditing, so this isn't a valid CVE.
    
    (From OE-Core rev: b3fa0654abf9ac32f683ac174e453ea5e64b6cb8)
    
    Signed-off-by: Ross Burton <ross.burton at intel.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
    
    Conflicts:
    	meta/recipes-extended/procps/procps_3.3.15.bb
---
 meta/recipes-extended/procps/procps_3.3.12.bb | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/meta/recipes-extended/procps/procps_3.3.12.bb b/meta/recipes-extended/procps/procps_3.3.12.bb
index 6e15b0a..d4ebaf9 100644
--- a/meta/recipes-extended/procps/procps_3.3.12.bb
+++ b/meta/recipes-extended/procps/procps_3.3.12.bb
@@ -64,3 +64,6 @@ python __anonymous() {
         d.setVarFlag('ALTERNATIVE_LINK_NAME', prog, '%s/%s' % (d.getVar('base_sbindir'), prog))
 }
 
+# 'ps' isn't suitable for use as a security tool so whitelist this CVE.
+# https://bugzilla.redhat.com/show_bug.cgi?id=1575473#c3
+CVE_CHECK_WHITELIST += "CVE-2018-1121"

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.


More information about the Openembedded-commits mailing list