[OE-core] [PATCH 3/3] bash: Fix CVE-2014-7169

Paul Eggleton paul.eggleton at linux.intel.com
Thu Oct 2 12:28:54 UTC 2014 

On Thursday 02 October 2014 00:07:41 Robert Yang wrote:
> From: Khem Raj <raj.khem at gmail.com>
> 
> This is a followup patch to incomplete CVE-2014-6271 fix
> code execution via specially-crafted environment
> 
> Change-Id: Ibb0a587ee6e09b8174e92d005356e822ad40d4ed
> (From OE-Core master rev: 76a2d6b83472995edbe967aed80f0fcbb784b3fc)
> 
> Signed-off-by: Khem Raj <raj.khem at gmail.com>
> Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
> Signed-off-by: Robert Yang <liezhi.yang at windriver.com>
> ---
>  .../bash/bash-3.2.48/cve-2014-7169.patch           |   16 ++++++++++++++++
>  meta/recipes-extended/bash/bash_3.2.48.bb          |    1 +
>  2 files changed, 17 insertions(+)
>  create mode 100644
> meta/recipes-extended/bash/bash-3.2.48/cve-2014-7169.patch
> 
> diff --git a/meta/recipes-extended/bash/bash-3.2.48/cve-2014-7169.patch
> b/meta/recipes-extended/bash/bash-3.2.48/cve-2014-7169.patch new file mode
> 100644
> index 0000000..2e734de
> --- /dev/null
> +++ b/meta/recipes-extended/bash/bash-3.2.48/cve-2014-7169.patch
> @@ -0,0 +1,16 @@
> +Taken from http://www.openwall.com/lists/oss-security/2016/09/25/10
> +
> +Upstream-Status: Backport
> +Index: bash-3.2.48/parse.y
> +===================================================================
> +--- bash-3.2.48.orig/parse.y	2008-04-29 18:24:55.000000000 -0700
> ++++ bash-3.2.48/parse.y	2014-09-26 13:07:31.956080056 -0700
> +@@ -2503,6 +2503,8 @@
> +   FREE (word_desc_to_read);
> +   word_desc_to_read = (WORD_DESC *)NULL;
> +
> ++  eol_ungetc_lookahead = 0;
> ++
> +   last_read_token = '\n';
> +   token_to_read = '\n';
> + }
> diff --git a/meta/recipes-extended/bash/bash_3.2.48.bb
> b/meta/recipes-extended/bash/bash_3.2.48.bb index 5849ed0..e6a04cd 100644
> --- a/meta/recipes-extended/bash/bash_3.2.48.bb
> +++ b/meta/recipes-extended/bash/bash_3.2.48.bb
> @@ -13,6 +13,7 @@ SRC_URI =
> "${GNU_MIRROR}/bash/bash-${PV}.tar.gz;name=tarball \
> file://build-tests.patch \
>             file://test-output.patch \
>             file://cve-2014-6271.patch;striplevel=0 \
> +           file://cve-2014-7169.patch \
>             file://run-ptest \
>            "

Unfortunately these two only patch the 3.x version of the bash recipe, leaving 
the 4.x version unpatched.

Cheers,
Paul

-- 

Paul Eggleton
Intel Open Source Technology Centre

More information about the Openembedded-core mailing list