[OE-core] [PATCH 3/3] bash: Fix CVE-2014-7169

Paul Eggleton paul.eggleton at linux.intel.com
Thu Oct 2 14:28:45 UTC 2014 

On Thursday 02 October 2014 13:28:54 Paul Eggleton wrote:
> On Thursday 02 October 2014 00:07:41 Robert Yang wrote:
> > From: Khem Raj <raj.khem at gmail.com>
> > 
> > This is a followup patch to incomplete CVE-2014-6271 fix
> > code execution via specially-crafted environment
> > 
> > Change-Id: Ibb0a587ee6e09b8174e92d005356e822ad40d4ed
> > (From OE-Core master rev: 76a2d6b83472995edbe967aed80f0fcbb784b3fc)
> > 
> > Signed-off-by: Khem Raj <raj.khem at gmail.com>
> > Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
> > Signed-off-by: Robert Yang <liezhi.yang at windriver.com>
> > ---
> > 
> >  .../bash/bash-3.2.48/cve-2014-7169.patch           |   16
> >  ++++++++++++++++
> >  meta/recipes-extended/bash/bash_3.2.48.bb          |    1 +
> >  2 files changed, 17 insertions(+)
> >  create mode 100644
> > 
> > meta/recipes-extended/bash/bash-3.2.48/cve-2014-7169.patch
> > 
> > diff --git a/meta/recipes-extended/bash/bash-3.2.48/cve-2014-7169.patch
> > b/meta/recipes-extended/bash/bash-3.2.48/cve-2014-7169.patch new file mode
> > 100644
> > index 0000000..2e734de
> > --- /dev/null
> > +++ b/meta/recipes-extended/bash/bash-3.2.48/cve-2014-7169.patch
> > @@ -0,0 +1,16 @@
> > +Taken from http://www.openwall.com/lists/oss-security/2016/09/25/10
> > +
> > +Upstream-Status: Backport
> > +Index: bash-3.2.48/parse.y
> > +===================================================================
> > +--- bash-3.2.48.orig/parse.y	2008-04-29 18:24:55.000000000 -0700
> > ++++ bash-3.2.48/parse.y	2014-09-26 13:07:31.956080056 -0700
> > +@@ -2503,6 +2503,8 @@
> > +   FREE (word_desc_to_read);
> > +   word_desc_to_read = (WORD_DESC *)NULL;
> > +
> > ++  eol_ungetc_lookahead = 0;
> > ++
> > +   last_read_token = '\n';
> > +   token_to_read = '\n';
> > + }
> > diff --git a/meta/recipes-extended/bash/bash_3.2.48.bb
> > b/meta/recipes-extended/bash/bash_3.2.48.bb index 5849ed0..e6a04cd 100644
> > --- a/meta/recipes-extended/bash/bash_3.2.48.bb
> > +++ b/meta/recipes-extended/bash/bash_3.2.48.bb
> > @@ -13,6 +13,7 @@ SRC_URI =
> > "${GNU_MIRROR}/bash/bash-${PV}.tar.gz;name=tarball \
> > file://build-tests.patch \
> > 
> >             file://test-output.patch \
> >             file://cve-2014-6271.patch;striplevel=0 \
> > 
> > +           file://cve-2014-7169.patch \
> > 
> >             file://run-ptest \
> >            
> >            "
> 
> Unfortunately these two only patch the 3.x version of the bash recipe,
> leaving the 4.x version unpatched.

I have just sent fixes for this.

Cheers,
Paul

-- 

Paul Eggleton
Intel Open Source Technology Centre

More information about the Openembedded-core mailing list