[OE-core] [PATCH 1/3] readline: Security Advisory - readline - CVE-2014-2524
Petter Mabäcker
petter at technux.se
Tue Oct 6 08:11:47 UTC 2015
Hi Kai,
I played around with the new meta-security-isafw layer and
the cve-check-tool. In readline the cve CVE-2014-2524 is marked as
'missing' by the framework and I was confused to start with, since I saw
that this commit was included. But after looking at the actual patch I
realized that it only contains a report and not the patch itself. My
question is if that is with purpose and due to some decision that the
CVE isn't really causing any harm or if it's by mistake?
BR Petter
Petter Mabäcker
Technux
<petter at technux.se>
www.technux.se
2014-10-16 11:48 skrev Kai Kang:
>
The _rl_tropen function in util.c in GNU readline before 6.3 patch 3
>
allows local users to create or overwrite arbitrary files via a
symlink
> attack on a /var/tmp/rltrace.[PID] file.
>
>
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2524 [1]
>
>
Signed-off-by: Yue Tao <Yue.Tao at windriver.com>
> Signed-off-by: Kai Kang
<kai.kang at windriver.com>
> ---
>
.../readline/readline-6.3/readline63-003 | 43 ++++++++++++++++++++++
>
meta/recipes-core/readline/readline_6.3.bb | 2 +
> 2 files changed, 45
insertions(+)
> create mode 100644
meta/recipes-core/readline/readline-6.3/readline63-003
>
> diff --git
a/meta/recipes-core/readline/readline-6.3/readline63-003
b/meta/recipes-core/readline/readline-6.3/readline63-003
> new file mode
100644
> index 0000000..98a9d81
> --- /dev/null
> +++
b/meta/recipes-core/readline/readline-6.3/readline63-003
> @@ -0,0 +1,43
@@
> +readline: Security Advisory - readline - CVE-2014-2524
> +
>
+Upstream-Status: Backport
> +
> +Signed-off-by: Yue Tao
<yue.tao at windriver.com>
> +
> + READLINE PATCH REPORT
> +
=====================
> +
> +Readline-Release: 6.3
> +Patch-ID:
readline63-003
> +
> +Bug-Reported-by:
> +Bug-Reference-ID:
>
+Bug-Reference-URL:
> +
> +Bug-Description:
> +
> +There are debugging
functions in the readline release that are theoretically
> +exploitable
as security problems. They are not public functions, but have
> +global
linkage.
> +
> +Patch (apply with `patch -p0'):
> +
> +***
../readline-6.3/util.c 2013-09-02 13:36:12.000000000 -0400
> +--- util.c
2014-03-20 10:25:53.000000000 -0400
> +***************
> +*** 477,480
****
> +--- 479,483 ----
> + }
> +
> ++ #if defined (DEBUG)
> + #if
defined (USE_VARARGS)
> + static FILE *_rl_tracefp;
> +***************
>
+*** 539,542 ****
> +--- 542,546 ----
> + }
> + #endif
> ++ #endif /*
DEBUG */
> +
> +
> +
> diff --git
a/meta/recipes-core/readline/readline_6.3.bb
b/meta/recipes-core/readline/readline_6.3.bb
> index aa30f66..2ae73ea
100644
> --- a/meta/recipes-core/readline/readline_6.3.bb
> +++
b/meta/recipes-core/readline/readline_6.3.bb
> @@ -1,5 +1,7 @@
> require
readline.inc
>
> +SRC_URI_append = " file://readline63-003"
> +
>
SRC_URI[archive.md5sum] = "33c8fb279e981274f485fd91da77e94a"
>
SRC_URI[archive.sha256sum] =
"56ba6071b9462f980c5a72ab0023893b65ba6debb4eeb475d7a563dc65cafd43"
>
>
--
> 1.9.1
Links:
------
[1]
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2524
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openembedded.org/pipermail/openembedded-core/attachments/20151006/79e6af76/attachment-0002.html>
More information about the Openembedded-core
mailing list