[OE-core] [PATCH 4/7] procps: whitelist CVE-2018-1121
Anuj Mittal
anuj.mittal at intel.com
Sun Nov 10 14:54:13 UTC 2019
From: Ross Burton <ross.burton at intel.com>
This CVE is about race conditions in 'ps' which make it unsuitable for security
audits. As these race conditions are unavoidable ps shouldn't be used for
security auditing, so this isn't a valid CVE.
Signed-off-by: Ross Burton <ross.burton at intel.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
Signed-off-by: Adrian Bunk <bunk at stusta.de>
Signed-off-by: Anuj Mittal <anuj.mittal at intel.com>
---
meta/recipes-extended/procps/procps_3.3.15.bb | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/meta/recipes-extended/procps/procps_3.3.15.bb b/meta/recipes-extended/procps/procps_3.3.15.bb
index 9756db0e7b..f240e54fd8 100644
--- a/meta/recipes-extended/procps/procps_3.3.15.bb
+++ b/meta/recipes-extended/procps/procps_3.3.15.bb
@@ -4,9 +4,9 @@ the /proc filesystem. The package includes the programs ps, top, vmstat, w, kill
HOMEPAGE = "https://gitlab.com/procps-ng/procps"
SECTION = "base"
LICENSE = "GPLv2+ & LGPLv2+"
-LIC_FILES_CHKSUM="file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
- file://COPYING.LIB;md5=4cf66a4984120007c9881cc871cf49db \
- "
+LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
+ file://COPYING.LIB;md5=4cf66a4984120007c9881cc871cf49db \
+ "
DEPENDS = "ncurses"
@@ -64,3 +64,6 @@ python __anonymous() {
d.setVarFlag('ALTERNATIVE_LINK_NAME', prog, '%s/%s' % (d.getVar('base_sbindir'), prog))
}
+# 'ps' isn't suitable for use as a security tool so whitelist this CVE.
+# https://bugzilla.redhat.com/show_bug.cgi?id=1575473#c3
+CVE_CHECK_WHITELIST += "CVE-2018-1121"
--
2.21.0
More information about the Openembedded-core
mailing list