[Buildroot] [PATCH] package/connman: add upstream security fixes for CVE-2021-2667{5, 6}

Heiko Thiery heiko.thiery at gmail.com
Mon Feb 8 15:53:07 UTC 2021


Hi Peter,

Am Mo., 8. Feb. 2021 um 10:39 Uhr schrieb Peter Korsgaard <peter at korsgaard.com>:
>
> Fixes the following security issues:
>
> - CVE-2021-26675: Remote (adjacent network) code execution flaw
> - CVE-2021-26676: Remote stack information leak
>
> For details, see the advisory:
> https://www.openwall.com/lists/oss-security/2021/02/08/2
>
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
> ---
>  ...ding-invalid-data-in-dhcp_get_option.patch | 226 ++++++++++++++++++
>  ...ing-stack-data-via-unitiialized-vari.patch |  27 +++
>  ...gth-checks-to-prevent-buffer-overflo.patch |  56 +++++
>  3 files changed, 309 insertions(+)
>  create mode 100644 package/connman/0001-gdhcp-Avoid-reading-invalid-data-in-dhcp_get_option.patch
>  create mode 100644 package/connman/0002-gdhcp-Avoid-leaking-stack-data-via-unitiialized-vari.patch
>  create mode 100644 package/connman/0003-dnsproxy-Add-length-checks-to-prevent-buffer-overflo.patch

A new version [1] was released today that has these patches
integrated. Maybe we should bump to that.

[1] https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=47bd7ab21bfbe115ca4a10b9b96bdbfeb6c35bff

-- 
Heiko


More information about the buildroot mailing list