[Buildroot] [PATCH] package/connman: add upstream security fixes for CVE-2021-2667{5, 6}
Heiko Thiery
heiko.thiery at gmail.com
Mon Feb 8 15:53:07 UTC 2021
Hi Peter,
Am Mo., 8. Feb. 2021 um 10:39 Uhr schrieb Peter Korsgaard <peter at korsgaard.com>:
>
> Fixes the following security issues:
>
> - CVE-2021-26675: Remote (adjacent network) code execution flaw
> - CVE-2021-26676: Remote stack information leak
>
> For details, see the advisory:
> https://www.openwall.com/lists/oss-security/2021/02/08/2
>
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
> ---
> ...ding-invalid-data-in-dhcp_get_option.patch | 226 ++++++++++++++++++
> ...ing-stack-data-via-unitiialized-vari.patch | 27 +++
> ...gth-checks-to-prevent-buffer-overflo.patch | 56 +++++
> 3 files changed, 309 insertions(+)
> create mode 100644 package/connman/0001-gdhcp-Avoid-reading-invalid-data-in-dhcp_get_option.patch
> create mode 100644 package/connman/0002-gdhcp-Avoid-leaking-stack-data-via-unitiialized-vari.patch
> create mode 100644 package/connman/0003-dnsproxy-Add-length-checks-to-prevent-buffer-overflo.patch
A new version [1] was released today that has these patches
integrated. Maybe we should bump to that.
[1] https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=47bd7ab21bfbe115ca4a10b9b96bdbfeb6c35bff
--
Heiko
More information about the buildroot
mailing list