[Buildroot] [PATCH] package/connman: add upstream security fixes for CVE-2021-2667{5, 6}
Heiko Thiery
heiko.thiery at gmail.com
Tue Feb 9 07:06:18 UTC 2021
Hi Peter,
Am Mo., 8. Feb. 2021 um 22:10 Uhr schrieb Peter Korsgaard <peter at korsgaard.com>:
>
> >>>>> "Heiko" == Heiko Thiery <heiko.thiery at gmail.com> writes:
>
> > Hi Peter,
> > Am Mo., 8. Feb. 2021 um 10:39 Uhr schrieb Peter Korsgaard <peter at korsgaard.com>:
> >>
> >> Fixes the following security issues:
> >>
> >> - CVE-2021-26675: Remote (adjacent network) code execution flaw
> >> - CVE-2021-26676: Remote stack information leak
> >>
> >> For details, see the advisory:
> >> https://www.openwall.com/lists/oss-security/2021/02/08/2
> >>
> >> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
> >> ---
> >> ...ding-invalid-data-in-dhcp_get_option.patch | 226 ++++++++++++++++++
> >> ...ing-stack-data-via-unitiialized-vari.patch | 27 +++
> >> ...gth-checks-to-prevent-buffer-overflo.patch | 56 +++++
> >> 3 files changed, 309 insertions(+)
> >> create mode 100644
> >> package/connman/0001-gdhcp-Avoid-reading-invalid-data-in-dhcp_get_option.patch
> >> create mode 100644
> >> package/connman/0002-gdhcp-Avoid-leaking-stack-data-via-unitiialized-vari.patch
> >> create mode 100644
> >> package/connman/0003-dnsproxy-Add-length-checks-to-prevent-buffer-overflo.patch
>
> > A new version [1] was released today that has these patches
> > integrated. Maybe we should bump to that.
>
> > [1]
> > https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=47bd7ab21bfbe115ca4a10b9b96bdbfeb6c35bff
>
> I would prefer to add the security patches now, as they are lower risk
> to backport to 2020.02.x (1.39 has ~100 changes on top of 1.38).
Ah ok .. that makes sense.
> But we can certainly bump to 1.39 on master, care to send a patch?
I will do it.
--
Heiko
More information about the buildroot
mailing list