From b63137da3fce51c412f20bc2ea6f333b0ef4ab34 Mon Sep 17 00:00:00 2001 From: Yi Zhao Date: Mon, 15 Apr 2019 14:58:34 +0800 Subject: netkit-rsh: security fixes Fix CVE-2019-7282, CVE-2019-7283 References: https://nvd.nist.gov/vuln/detail/CVE-2019-7282 https://nvd.nist.gov/vuln/detail/CVE-2019-7283 Patch from: https://sources.debian.org/src/netkit-rsh/0.17-20/debian/patches/fix-CVE-2018-20685-and-CVE-2019-6111.patch Signed-off-by: Yi Zhao Signed-off-by: Khem Raj Signed-off-by: Armin Kuster --- .../CVE-2019-7282-and-CVE-2019-7283.patch | 33 ++++++++++++++++++++++ .../recipes-netkit/netkit-rsh/netkit-rsh_0.17.bb | 1 + 2 files changed, 34 insertions(+) create mode 100644 meta-networking/recipes-netkit/netkit-rsh/netkit-rsh/CVE-2019-7282-and-CVE-2019-7283.patch diff --git a/meta-networking/recipes-netkit/netkit-rsh/netkit-rsh/CVE-2019-7282-and-CVE-2019-7283.patch b/meta-networking/recipes-netkit/netkit-rsh/netkit-rsh/CVE-2019-7282-and-CVE-2019-7283.patch new file mode 100644 index 0000000000..4381f5bf8b --- /dev/null +++ b/meta-networking/recipes-netkit/netkit-rsh/netkit-rsh/CVE-2019-7282-and-CVE-2019-7283.patch @@ -0,0 +1,33 @@ +From a7831a16c3e0e1463d5eb08a58af152cb75ca976 Mon Sep 17 00:00:00 2001 +From: Yi Zhao +Date: Mon, 15 Apr 2019 06:05:58 +0000 +Subject: [PATCH] Fix CVE-2019-7282 and CVE-2019-7283 + +Description: Fix CVE-2018-20685 and CVE-2019-6111 +Bug-Debian: https://bugs.debian.org/920486 +Origin: https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa8860c061bf7105eb7f8b2#diff-9f340c228413d5a9a9206ea2ed2bc624R1114 + +Upstream-Status: Backport [Debian] +[https://sources.debian.org/src/netkit-rsh/0.17-20/debian/patches/fix-CVE-2018-20685-and-CVE-2019-6111.patch] + +Signed-off-by: Yi Zhao +--- + rcp/rcp.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/rcp/rcp.c b/rcp/rcp.c +index ca61c18..77d8ff8 100644 +--- a/rcp/rcp.c ++++ b/rcp/rcp.c +@@ -740,6 +740,11 @@ sink(int argc, char *argv[]) + size = size * 10 + (*cp++ - '0'); + if (*cp++ != ' ') + SCREWUP("size not delimited"); ++ if (*cp == '\0' || strchr(cp, '/') != NULL || ++ strcmp(cp, ".") == 0 || strcmp(cp, "..") == 0) { ++ error("error: unexpected filename: %s", cp); ++ exit(1); ++ } + if (targisdir) { + static char *namebuf; + static int cursize; diff --git a/meta-networking/recipes-netkit/netkit-rsh/netkit-rsh_0.17.bb b/meta-networking/recipes-netkit/netkit-rsh/netkit-rsh_0.17.bb index d034cd8eda..6f203c5a84 100644 --- a/meta-networking/recipes-netkit/netkit-rsh/netkit-rsh_0.17.bb +++ b/meta-networking/recipes-netkit/netkit-rsh/netkit-rsh_0.17.bb @@ -16,6 +16,7 @@ SRC_URI = "${DEBIAN_MIRROR}/main/n/netkit-rsh/netkit-rsh_${PV}.orig.tar.gz;name= file://netkit-rsh-0.17-rexec-ipv6.patch \ file://fix-host-variable.patch \ file://fixup_wait3_api_change.patch \ + file://CVE-2019-7282-and-CVE-2019-7283.patch \ " SRC_URI[archive.md5sum] = "65f5f28e2fe22d9ad8b17bb9a10df096" -- cgit 1.2.3-korg