aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorWang Mingyu <wangmy@cn.fujitsu.com>2020-12-15 15:22:03 +0800
committerKhem Raj <raj.khem@gmail.com>2020-12-15 00:52:55 -0800
commitd259144422bb44af9dbc7397fc4077d0bf3fc83f (patch)
tree95bdb81430eaae729035dc4bac452111956dbb9f
parent9301b77e3266160ffb7e9bfd69d445f0392076c8 (diff)
downloadmeta-openembedded-contrib-d259144422bb44af9dbc7397fc4077d0bf3fc83f.tar.gz
meta-openembedded-contrib-d259144422bb44af9dbc7397fc4077d0bf3fc83f.tar.bz2
meta-openembedded-contrib-d259144422bb44af9dbc7397fc4077d0bf3fc83f.zip
zabbix: CVE-2020-15803 Security Advisory
References https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15803 Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
-rw-r--r--meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2020-15803.patch36
-rw-r--r--meta-oe/recipes-connectivity/zabbix/zabbix_4.4.6.bb1
2 files changed, 37 insertions, 0 deletions
diff --git a/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2020-15803.patch b/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2020-15803.patch
new file mode 100644
index 0000000000..2eec4bf327
--- /dev/null
+++ b/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2020-15803.patch
@@ -0,0 +1,36 @@
+From 4943334fd9bf7dffd49f9e86251ad40b3efe2135 Mon Sep 17 00:00:00 2001
+From: Wang Mingyu <wangmy@cn.fujitsu.com>
+Date: Fri, 11 Dec 2020 17:02:20 +0900
+Subject: [PATCH] Fix bug for CVE-2020-15803
+
+Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
+---
+ frontends/php/include/classes/html/CIFrame.php | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/frontends/php/include/classes/html/CIFrame.php b/frontends/php/include/classes/html/CIFrame.php
+index 32220cd..70f2ab5 100644
+--- a/frontends/php/include/classes/html/CIFrame.php
++++ b/frontends/php/include/classes/html/CIFrame.php
+@@ -29,6 +29,7 @@ class CIFrame extends CTag {
+ $this->setHeight($height);
+ $this->setScrolling($scrolling);
+ $this->setId($id);
++ $this->setSandbox();
+ }
+
+ public function setSrc($value = null) {
+@@ -69,4 +70,10 @@ class CIFrame extends CTag {
+ $this->setAttribute('scrolling', $value);
+ return $this;
+ }
++
++ private function setSandbox() {
++ if (ZBX_IFRAME_SANDBOX !== false) {
++ $this->setAttribute('sandbox', ZBX_IFRAME_SANDBOX);
++ }
++ }
+ }
+--
+2.25.1
+
diff --git a/meta-oe/recipes-connectivity/zabbix/zabbix_4.4.6.bb b/meta-oe/recipes-connectivity/zabbix/zabbix_4.4.6.bb
index 0e0ddd5779..98a31879c4 100644
--- a/meta-oe/recipes-connectivity/zabbix/zabbix_4.4.6.bb
+++ b/meta-oe/recipes-connectivity/zabbix/zabbix_4.4.6.bb
@@ -26,6 +26,7 @@ PACKAGE_ARCH = "${MACHINE_ARCH}"
SRC_URI = "http://jaist.dl.sourceforge.net/project/zabbix/ZABBIX%20Latest%20Stable/${PV}/${BPN}-${PV}.tar.gz \
file://0001-Fix-configure.ac.patch \
file://zabbix-agent.service \
+ file://CVE-2020-15803.patch \
"
SRC_URI[md5sum] = "e666539220be93b1af38e40f5fbb1f79"