diff options
author | Catalin Popeanga <Catalin.Popeanga@enea.com> | 2014-10-09 14:24:53 +0200 |
---|---|---|
committer | Paul Eggleton <paul.eggleton@linux.intel.com> | 2014-10-12 21:29:14 +0100 |
commit | ae653aed4c6b7d8075cd464edcd2e01237bfc105 (patch) | |
tree | aa134f8d93c3f94ec11c094c7c79df3b024db32d /meta/recipes-extended/bash/bash_3.2.48.bb | |
parent | 32818a104ae99a5795d91a2960d48d433d542dee (diff) | |
download | openembedded-core-ae653aed4c6b7d8075cd464edcd2e01237bfc105.tar.gz |
bash: Fix for CVE-2014-6277
Follow up bash42-049 to parse properly function definitions in the
values of environment variables, to not allow remote attackers to
execute arbitrary code or to cause a denial of service.
See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277
(From OE-Core daisy rev: 85961bcf81650992259cebb0ef1f1c6cdef3fefa)
Signed-off-by: Catalin Popeanga <Catalin.Popeanga@enea.com>
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Diffstat (limited to 'meta/recipes-extended/bash/bash_3.2.48.bb')
-rw-r--r-- | meta/recipes-extended/bash/bash_3.2.48.bb | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-extended/bash/bash_3.2.48.bb b/meta/recipes-extended/bash/bash_3.2.48.bb index f50bc636af..82816fdebc 100644 --- a/meta/recipes-extended/bash/bash_3.2.48.bb +++ b/meta/recipes-extended/bash/bash_3.2.48.bb @@ -14,6 +14,7 @@ SRC_URI = "${GNU_MIRROR}/bash/bash-${PV}.tar.gz;name=tarball \ file://cve-2014-7169.patch \ file://Fix-for-bash-exported-function-namespace-change.patch \ file://cve-2014-7186_cve-2014-7187.patch \ + file://cve-2014-6277.patch \ " SRC_URI[tarball.md5sum] = "338dcf975a93640bb3eaa843ca42e3f8" |