[yocto-security] [OE-core CVE] branch master-next updated. 62fc26075afc2d56a73777aad753a643fbdafbfa

cve-notice at lists.openembedded.org cve-notice at lists.openembedded.org
Fri Sep 13 19:15:33 PDT 2019 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "".

The branch, master-next has been updated
       via  62fc26075afc2d56a73777aad753a643fbdafbfa (commit)
      from  40366aee7a3a45e85b739db883c343c742b2a55d (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 62fc26075afc2d56a73777aad753a643fbdafbfa
Author: Peiran Hong <peiran.hong at windriver.com>
Date:   Fri Sep 13 17:27:29 2019 -0400

    tcpdump: Fix CVE-2017-16808
    
    Backport selected parts of three upstream commits to fix
    CVE-2017-16808 where tcpdump 4.9.2 has a heap-based buffer over-read.
    
    Upstream-Status: Backport
    [ several ]
    
    Upstream commits fully backported:
    46aead6  [CVE-2017-16808/AoE: Add a missing bounds check]
    
    Upstream commits partially backported:
    7068209  [Use nd_ types in 802.x and FDDI headers.]
    84ef17a  [Replace ND_TTEST2()/ND_TCHECK2() macros by macros using
    pointers (1/n)]
    
    46aead6 fixes the vulnerability and requires two macros defined in
    7068209 and 84ef17a, which are committed after the release of 4.9.2.
    Only the definition of the macros are taken from the two commits
    as they impact a wide range of code and are difficult to integrate.
    
    CVE: CVE-2017-16808
    
    Signed-off-by: Peiran Hong <peiran.hong at windriver.com>
    Signed-off-by: Khem Raj <raj.khem at gmail.com>

-----------------------------------------------------------------------

Summary of changes:
 ...2017-16808-AoE-Add-a-missing-bounds-check.patch | 61 ++++++++++++++++++++++
 .../recipes-support/tcpdump/tcpdump_4.9.2.bb       |  1 +
 2 files changed, 62 insertions(+)
 create mode 100644 meta-networking/recipes-support/tcpdump/tcpdump/0001-CVE-2017-16808-AoE-Add-a-missing-bounds-check.patch


hooks/post-receive
--

More information about the yocto-security mailing list