CaROS/poky
3
1
Fork 0
mirror of https://git.yoctoproject.org/git/poky synced 2026-01-01 13:58:04 +00:00
Code Issues Packages Projects Releases Wiki Activity
dizzy
poky/meta/recipes-core/coreutils
History
Maxin B. John de51204518 coreutils: Fix CVE-2014-9471 
Fiedler Roman discovered that coreutils' parse_datetime() function
has some flaws that may be exploitable if the date(1), touch(1),
or potentially other programs, accept untrusted input for certain
parameters. While researching this issue, he discovered that it
was independently discovered by Bertrand Jacquin and reported at
http://debbugs.gnu.org/cgi/bugreport.cgi?bug=16872

$ touch '--date=TZ="123"345" @1'
*** Error in `touch': free(): invalid pointer: 0x00007fffd33e55e0 ***
Aborted

$ date '--date=TZ="123"345" @1'
date[394]: segfault at 7fff24000000 ip 00007f6dd5b73404 sp 00007fff27cce8f8
error 4 in libc-2.20.so[7f6dd5af7000+199000]
Segmentation fault

(From OE-Core rev: 54debe63cbd38dba56895541c434f895e158f70b)

Signed-off-by: Maxin B. John <maxin.john@enea.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-02-11 17:40:04 +00:00
..
coreutils-6.9 coreutils 6.9: fix coreutils.texi 2013-11-27 11:51:22 +00:00
coreutils-8.22 coreutils: Fix CVE-2014-9471 2015-02-11 17:40:04 +00:00
coreutils_6.9.bb Add texinfo.bbclass; recipes that use texinfo utils at build-time inherit it. 2014-05-02 20:46:59 +01:00
coreutils_8.22.bb coreutils: Fix CVE-2014-9471 2015-02-11 17:40:04 +00:00