mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-03-25 19:02:23 +01:00
Code Issues Packages Projects Releases Wiki Activity

python: Fix CVE-2014-1912

Browse Source 
A remote user can send specially crafted data to trigger a buffer overflow
in socket.recvfrom_into() and execute arbitrary code on the target system.
The code will run with the privileges of the target service.

This back-ported patch fixes CVE-2014-1912

(From OE-Core rev: 344049ccfa59ae489c35fe0fb7592f7d34720b51)

Signed-off-by: Maxin B. John <maxin.john@enea.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Maxin B. John
2014-04-07 17:48:11 +02:00
committed by Richard Purdie
parent 398a971f92
commit e34ad1e27b
2 changed files with 27 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
meta/recipes-devtools/python/python_2.7.3.bb
View File

@@ -35,6 +35,7 @@ SRC_URI += "\
file://parallel-makeinst-create-bindir.patch \
file://python-2.7.3-CVE-2013-1752-smtplib-fix.patch \
file://python-fix-build-error-with-Readline-6.3.patch \
file://python-2.7.3-CVE-2014-1912.patch \
"
S = "${WORKDIR}/Python-${PV}"