busybox: fix CVE-2022-28391 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Steve Sakoman <steve@sakoman.com>	2022-05-10 15:21:48 +0200
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2022-05-14 20:26:34 +0100
commit	d68406497e71921a2caeaa8419535b30834db936 (patch)
tree	af246b5f3ad5345557aabcfd64e726d52280fbc3 /scripts/opkg-query-helper.py
parent	5daf9735c90906e537155dee74c022831995ca34 (diff)
download	poky-d68406497e71921a2caeaa8419535b30834db936.tar.gz

busybox: fix CVE-2022-28391

BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record's value to a VT compatible terminal. Alternatively, the attacker could choose to change the terminal's colors. https://nvd.nist.gov/vuln/detail/CVE-2022-28391 Backported from kirkstone 3e17df4cd17c132dc7732ebd3d1c80c81c85bcc4. 2nd patch adjusted to apply on 1.31.1. (From OE-Core rev: 0b9cbcc4ceac3938afd1dd6010ce6d9a3da21598) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

Diffstat (limited to 'scripts/opkg-query-helper.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: