[RFC,CFH,sumo,40/47] procps: whitelist CVE-2018-1121

Message ID 340de0c1062a72149b6b3b399215bafa61a52562.1573047195.git.mikko.rapeli@bmw.de
State New
Headers show
Series
  • Untitled series #24753
Related show

Commit Message

Mikko Rapeli Nov. 6, 2019, 3:37 p.m.
From: Ross Burton <ross.burton@intel.com>


This CVE is about race conditions in 'ps' which make it unsuitable for security
audits.  As these race conditions are unavoidable ps shouldn't be used for
security auditing, so this isn't a valid CVE.

(From OE-Core rev: b3fa0654abf9ac32f683ac174e453ea5e64b6cb8)

Signed-off-by: Ross Burton <ross.burton@intel.com>

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>


Conflicts:
	meta/recipes-extended/procps/procps_3.3.15.bb
---
 meta/recipes-extended/procps/procps_3.3.12.bb | 3 +++
 1 file changed, 3 insertions(+)

-- 
1.9.1

-- 
_______________________________________________
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Patch

diff --git a/meta/recipes-extended/procps/procps_3.3.12.bb b/meta/recipes-extended/procps/procps_3.3.12.bb
index 6e15b0a..d4ebaf9 100644
--- a/meta/recipes-extended/procps/procps_3.3.12.bb
+++ b/meta/recipes-extended/procps/procps_3.3.12.bb
@@ -64,3 +64,6 @@  python __anonymous() {
         d.setVarFlag('ALTERNATIVE_LINK_NAME', prog, '%s/%s' % (d.getVar('base_sbindir'), prog))
 }
 
+# 'ps' isn't suitable for use as a security tool so whitelist this CVE.
+# https://bugzilla.redhat.com/show_bug.cgi?id=1575473#c3
+CVE_CHECK_WHITELIST += "CVE-2018-1121"