[OE-core] [PATCH RFC CFH][sumo 40/47] procps: whitelist CVE-2018-1121

Wed, 06 Nov 2019 08:47:41 -0800 

From: Ross Burton <[email protected]>

This CVE is about race conditions in 'ps' which make it unsuitable for security
audits.  As these race conditions are unavoidable ps shouldn't be used for
security auditing, so this isn't a valid CVE.

(From OE-Core rev: b3fa0654abf9ac32f683ac174e453ea5e64b6cb8)

Signed-off-by: Ross Burton <[email protected]>
Signed-off-by: Richard Purdie <[email protected]>

Conflicts:
        meta/recipes-extended/procps/procps_3.3.15.bb
---
 meta/recipes-extended/procps/procps_3.3.12.bb | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/meta/recipes-extended/procps/procps_3.3.12.bb 
b/meta/recipes-extended/procps/procps_3.3.12.bb
index 6e15b0a..d4ebaf9 100644
--- a/meta/recipes-extended/procps/procps_3.3.12.bb
+++ b/meta/recipes-extended/procps/procps_3.3.12.bb
@@ -64,3 +64,6 @@ python __anonymous() {
         d.setVarFlag('ALTERNATIVE_LINK_NAME', prog, '%s/%s' % 
(d.getVar('base_sbindir'), prog))
 }
 
+# 'ps' isn't suitable for use as a security tool so whitelist this CVE.
+# https://bugzilla.redhat.com/show_bug.cgi?id=1575473#c3
+CVE_CHECK_WHITELIST += "CVE-2018-1121"
-- 
1.9.1

-- 
_______________________________________________
Openembedded-core mailing list
[email protected]
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Reply via email to