KumiSystems/openwrtv3
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
openwrtv3/package/utils/busybox/patches
History
John Crispin 7c0a2bc930 busybox: backport cve-2017-16544 fix 
In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2,
the tab autocomplete feature of the shell, used to get a list of filenames
in a directory, does not sanitize filenames and results in executing any
escape sequence in the terminal. This could potentially result in code
execution, arbitrary file writes, or other attacks.

Fixes: FS#1181 - CVE-2017-16544:

Backport the patch from:
https://git.busybox.net/busybox/commit/?id=c3797d40a1c57352192c6106cc0f435e7d9c11e8
https://nvd.nist.gov/vuln/detail/CVE-2017-16544

Signed-off-by: Derek Werthmuller <thewerthfam@gmail.com>
Signed-off-by: John Crispin <john@phrozen.org>
2018-01-02 07:14:08 +01:00
..
001-resource_h_include.patch busybox: update to version 1.25.0 2016-09-20 22:37:02 +02:00
100-trylink_bash.patch busybox: update to 1.22.1 2014-05-25 17:42:09 +00:00
101-gen_build_files_bash.patch busybox: update to 1.22.1 2014-05-25 17:42:09 +00:00
110-no_static_libgcc.patch busybox: update to 1.22.1 2014-05-25 17:42:09 +00:00
130-mconf_missing_sigwinch.patch busybox: update to 1.22.1 2014-05-25 17:42:09 +00:00
200-udhcpc_reduce_msgs.patch busybox: update to 1.27.2 2017-08-30 22:34:41 +02:00
201-udhcpc_changed_ifindex.patch busybox: update to 1.27.2 2017-08-30 22:34:41 +02:00
203-udhcpc_renew_no_deconfig.patch busybox: update to 1.27.2 2017-08-30 22:34:41 +02:00
210-add_netmsg_util.patch busybox: convert netmsg and lock applet to "new style" applet definition 2017-01-29 14:09:36 +01:00
220-add_lock_util.patch busybox: convert netmsg and lock applet to "new style" applet definition 2017-01-29 14:09:36 +01:00
230-add_nslookup_lede.patch merge: busybox: update CONFIG_NSLOOKUP in busybox config and respective patch 2017-12-08 19:41:18 +01:00
240-telnetd_intr.patch busybox: update to 1.26.2 2017-01-29 14:09:38 +01:00
250-date-k-flag.patch busybox: update to 1.26.2 2017-01-29 14:09:38 +01:00
270-libbb_make_unicode_printable.patch busybox: update to version 1.24.1 2015-10-30 15:18:17 +00:00
301-ip-link-fix-netlink-msg-size.patch busybox: update to 1.27.2 2017-08-30 22:34:41 +02:00
500-move-traceroute-applets-to-bin.patch busybox: move traceroute applets to /bin 2017-08-30 18:12:48 +02:00
510-move-passwd-applet-to-bin.patch busybox: move passwd applet to /bin 2017-08-30 18:12:48 +02:00
600-cve-2017-16544.patch busybox: backport cve-2017-16544 fix 2018-01-02 07:14:08 +01:00