[yocto] CVE-2014-6271: remote code execution through bash
Sona Sarmadi
sona.sarmadi at enea.com
Thu Sep 25 01:22:24 PDT 2014
Security bug in bash:
http://seclists.org/oss-sec/2014/q3/649
/Sona
> -----Original Message-----
> From: Burton, Ross [mailto:ross.burton at intel.com]
> Sent: den 24 september 2014 22:59
> To: Sona Sarmadi
> Cc: Jolley, Stephen K; yocto at yoctoproject.org
> Subject: Re: [yocto] Minutes: Yocto Project Technical Team Meeting -
> Tuesday, September 9, 2014 8:00 AM US Pacific Time
>
> On 24 September 2014 12:44, Sona Sarmadi <sona.sarmadi at enea.com>
> wrote:
> >> As well as security fixes for the kernel, do you also cover security
> >> fixes for the userspace (i.e. everything else in oe-core)? Help
> >> keeping the rest of the system safe, and relevant fixes backported to
> >> the stable releases, is always welcome.
> >
> > Yes, we monitor oss-security public mailing list, as soon a new vulnerability
> (CVE) in the Linux kernel or userspace is announced in that list, we try to
> catch them and backport all which are relevant. We look for other sources as
> well but oss-securiy (oss-security at lists.openwall.com) is a good
> source/mailing list/ to detect vulnerabilities in open source products (kernel
> & userspace).
>
>
> Well this is convenient timing... I'm sure you've noticed the CVE in bash, will
> your team be able to submit patches for the releases we are supporting (1.4
> onwards)?
>
> Ross
More information about the yocto
mailing list