Syntax: Plain text | Will vanish in: | Raw data
HEAD is now at e8936e9a Revert "nagios-plugins: fix CVE-2023-37154"
martin@jama /OE/layers/meta-virtualization $ git am /home/messages/meta-virt/cur/1733934759.2224280_1.jama\:2\,S
1733934759.2224280_1.jama:2,S
martin@jama /OE/layers/meta-virtualization $ git am /home/messages/meta-virt/cur/1733934759.2224280_1.jama\:2\,S
Applying: nagios-plugins: fix CVE-2023-37154
.git/rebase-apply/patch:33: space before tab in indent.
[path and arguments for invoking 'who'])
.git/rebase-apply/patch:35: trailing whitespace.
.git/rebase-apply/patch:47: space before tab in indent.
[AS_HELP_STRING([--with-ipv6], [support IPv6 @<:@default=check@:>@])],
.git/rebase-apply/patch:48: space before tab in indent.
[], [with_ipv6=check])
.git/rebase-apply/patch:55: trailing whitespace.
warning: squelched 9 whitespace errors
warning: 14 lines add whitespace errors.
martin@jama /OE/layers/meta-virtualization $ git show -1 --stat
commit 9df3006ae7595bf90118e1569a1025b071907532 (HEAD)
Author: Changqing Li <changqing.li@windriver.com>
Date: Thu Nov 28 11:07:17 2024 +0800
nagios-plugins: fix CVE-2023-37154
CVE-2023-37154:
check_by_ssh in Nagios nagios-plugins 2.4.5 allows arbitrary command execution
via ProxyCommand, LocalCommand, and PermitLocalCommand with \${IFS}. This has
been categorized both as fixed in e8810de, and as intended behavior.
Refer:
https://nvd.nist.gov/vuln/detail/CVE-2023-37154
Signed-off-by: Changqing Li <changqing.li@windriver.com>
recipes-extended/nagios/nagios-plugins/CVE-2023-37154.patch | 69 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
recipes-extended/nagios/nagios-plugins_2.2.1.bb | 1 +
2 files changed, 70 insertions(+)