mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-13 17:39:57 +00:00
Code Issues Projects Releases Wiki Activity

keepalived: patch CVE-2021-44225

Browse Source 
Details: https://nvd.nist.gov/vuln/detail/CVE-2021-44225

Pick patch mentioned in the nvd report.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
This commit is contained in:
Gyorgy Sarvari
2025-10-27 15:15:57 +01:00
parent 16071ef98f
commit 0d9619b1bc
2 changed files with 42 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-networking/recipes-daemons/keepalived/keepalived/CVE-2021-44225.patch
+41
View File
@@ -0,0 +1,41 @@
From 585788ee03bfe204a2a796a5f096a499a02c65db Mon Sep 17 00:00:00 2001
From: Vincent Bernat <vincent@bernat.ch>
Date: Tue, 23 Nov 2021 06:50:59 +0100
Subject: [PATCH] dbus: fix policy to not be overly broad
The DBus policy did not restrict the message destination, allowing any
user to inspect and manipulate any property.
CVE: CVE-2021-44225
Upstream-Status: Backport [https://github.com/acassen/keepalived/commit/7977fec0be89ae6fe87405b3f8da2f0b5e415e3d]
Signed-off-by: Vincent Bernat <vincent@bernat.ch>
---
keepalived/dbus/org.keepalived.Vrrp1.conf | 13 ++++++++-----
1 file changed, 8 insertions(+), 5 deletions(-)
diff --git a/keepalived/dbus/org.keepalived.Vrrp1.conf b/keepalived/dbus/org.keepalived.Vrrp1.conf
index 2b78a57..b5ced60 100644
--- a/keepalived/dbus/org.keepalived.Vrrp1.conf
+++ b/keepalived/dbus/org.keepalived.Vrrp1.conf
@@ -3,12 +3,15 @@
"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
<busconfig>
<policy user="root">
- <allow own="org.keepalived.Vrrp1"/>
- <allow send_destination="org.keepalived.Vrrp1"/>
+ <allow own="org.keepalived.Vrrp1" />
+ <allow send_destination="org.keepalived.Vrrp1" />
</policy>
<policy context="default">
- <allow send_interface="org.freedesktop.DBus.Introspectable" />
- <allow send_interface="org.freedesktop.DBus.Peer" />
- <allow send_interface="org.freedesktop.DBus.Properties" />
+ <allow send_destination="org.keepalived.Vrrp1"
+ send_interface="org.freedesktop.DBus.Introspectable" />
+ <allow send_destination="org.keepalived.Vrrp1"
+ send_interface="org.freedesktop.DBus.Peer" />
+ <allow send_destination="org.keepalived.Vrrp1"
+ send_interface="org.freedesktop.DBus.Properties" />
</policy>
</busconfig>
meta-networking/recipes-daemons/keepalived/keepalived_2.2.2.bb
+1
View File
@@ -12,6 +12,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
SRC_URI = "http://www.keepalived.org/software/${BP}.tar.gz \ SRC_URI = "http://www.keepalived.org/software/${BP}.tar.gz \
file://0001-layer4-Change-order-of-include-files.patch \ file://0001-layer4-Change-order-of-include-files.patch \
file://CVE-2021-44225.patch \
" "
SRC_URI[sha256sum] = "103692bd5345a4ed9f4581632ea636214fdf53e45682e200aab122c4fa674ece" SRC_URI[sha256sum] = "103692bd5345a4ed9f4581632ea636214fdf53e45682e200aab122c4fa674ece"
UPSTREAM_CHECK_URI = "https://github.com/acassen/keepalived/releases" UPSTREAM_CHECK_URI = "https://github.com/acassen/keepalived/releases"