This website requires JavaScript.
Explore
Help
Register
Sign In
ports
/
core
Watch
4
Star
3
Fork
0
You've already forked core
Code
Issues
2
Pull Requests
Activity
4b1ddcc39b
core
/
dhcpcd
/
.md5sum
2 lines
55 B
Plaintext
Raw
Normal View
History
Unescape
Escape
[notify] dhcpcd: update to 6.4.7 includes the following addition: * Sanitise the following characters using svis(3) with VIS_CTYLE and VIS_OCTAL: | ^ & ; < > ( ) $ ` \ " ' <tab> <newline> This allows a non buggy unvis(1) to decode it 100% and stays compatible with how dhcpcd used to handle encoding on most platforms. For systems that supply svis(3) there is a code reduction, for systems that do not, a slight code increase. This change mitigates systems affected by bash CVE-2014-6271 and CVE-2014-7169. Obviously the last one is quite important as DHCP/RA is one of the attack vectors the "shellshock" bug. As dhcpcd cannot know if /bin/sh is vulnerable (and as of now, bash is *still* vulnerable), it sanitises all the important shell characters as noted in IEEE Std 1003.1, 2004 Edition, 2. Shell Command Language, 2.2 Quoting with the exception of the space character. Full change log: http://roy.marples.name/archives/dhcpcd-discuss/2014/0811.html
2014-09-27 11:48:05 +02:00
b2289237a5b666a11178a9517c3f1240 dhcpcd-6.4.7.tar.bz2
Reference in New Issue
Copy Permalink