Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 17 Feb 2015 22:47:14 +0100
From: Florian Weimer <fw@...eb.enyo.de>
To: oss-security@...ts.openwall.com
Subject: Re: CVE-Request - bitbake

* Maxin John:

> Executing "bitbake -g -u depexp <package>" when DISPLAY is not
> properly set causes segfault and a denial of service (through OOM) via
> a crafted script.
>
> Bug Report URL:
> https://bugzilla.yoctoproject.org/show_bug.cgi?id=7299

I'm not sure if this is a security vulnerability in Bitbake.  It's a
build tool, right?  If the build jobs are not constraint externally,
the build commands could cause resource exhaustion in their own right,
I think.

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ