>>>>> "Yann" == Yann E MORIN <[email protected]> writes:
> Ben, All, > On 2024-05-06 12:24 +0200, Ben Hutchings via buildroot spake thusly: >> On Thu, Apr 11, 2024 at 05:31:02PM +0200, Ben Hutchings wrote: >> > Buildroot is a Linux distribution and system builder for embedded >> > systems. Starting in Buildroot 2011.08, its default /etc/fstab >> > included an entry for /dev/shm with incorrect permissons (sticky bit >> > not set). (CWE-276) >> > >> > Buildroot 2017.08 removed this entry for systems using systemd, and it >> > has never been included for systems using OpenRC. So this only >> > affects Buildroot-built systems that use sysvinit, and some older >> > systems that use systemd. >> [...] >> >> This has been assigned CVE-2024-34455. > Thanks for th efeedback. The fix has already been committed, with commit > 0b2967e158 (package/skeleton-init-sysv: Set sticky bit on /dev/shm) that > I applied on 2024-04-11. And it is included in the recently released 2024.02.2 rlease: https://lore.kernel.org/buildroot/[email protected]/T/#u -- Bye, Peter Korsgaard
