| Message ID | 20260227120323.333696-3-skandigraun@gmail.com |
|---|---|
| State | New |
| Headers | show |
| Series | [meta-webserver,kirkstone,1/5] webmin: patch CVE-2025-67738 | expand |
diff --git a/meta-networking/recipes-protocols/quagga/quagga_1.2.4.bb b/meta-networking/recipes-protocols/quagga/quagga_1.2.4.bb index 984264a30f..713d7d95f3 100644 --- a/meta-networking/recipes-protocols/quagga/quagga_1.2.4.bb +++ b/meta-networking/recipes-protocols/quagga/quagga_1.2.4.bb @@ -5,4 +5,5 @@ SRC_URI[sha256sum] = "e364c082c3309910e1eb7b068bf39ee298e2f2f3f31a6431a5c115193b CVE_CHECK_IGNORE += "\ CVE-2016-4049 \ + CVE-2021-44038 \ "
Details: https://nvd.nist.gov/vuln/detail/CVE-2021-44038 The main point of the vulnerability is that the application comes with its own systemd unit files, which execute chmod and chown commands upon start on some files. So when the services are restarted (e.g. after an update), these unit files can be tricked to change the permissions on a malicious file. However OE does not use these unit files - the recipe comes with its own custom unit files, and chown/chmod isn't used at all. Due to this, ignore this vulnerability. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> --- meta-networking/recipes-protocols/quagga/quagga_1.2.4.bb | 1 + 1 file changed, 1 insertion(+)