Message ID | 20220826213447.47029-2-fontaine.fabrice@gmail.com |
---|---|
State | Accepted |
Headers | show |
Series | [1/2] package/v4l2loopback: add V4L2LOOPBACK_CPE_ID_VENDOR | expand |
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes: > Fix CVE-2022-2652: Depending on the way the format strings in the card > label are crafted it's possible to leak kernel stack memory. There is > also the possibility for DoS due to the v4l2loopback kernel module > crashing when providing the card label on request (reproduce e.g. with > many %s modifiers in a row). > https://github.com/umlaeute/v4l2loopback/blob/v0.12.7/ChangeLog > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Committed to 2022.05.x and 2022.02.x, thanks.
diff --git a/package/v4l2loopback/v4l2loopback.hash b/package/v4l2loopback/v4l2loopback.hash index f4491e02d0..d897fd48ff 100644 --- a/package/v4l2loopback/v4l2loopback.hash +++ b/package/v4l2loopback/v4l2loopback.hash @@ -1,3 +1,3 @@ # Locally calculated -sha256 e152cd6df6a8add172fb74aca3a9188264823efa5a2317fe960d45880b9406ae v4l2loopback-0.12.5.tar.gz +sha256 e0782b8abe8f2235e2734f725dc1533a0729e674c4b7834921ade43b9f04939b v4l2loopback-0.12.7.tar.gz sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 COPYING diff --git a/package/v4l2loopback/v4l2loopback.mk b/package/v4l2loopback/v4l2loopback.mk index 6ee4b69ef9..84e1927ce3 100644 --- a/package/v4l2loopback/v4l2loopback.mk +++ b/package/v4l2loopback/v4l2loopback.mk @@ -4,7 +4,7 @@ # ################################################################################ -V4L2LOOPBACK_VERSION = 0.12.5 +V4L2LOOPBACK_VERSION = 0.12.7 V4L2LOOPBACK_SITE = $(call github,umlaeute,v4l2loopback,v$(V4L2LOOPBACK_VERSION)) V4L2LOOPBACK_LICENSE = GPL-2.0+ V4L2LOOPBACK_LICENSE_FILES = COPYING
Fix CVE-2022-2652: Depending on the way the format strings in the card label are crafted it's possible to leak kernel stack memory. There is also the possibility for DoS due to the v4l2loopback kernel module crashing when providing the card label on request (reproduce e.g. with many %s modifiers in a row). https://github.com/umlaeute/v4l2loopback/blob/v0.12.7/ChangeLog Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> --- package/v4l2loopback/v4l2loopback.hash | 2 +- package/v4l2loopback/v4l2loopback.mk | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-)