diff --git a/meta-networking/recipes-support/mtr/mtr/CVE-2025-49809.patch b/meta-networking/recipes-support/mtr/mtr/CVE-2025-49809.patch new file mode 100644 index 0000000000..1f8ac4aeb9 --- /dev/null +++ b/meta-networking/recipes-support/mtr/mtr/CVE-2025-49809.patch @@ -0,0 +1,38 @@ +From 5eefb172ef1ab9e46d79c6bae60dbe7983c9f704 Mon Sep 17 00:00:00 2001 +From: "R.E. Wolff" +Date: Sun, 29 Jun 2025 14:06:00 +0200 +Subject: [PATCH] Added protection against use of MTR_PACKET under special + circumstances + +CVE: CVE-2025-49809 +Upstream-Status: Backport [https://github.com/traviscross/mtr/commit/5226f105f087c29d3cfad9f28000e7536af91ac6] +Signed-off-by: Gyorgy Sarvari +--- + ui/cmdpipe.c | 13 ++++++++++--- + 1 file changed, 10 insertions(+), 3 deletions(-) + +diff --git a/ui/cmdpipe.c b/ui/cmdpipe.c +index d22b236..1a66293 100644 +--- a/ui/cmdpipe.c ++++ b/ui/cmdpipe.c +@@ -220,10 +220,17 @@ void execute_packet_child( + the path to the mtr-packet executable. This is necessary + for debugging changes for mtr-packet. + */ +- char *mtr_packet_path = getenv("MTR_PACKET"); +- if (mtr_packet_path == NULL) { ++ char * mtr_packet_path = NULL; ++ ++ // In the rare case that mtr-packet is not setuid-root, ++ // and a select group of users has sudo privileges to run ++ // mtr and not much else, THEN create /etc/mtr.is.run.under.sudo ++ // to prevent a privilege escalation when one of those accounts ++ // is compromised. CVE-2025-49809 ++ if (access ("/etc/mtr.is.run.under.sudo", F_OK) != 0) ++ mtr_packet_path = getenv("MTR_PACKET"); ++ if (mtr_packet_path == NULL) + mtr_packet_path = "mtr-packet"; +- } + + /* + First, try to execute mtr-packet from PATH diff --git a/meta-networking/recipes-support/mtr/mtr_0.95.bb b/meta-networking/recipes-support/mtr/mtr_0.95.bb index 92f9c4bfc0..8c385ae46a 100644 --- a/meta-networking/recipes-support/mtr/mtr_0.95.bb +++ b/meta-networking/recipes-support/mtr/mtr_0.95.bb @@ -9,7 +9,9 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ file://ui/mtr.c;beginline=5;endline=16;md5=00a894a39d53726a27386534d1c4e468" SRCREV = "852e5617fbf331cf292723702161f0ac9afe257c" -SRC_URI = "git://github.com/traviscross/mtr;branch=master;protocol=https" +SRC_URI = "git://github.com/traviscross/mtr;branch=master;protocol=https \ + file://CVE-2025-49809.patch \ + " S = "${WORKDIR}/git"