mirror of
git://git.openembedded.org/meta-openembedded
synced 2026-04-02 02:49:12 +00:00
b3c43cc096
Details: https://nvd.nist.gov/vuln/detail/CVE-2021-44038 The main point of the vulnerability is that the application comes with its own systemd unit files, which execute chmod and chown commands upon start on some files. So when the services are restarted (e.g. after an update), these unit files can be tricked to change the permissions on a malicious file. However OE does not use these unit files - the recipe comes with its own custom unit files, and chown/chmod isn't used at all. Due to this, ignore this vulnerability. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>