Issue #1251
closedGraphicBuffer overflow vulnerability - CVE-2015-1474
100%
Description
I've checked, that Replicant is vulnerable to the GraphicBuffer overflow (bug: 18076253), registered as CVE-2015-1474.
More informations: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1474
Solution/Patch
Android diff: https://android.googlesource.com/platform/frameworks/native/+/38803268570f90e97452cd9a30ac831661829091
Files
Updated by My Self over 9 years ago
The patch is provided to the mailing list, now: http://lists.osuosl.org/pipermail/replicant/Week-of-Mon-20150330/000666.html
Updated by My Self about 9 years ago
- File CVE-2015-1474.patch added
I decided to attach the patch listed above, (and tested with the current Replicant 4.2 sources) on this ticket.
After flashing the patched Replicant, I've tested my productive device several months without any misbehavior.
@everyone: please review the patch and apply it if you like.
Updated by My Self about 9 years ago
- File CVE-2015-1474.patch CVE-2015-1474.patch added
Updated by Paul Kocialkowski about 9 years ago
- Status changed from New to Closed
- Resolution set to fixed
Merged, thanks a lot!