Detecting and Fixing CVE Security Issues in Yocto-Based Embedded Linux Distributions - Mikko Rapeli
Yocto Project via YouTube
Overview
Syllabus
Intro
Motivation
poky reference distribution
Layered architecture
Differences between Debian/Ubuntu and yocto?
Bitbake recipe is the source package
What is a CVE security issue?
CVE data fields
Example CVE
CPE: Common Platform Enumeration
CVE data is buggy
Linux distro users?
What yocto CVE check does?
CVE check output for busybox
Yocto community maintenance
Update or patch?
Update minor version
Full distro version updates
Problems and limitations in yocto CVE scanning and patching, and CVE scanning in general
Fix name matching with CVE_PRODUCT
Fix version matching with CVE_VERSION
Emedded source code in open source
Embedded open source SW inside binaries
Bad CVE data
Incomplete CVE data
Too complex patches
Taught by
Yocto Project