qemu: Security fix CVE-2016-4952

affects qemu < 2.7.0 Quick Emulator(Qemu) built with the VMWARE PVSCSI paravirtual SCSI bus emulation support is vulnerable to an OOB r/w access issue. It could occur while processing SCSI commands 'PVSCSI_CMD_SETUP_RINGS' or 'PVSCSI_CMD_SETUP_MSG_RING'. A privileged user inside guest could use this flaw to crash the Qemu process resulting in DoS. References: ---------- http://www.openwall.com/lists/oss-security/2016/05/23/1 (From OE-Core rev: 3d6b4fd6bc4338b139ebcaf51b67c56cc97ba2ed) Signed-off-by: Adrian Dudau <adrian.dudau@enea.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Adrian Dudau <adrian.dudau@enea.com> 2016-11-03 14:18:01 +0100
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2017-05-18 13:14:20 +0100
commit: 047e58b4ba57baf68d07d99a9a0eb3d7d1cab784 (patch)
tree: dbe437a97cf0957d9aef739eb40f4e4014059e2e /meta/recipes-devtools/qemu/qemu_2.5.0.bb
parent: 485e244db8cc7d2c421e60a1ad3a2415a30852ee (diff)
download: poky-047e58b4ba57baf68d07d99a9a0eb3d7d1cab784.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-devtools/qemu/qemu_2.5.0.bb b/meta/recipes-devtools/qemu/qemu_2.5.0.bb
index 58902b1988..b965f6916c 100644
--- a/meta/recipes-devtools/qemu/qemu_2.5.0.bb
+++ b/meta/recipes-devtools/qemu/qemu_2.5.0.bb
@@ -27,6 +27,7 @@ SRC_URI += "file://configure-fix-Darwin-target-detection.patch \
            file://CVE-2016-4002.patch \
            file://CVE-2016-5403.patch \
            file://CVE-2016-4441.patch \
+            file://CVE-2016-4952.patch \
           "
 SRC_URI_prepend = "http://wiki.qemu-project.org/download/${BP}.tar.bz2"
 SRC_URI[md5sum] = "f469f2330bbe76e3e39db10e9ac4f8db"
author	Adrian Dudau <adrian.dudau@enea.com>	2016-11-03 14:18:01 +0100
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2017-05-18 13:14:20 +0100
commit	047e58b4ba57baf68d07d99a9a0eb3d7d1cab784 (patch)
tree	dbe437a97cf0957d9aef739eb40f4e4014059e2e /meta/recipes-devtools/qemu/qemu_2.5.0.bb
parent	485e244db8cc7d2c421e60a1ad3a2415a30852ee (diff)
download	poky-047e58b4ba57baf68d07d99a9a0eb3d7d1cab784.tar.gz

diff --git a/meta/recipes-devtools/qemu/qemu_2.5.0.bb b/meta/recipes-devtools/qemu/qemu_2.5.0.bb index 58902b1988..b965f6916c 100644 --- a/meta/recipes-devtools/qemu/qemu_2.5.0.bb +++ b/meta/recipes-devtools/qemu/qemu_2.5.0.bb
@@ -27,6 +27,7 @@ SRC_URI += "file://configure-fix-Darwin-target-detection.patch \
27	file://CVE-2016-4002.patch \	27	file://CVE-2016-4002.patch \
28	file://CVE-2016-5403.patch \	28	file://CVE-2016-5403.patch \
29	file://CVE-2016-4441.patch \	29	file://CVE-2016-4441.patch \
		30	file://CVE-2016-4952.patch \
30	"	31	"
31	SRC_URI_prepend = "http://wiki.qemu-project.org/download/${BP}.tar.bz2"	32	SRC_URI_prepend = "http://wiki.qemu-project.org/download/${BP}.tar.bz2"
32	SRC_URI[md5sum] = "f469f2330bbe76e3e39db10e9ac4f8db"	33	SRC_URI[md5sum] = "f469f2330bbe76e3e39db10e9ac4f8db"