qemu: Security fix CVE-2016-4439

affects qemu < 2.7.0 Quick Emulator(Qemu) built with the ESP/NCR53C9x controller emulation support is vulnerable to an OOB write access issue. The controller uses 16-byte FIFO buffer for command and data transfer. The OOB write occurs while writing to this command buffer in routine get_cmd(). A privileged user inside guest could use this flaw to crash the Qemu process resulting in DoS. References: ---------- http://www.openwall.com/lists/oss-security/2016/05/19/4 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-4441 (From OE-Core rev: 1bc071172236ea020cac9db96e33de81950a15ff) Signed-off-by: Adrian Dudau <adrian.dudau@enea.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Adrian Dudau <adrian.dudau@enea.com> 2016-11-03 14:18:00 +0100
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2017-05-18 13:14:20 +0100
commit: 485e244db8cc7d2c421e60a1ad3a2415a30852ee (patch)
tree: 22dfc5fe92e8c92fc8e3272ee82ae80ae019d966 /meta/recipes-devtools/qemu/qemu_2.5.0.bb
parent: e8676b4f1a1ccb95597348b0fd42405dd679f02e (diff)
download: poky-485e244db8cc7d2c421e60a1ad3a2415a30852ee.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-devtools/qemu/qemu_2.5.0.bb b/meta/recipes-devtools/qemu/qemu_2.5.0.bb
index ed8d911ea6..58902b1988 100644
--- a/meta/recipes-devtools/qemu/qemu_2.5.0.bb
+++ b/meta/recipes-devtools/qemu/qemu_2.5.0.bb
@@ -26,6 +26,7 @@ SRC_URI += "file://configure-fix-Darwin-target-detection.patch \
            file://CVE-2016-6351_p2.patch \
            file://CVE-2016-4002.patch \
            file://CVE-2016-5403.patch \
+            file://CVE-2016-4441.patch \
           "
 SRC_URI_prepend = "http://wiki.qemu-project.org/download/${BP}.tar.bz2"
 SRC_URI[md5sum] = "f469f2330bbe76e3e39db10e9ac4f8db"
author	Adrian Dudau <adrian.dudau@enea.com>	2016-11-03 14:18:00 +0100
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2017-05-18 13:14:20 +0100
commit	485e244db8cc7d2c421e60a1ad3a2415a30852ee (patch)
tree	22dfc5fe92e8c92fc8e3272ee82ae80ae019d966 /meta/recipes-devtools/qemu/qemu_2.5.0.bb
parent	e8676b4f1a1ccb95597348b0fd42405dd679f02e (diff)
download	poky-485e244db8cc7d2c421e60a1ad3a2415a30852ee.tar.gz

diff --git a/meta/recipes-devtools/qemu/qemu_2.5.0.bb b/meta/recipes-devtools/qemu/qemu_2.5.0.bb index ed8d911ea6..58902b1988 100644 --- a/meta/recipes-devtools/qemu/qemu_2.5.0.bb +++ b/meta/recipes-devtools/qemu/qemu_2.5.0.bb
@@ -26,6 +26,7 @@ SRC_URI += "file://configure-fix-Darwin-target-detection.patch \
26	file://CVE-2016-6351_p2.patch \	26	file://CVE-2016-6351_p2.patch \
27	file://CVE-2016-4002.patch \	27	file://CVE-2016-4002.patch \
28	file://CVE-2016-5403.patch \	28	file://CVE-2016-5403.patch \
		29	file://CVE-2016-4441.patch \
29	"	30	"
30	SRC_URI_prepend = "http://wiki.qemu-project.org/download/${BP}.tar.bz2"	31	SRC_URI_prepend = "http://wiki.qemu-project.org/download/${BP}.tar.bz2"
31	SRC_URI[md5sum] = "f469f2330bbe76e3e39db10e9ac4f8db"	32	SRC_URI[md5sum] = "f469f2330bbe76e3e39db10e9ac4f8db"