qemu: fix CVE-2017-15124 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Ross Burton <ross.burton@intel.com>	2018-02-08 22:59:01 +0000
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2018-02-16 18:05:39 +0000
commit	78311acbd37351d1f2562e1eb783bdd1668e4dd3 (patch)
tree	2c2eddddd73fc33cc5e21b2eb6b8de8759395ba4 /meta/recipes-extended/packagegroups
parent	2ae11f4a33794bacb5c32f2abb3fb82f953976f2 (diff)
download	poky-78311acbd37351d1f2562e1eb783bdd1668e4dd3.tar.gz

qemu: fix CVE-2017-15124

VNC server implementation in Quick Emulator (QEMU) 2.11.0 and older was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data. A malicious remote VNC client could use this flaw to cause DoS to the server host. Backport a series of patches from upstream to resolve this. (From OE-Core rev: a93d8ed1bc97595492abfca92d606e20dbdfa617) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

Diffstat (limited to 'meta/recipes-extended/packagegroups')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: