diff options
author | yanjun.zhu <yanjun.zhu@windriver.com> | 2012-12-11 18:00:32 +0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2013-01-03 12:34:25 +0000 |
commit | a86e32a18b542c2c3c5ce0faf5b162fc6c2ebd50 (patch) | |
tree | 974bfda48f23773723b23652f1d0edc927aa799d /scripts/combo-layer | |
parent | 156c2554b76cde2d6d9350aaaf9848986201375d (diff) | |
download | poky-a86e32a18b542c2c3c5ce0faf5b162fc6c2ebd50.tar.gz |
squashfs: fix CVE-2012-4025
CQID:WIND00366813
Reference: http://squashfs.git.sourceforge.net/git/gitweb.cgi?
p=squashfs/squashfs;a=patch;h=8515b3d420f502c5c0236b86e2d6d7e3b23c190e
Integer overflow in the queue_init function in unsquashfs.c in
unsquashfs in Squashfs 4.2 and earlier allows remote attackers
to execute arbitrary code via a crafted block_log field in the
superblock of a .sqsh file, leading to a heap-based buffer overflow.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4025
(From OE-Core rev: e6fddd1961061895e9335fa94b636163efdc9caa)
Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
[YOCTO #3564]
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'scripts/combo-layer')
0 files changed, 0 insertions, 0 deletions