From ad13ebb1a522389441b526ddf11301761e7c3938 Mon Sep 17 00:00:00 2001
From: Adrian Dudau <adrian.dudau@enea.com>
Date: Thu, 3 Nov 2016 14:18:00 +0100
Subject: qemu: Security fix CVE-2016-4439

affects qemu < 2.7.0

Quick Emulator(Qemu) built with the ESP/NCR53C9x controller emulation
support is vulnerable to an OOB write access issue. The controller uses
16-byte FIFO buffer for command and data transfer. The OOB write occurs
while writing to this command buffer in routine get_cmd().

A privileged user inside guest could use this flaw to crash the Qemu
process resulting in DoS.

References:
----------
http://www.openwall.com/lists/oss-security/2016/05/19/4
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-4441

Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
---
 meta/recipes-devtools/qemu/qemu_2.5.0.bb | 1 +
 1 file changed, 1 insertion(+)

(limited to 'meta/recipes-devtools/qemu/qemu_2.5.0.bb')

diff --git a/meta/recipes-devtools/qemu/qemu_2.5.0.bb b/meta/recipes-devtools/qemu/qemu_2.5.0.bb
index ed8d911ea6..58902b1988 100644
--- a/meta/recipes-devtools/qemu/qemu_2.5.0.bb
+++ b/meta/recipes-devtools/qemu/qemu_2.5.0.bb
@@ -26,6 +26,7 @@ SRC_URI += "file://configure-fix-Darwin-target-detection.patch \
             file://CVE-2016-6351_p2.patch \
             file://CVE-2016-4002.patch \
             file://CVE-2016-5403.patch \
+            file://CVE-2016-4441.patch \
            "
 SRC_URI_prepend = "http://wiki.qemu-project.org/download/${BP}.tar.bz2"
 SRC_URI[md5sum] = "f469f2330bbe76e3e39db10e9ac4f8db"
-- 
cgit v1.2.3-54-g00ecf