qemu: fix CVE-2024-4467 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Yogita Urade <yogita.urade@windriver.com>	2024-08-21 09:01:03 +0000
committer	Steve Sakoman <steve@sakoman.com>	2024-09-03 05:39:12 -0700
commit	8c533e92423a77efe3b5d1419ec69723d7e23146 (patch)
tree	853bddcc5cfbaecfcbfb45a71eddcdca7f5758d6 /meta/recipes-devtools/python/python3-wcwidth
parent	c5627ab06fc07221237b9a7059ac378ea80578f8 (diff)
download	poky-8c533e92423a77efe3b5d1419ec69723d7e23146.tar.gz

qemu: fix CVE-2024-4467

A flaw was found in the QEMU disk image utility (qemu-img) 'info' command. A specially crafted image file containing a `json:{}` value describing block devices in QMP could cause the qemu-img process on the host to consume large amounts of memory or CPU time, leading to denial of service or read/write to an existing external file Reference: https://nvd.nist.gov/vuln/detail/CVE-2024-4467 Upstream Patches: https://gitlab.com/qemu-project/qemu/-/commit/bd385a5298d7062668e804d73944d52aec9549f1 https://gitlab.com/qemu-project/qemu/-/commit/2eb42a728d27a43fdcad5f37d3f65706ce6deba5 https://gitlab.com/qemu-project/qemu/-/commit/7e1110664ecbc4826f3c978ccb06b6c1bce823e6 https://gitlab.com/qemu-project/qemu/-/commit/6bc30f19498547fac9cef98316a65cf6c1f14205 https://gitlab.com/qemu-project/qemu/-/commit/7ead946998610657d38d1a505d5f25300d4ca613 (From OE-Core rev: 0e309919b8807950cebc8924fc1e15763548b1f1) Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>

Diffstat (limited to 'meta/recipes-devtools/python/python3-wcwidth')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: