qemu: Backport fix for CVE-2024-4467 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Vijay Anusuri <vanusuri@mvista.com>	2024-09-06 14:56:27 +0530
committer	Steve Sakoman <steve@sakoman.com>	2024-09-16 06:09:56 -0700
commit	d0429def9e227ef70e97739c33387c88a70b2bde (patch)
tree	d3b912a98d4880e8ecf7d271c5644f66c57d14b7 /meta/recipes-devtools/python/python3/crosspythonpath.patch
parent	bfbf6d481d4d9d21fd624528c8a61ccc64fadc4c (diff)
download	poky-d0429def9e227ef70e97739c33387c88a70b2bde.tar.gz

qemu: Backport fix for CVE-2024-4467

A flaw was found in the QEMU disk image utility (qemu-img) 'info' command. A specially crafted image file containing a `json:{}` value describing block devices in QMP could cause the qemu-img process on the host to consume large amounts of memory or CPU time, leading to denial of service or read/write to an existing external file. Reference: https://nvd.nist.gov/vuln/detail/CVE-2024-4467 Upstream commits: https://gitlab.com/qemu-project/qemu/-/commit/bd385a5298d7062668e804d73944d52aec9549f1 https://gitlab.com/qemu-project/qemu/-/commit/2eb42a728d27a43fdcad5f37d3f65706ce6deba5 https://gitlab.com/qemu-project/qemu/-/commit/7e1110664ecbc4826f3c978ccb06b6c1bce823e6 https://gitlab.com/qemu-project/qemu/-/commit/83930780325b144a5908c45b3957b9b6457b3831 https://gitlab.com/qemu-project/qemu/-/commit/7ead946998610657d38d1a505d5f25300d4ca613 (From OE-Core rev: c23ad8c89c3dd5b6004677cd0b534e22a293134d) Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>

Diffstat (limited to 'meta/recipes-devtools/python/python3/crosspythonpath.patch')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: