]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: f03efce) | patch
squashfs: fix CVE-2012-4025
authoryanjun.zhu <yanjun.zhu@windriver.com>
Tue, 11 Dec 2012 10:00:32 +0000 (18:00 +0800)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Thu, 14 Feb 2013 15:17:16 +0000 (15:17 +0000)
commit4493173c1ab7a0528e0c74935a105e474521ed1c
tree350919f596ab7653177151b91986652b8ac9ca40tree | snapshot
parentf03efceb8a529df944592ff9031639f4e2f7a97dcommit | diff
squashfs: fix CVE-2012-4025

CQID:WIND00366813

Reference: http://squashfs.git.sourceforge.net/git/gitweb.cgi?
p=squashfs/squashfs;a=patch;h=8515b3d420f502c5c0236b86e2d6d7e3b23c190e

Integer overflow in the queue_init function in unsquashfs.c in
unsquashfs in Squashfs 4.2 and earlier allows remote attackers
to execute arbitrary code via a crafted block_log field in the
superblock of a .sqsh file, leading to a heap-based buffer overflow.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4025

Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
[YOCTO #3564]
Signed-off-by: Saul Wold <sgw@linux.intel.com>
meta/recipes-devtools/squashfs-tools/patches/squashfs-4.2-fix-CVE-2012-4025.patch [new file with mode: 0644] blob
meta/recipes-devtools/squashfs-tools/patches/squashfs-add-a-commment-and-fix-some-other-comments.patch [new file with mode: 0644] blob
meta/recipes-devtools/squashfs-tools/patches/squashfs-fix-open-file-limit.patch [new file with mode: 0644] blob
meta/recipes-devtools/squashfs-tools/squashfs-tools_4.2.bb diff | blob | history
Mirror of the official openembedded-core repository