]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 687cfed) | patch
qemu: security patch for CVE-2014-3471
authorDaniel BORNAZ <daniel.bornaz@enea.com>
Thu, 17 Jul 2014 12:24:11 +0000 (14:24 +0200)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Fri, 18 Jul 2014 23:08:50 +0000 (00:08 +0100)
commita84e1749b489cee5ea219799c35e29b6edead30f
treec3b5b5d2d04afd7a4bbe3626e499639ff275b654tree | snapshot
parent687cfed641e6ce3d7e2de7e7b8ed55e0324743a6commit | diff
qemu: security patch for CVE-2014-3471

Qemu PCIe bus support is vulnerable to a use-after-free flaw. It could
occur via guest, when it tries to hotplug/hotunplug devices on the
guest.

A user able to add & delete Virtio block devices on a guest could use
this flaw to crash the Qemu instance resulting in DoS.

Originated-by: Marcel Apfelbaum <address@hidden>
Updated the qemu recipe to include the security patch.

Upstream-Status: Submitted

Signed-off-by: Daniel BORNAZ <daniel.bornaz@enea.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
meta/recipes-devtools/qemu/files/pcie_better_hotplug_support.patch [new file with mode: 0644] blob
meta/recipes-devtools/qemu/qemu_2.0.0.bb diff | blob | history
Mirror of the official openembedded-core repository