[Buildroot] [PATCH] qemu: security bump to version 2.10.2
Peter Korsgaard
peter at korsgaard.com
Wed Dec 20 20:22:48 UTC 2017
>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:
> Fixes the following security issues:
> CVE-2017-13672: QEMU (aka Quick Emulator), when built with the VGA display
> emulator support, allows local guest OS privileged users to cause a denial
> of service (out-of-bounds read and QEMU process crash) via vectors involving
> display update.
> CVE-2017-15118: Stack buffer overflow in NBD server triggered via long
> export name
> CVE-2017-15119: DoS via large option request
> CVE-2017-15268: Qemu through 2.10.0 allows remote attackers to cause a
> memory leak by triggering slow data-channel read operations, related to
> io/channel-websock.c.
> For more details, see the release announcement:
> https://lists.nongnu.org/archive/html/qemu-devel/2017-12/msg03618.html
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
Committed, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list