rpms/kvm/F-10 kvm-cve-2008-2382.patch,NONE,1.1 kvm.spec,1.76,1.77
Glauber Costa
glommer at fedoraproject.org
Mon Dec 22 17:43:51 UTC 2008
Author: glommer
Update of /cvs/pkgs/rpms/kvm/F-10
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv8763
Modified Files:
kvm.spec
Added Files:
kvm-cve-2008-2382.patch
Log Message:
- Fixed CVE 2008-2382.
kvm-cve-2008-2382.patch:
--- NEW FILE kvm-cve-2008-2382.patch ---
Fix CORE-2008-1210 VNC DoS
If the client sends us a limit of zero, handle appropriately.
Signed-off-by: Anthony Liguori <aliguori at us.ibm.com>
diff --git a/qemu/vnc.c b/qemu/vnc.c
index 3a7d762..575fd68 100644
--- a/qemu/vnc.c
+++ b/qemu/vnc.c
@@ -1503,10 +1503,13 @@ static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
if (len == 1)
return 4;
- if (len == 4)
- return 4 + (read_u16(data, 2) * 4);
+ if (len == 4) {
+ limit = read_u16(data, 2);
+ if (limit > 0)
+ return 4 + (limit * 4);
+ } else
+ limit = read_u16(data, 2);
- limit = read_u16(data, 2);
for (i = 0; i < limit; i++) {
int32_t val = read_s32(data, 4 + (i * 4));
memcpy(data + 4 + (i * 4), &val, sizeof(val));
Index: kvm.spec
===================================================================
RCS file: /cvs/pkgs/rpms/kvm/F-10/kvm.spec,v
retrieving revision 1.76
retrieving revision 1.77
diff -u -r1.76 -r1.77
--- kvm.spec 4 Dec 2008 23:39:59 -0000 1.76
+++ kvm.spec 22 Dec 2008 17:43:51 -0000 1.77
@@ -1,7 +1,7 @@
Summary: Kernel-based Virtual Machine
Name: kvm
Version: 74
-Release: 9%{?dist}
+Release: 10%{?dist}
License: GPLv2+ and LGPLv2+
Group: Development/Tools
URL: http://%{name}.sf.net
@@ -17,6 +17,7 @@
Patch6: %{name}-restore-option-rom.patch
Patch7: %{name}-int13.patch
Patch8: %{name}-cirrus-boundary-check.patch
+Patch9: %{name}-cve-2008-2382.patch
# patches from upstream qemu
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: SDL-devel
@@ -55,6 +56,8 @@
%patch5 -p1
%patch6 -p1
%patch7 -p1
+%patch8 -p1
+%patch9 -p1
# we must not use any of the binaries from the qemu/pc-bios/ directory,
# as they don't have the corresponding sources shipped with them
rm -f qemu/pc-bios/*
@@ -145,6 +148,9 @@
%{_sysconfdir}/sysconfig/modules/%{name}.modules
%changelog
+* Mon Dec 22 2008 Glauber Costa <glommer at redhat.com> - 74-10
+- Fixed CVE 2008-2382.
+
* Thu Dec 04 2008 Glauber Costa <glommer at redhat.com> - 74-9
- Fixed bug that corrupted gnome-panel #474703
More information about the fedora-extras-commits
mailing list