rpms/kvm/F-9 kvm-cve-2008-2382.patch,NONE,1.1 kvm.spec,1.64,1.65
Glauber Costa
glommer at fedoraproject.org
Mon Dec 22 17:48:35 UTC 2008
- Previous message (by thread): rpms/system-config-users-docs/devel import.log, NONE, 1.1 system-config-users-docs.spec, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.1, 1.2
- Next message (by thread): rpms/kernel/devel patch-2.6.28-rc9-git3.bz2.sign, NONE, 1.1 .cvsignore, 1.971, 1.972 kernel.spec, 1.1177, 1.1178 sources, 1.933, 1.934 upstream, 1.845, 1.846 patch-2.6.28-rc8-git4.bz2.sign, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: glommer
Update of /cvs/pkgs/rpms/kvm/F-9
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv12122
Modified Files:
kvm.spec
Added Files:
kvm-cve-2008-2382.patch
Log Message:
- Fixed CVE 2008-2382.
kvm-cve-2008-2382.patch:
--- NEW FILE kvm-cve-2008-2382.patch ---
Fix CORE-2008-1210 VNC DoS
If the client sends us a limit of zero, handle appropriately.
Signed-off-by: Anthony Liguori <aliguori at us.ibm.com>
diff --git a/qemu/vnc.c b/qemu/vnc.c
index 3a7d762..575fd68 100644
--- a/qemu/vnc.c
+++ b/qemu/vnc.c
@@ -1503,10 +1503,13 @@ static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
if (len == 1)
return 4;
- if (len == 4)
- return 4 + (read_u16(data, 2) * 4);
+ if (len == 4) {
+ limit = read_u16(data, 2);
+ if (limit > 0)
+ return 4 + (limit * 4);
+ } else
+ limit = read_u16(data, 2);
- limit = read_u16(data, 2);
for (i = 0; i < limit; i++) {
int32_t val = read_s32(data, 4 + (i * 4));
memcpy(data + 4 + (i * 4), &val, sizeof(val));
Index: kvm.spec
===================================================================
RCS file: /cvs/pkgs/rpms/kvm/F-9/kvm.spec,v
retrieving revision 1.64
retrieving revision 1.65
diff -u -r1.64 -r1.65
--- kvm.spec 4 Dec 2008 23:40:44 -0000 1.64
+++ kvm.spec 22 Dec 2008 17:48:05 -0000 1.65
@@ -1,7 +1,7 @@
Summary: Kernel-based Virtual Machine
Name: kvm
Version: 65
-Release: 14%{?dist}
+Release: 15%{?dist}
License: GPLv2+ and LGPLv2+
Group: Development/Tools
URL: http://%{name}.sf.net
@@ -22,6 +22,7 @@
Patch12: %{name}-cirrus-cve-2008-4539.patch
Patch13: %{name}-int13.patch
Patch14: %{name}-cirrus-boundary-check.patch
+Patch15: %{name}-cve-2008-2382.patch
# patches from upstream qemu
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: SDL-devel
@@ -65,6 +66,7 @@
%patch12 -p1
%patch13 -p1
%patch14 -p1
+%patch15 -p1
%build
# we need to install the data bits in a different path
@@ -119,6 +121,9 @@
%{_sysconfdir}/sysconfig/modules/%{name}.modules
%changelog
+* Mon Dec 22 2008 Glauber Costa <gcosta at redhat.com> - 65-15.fc9
+- Fixed CVE 2008-2382.
+
* Thu Dec 04 2008 Glauber Costa <gcosta at redhat.com> - 65-14.fc9
- Fixed bug that corrupted gnome-panel #474702
- Previous message (by thread): rpms/system-config-users-docs/devel import.log, NONE, 1.1 system-config-users-docs.spec, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.1, 1.2
- Next message (by thread): rpms/kernel/devel patch-2.6.28-rc9-git3.bz2.sign, NONE, 1.1 .cvsignore, 1.971, 1.972 kernel.spec, 1.1177, 1.1178 sources, 1.933, 1.934 upstream, 1.845, 1.846 patch-2.6.28-rc8-git4.bz2.sign, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list