Age | Commit message (Collapse) | Author |
|
CVE-2016-2198 Qemu: usb: ehci null pointer dereference in ehci_caps_write
(From OE-Core master rev: 646a8cfa5398a22062541ba9c98539180ba85d58)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
|
|
CVE-2015-7295 Qemu: net: virtio-net possible remote DoS
(From OE-Core rev: 74771f8c41aaede0ddfb86983c6841bd1f1c1f0f)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
CVE-2016-1568 Qemu: ide: ahci use-after-free vulnerability in aio port commands
(From OE-Core rev: 166c19df8be28da255cc68032e2d11afc59d4197)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
CVE-2015-8345 Qemu: net: eepro100: infinite loop in processing command block list
(From OE-Core rev: 99ffcd66895e4ba064542a1797057e45ec4d3220)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
CVE-2015-7512 Qemu: net: pcnet: buffer overflow in non-loopback mod
(From OE-Core rev: e6e9be51f77c9531f49cebe0ca6b495c23cf022d)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
CVE-2015-7504 Qemu: net: pcnet: heap overflow vulnerability in loopback mode
(From OE-Core rev: b01b569d7d7e651a35fa38750462f13aeb64a2f3)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
CVE-2015-8504 Qemu: ui: vnc: avoid floating point exception
(From OE-Core rev: c622bdd7133d31d7fbefe87fb38187f0aea4b592)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Backport patch to fix CVE-2015-3209.
http://git.qemu.org/?p=qemu.git;a=commit;h=9f7c594
(From OE-Core master rev: ea85f36ad438353f5a8e64292dd27f457f1f665c)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk>
|
|
Backport patches to fix CVE-2015-4103, CVE-2015-4104, CVE-2015-4105 and
CVE-2015-4106. These patches are from debian, but they are originally
from:
http://git.qemu.org/?p=qemu.git;a=shortlog;h=c25bbf1
(From OE-Core master rev: 496b3ffba6755bb76709c88cf81399c9d23f830a)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Refresh the following patches to apply cleanly to our qemu-2.2.0:
07-xen-pt-split-out-calculation-of-throughable-mask-CVE-2015-4106.patch
10-xen-pt-add-a-few-PCI-config-space-field-descriptions-CVE-2015-4106.patch
Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk>
|
|
Backport patch to fix qemuc CVE issue CVE-2015-3456.
Refs:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3456
http://git.qemu.org/?p=qemu.git;a=commit;h=e907746266721f305d67bc0718795fedee2e824c
(From OE-Core rev: 1d9e6ef173bea8181fabc6abf0dbb53990b15fd8)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk>
|
|
Without this patch, x86_64 images would show invalid EDSCA key errors
with sshd from openssh (but not dropbear) during init.
This would cause problems with operation with some distros where EDSCA
keys were mandatory. The issue was present in qemu 2.2.1 and not in
2.3.0-rc0, bisected to this commit which was then backported. This fixes
intermittent failures on the autobuilder. Issue is not present when
using KVM (consistent with a fault in TCG).
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Upgrade qemu from version 2.1.2 to 2.2.0.
Update Qemu-Arm-versatilepb-Add-memory-size-checking.patch for new
version qemu.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|