openembedded-core.git/meta/recipes-devtools/qemu, branch fido Mirror of openembedded-core qemu: Security fix CVE-2016-2198 2016-02-29T15:05:16+00:00 Armin Kuster akuster@mvista.com 2016-02-10T16:14:19+00:00 082031bdd4b5c5d4acea816c95d94a731b7855c2 CVE-2016-2198 Qemu: usb: ehci null pointer dereference in ehci_caps_write (From OE-Core master rev: 646a8cfa5398a22062541ba9c98539180ba85d58) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> 
CVE-2016-2198 Qemu: usb: ehci null pointer dereference in ehci_caps_write

(From OE-Core master rev: 646a8cfa5398a22062541ba9c98539180ba85d58)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
qemu: Security fix CVE-2015-7295 2016-02-07T17:20:58+00:00 Armin Kuster akuster@mvista.com 2016-02-06T23:14:55+00:00 3a7c84952d40f95b0f34bc35eef4490ecc8da07e CVE-2015-7295 Qemu: net: virtio-net possible remote DoS (From OE-Core rev: 74771f8c41aaede0ddfb86983c6841bd1f1c1f0f) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
CVE-2015-7295 Qemu: net: virtio-net possible remote DoS

(From OE-Core rev: 74771f8c41aaede0ddfb86983c6841bd1f1c1f0f)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
qemu: Security fix CVE-2016-1568 2016-02-07T17:20:58+00:00 Armin Kuster akuster@mvista.com 2016-02-06T23:14:54+00:00 c2361dd9bb663b00dd194cb7fdb0e07d7e1ab5e1 CVE-2016-1568 Qemu: ide: ahci use-after-free vulnerability in aio port commands (From OE-Core rev: 166c19df8be28da255cc68032e2d11afc59d4197) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
CVE-2016-1568 Qemu: ide: ahci use-after-free vulnerability in aio port commands

(From OE-Core rev: 166c19df8be28da255cc68032e2d11afc59d4197)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
qemu: Security fix CVE-2015-8345 2016-02-07T17:20:58+00:00 Armin Kuster akuster@mvista.com 2016-02-06T23:14:53+00:00 e51fc319b859f44be61822d93e0b72647a02f7c6 CVE-2015-8345 Qemu: net: eepro100: infinite loop in processing command block list (From OE-Core rev: 99ffcd66895e4ba064542a1797057e45ec4d3220) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
CVE-2015-8345 Qemu: net: eepro100: infinite loop in processing command block list

(From OE-Core rev: 99ffcd66895e4ba064542a1797057e45ec4d3220)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
qemu: Security fix CVE-2015-7512 2016-02-07T17:20:58+00:00 Armin Kuster akuster@mvista.com 2016-02-06T23:14:52+00:00 90d2a8eb0853f506a457e9935f4354c71d2fc9c9 CVE-2015-7512 Qemu: net: pcnet: buffer overflow in non-loopback mod (From OE-Core rev: e6e9be51f77c9531f49cebe0ca6b495c23cf022d) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
CVE-2015-7512 Qemu: net: pcnet: buffer overflow in non-loopback mod

(From OE-Core rev: e6e9be51f77c9531f49cebe0ca6b495c23cf022d)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
qemu: Security fix CVE-2015-7504 2016-02-07T17:20:58+00:00 Armin Kuster akuster@mvista.com 2016-02-06T23:14:51+00:00 10752d6beb5520ec0fc83a7d0173e10144b11685 CVE-2015-7504 Qemu: net: pcnet: heap overflow vulnerability in loopback mode (From OE-Core rev: b01b569d7d7e651a35fa38750462f13aeb64a2f3) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
CVE-2015-7504 Qemu: net: pcnet: heap overflow vulnerability in loopback mode

(From OE-Core rev: b01b569d7d7e651a35fa38750462f13aeb64a2f3)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
qemu: Security fix CVE-2015-8504 2016-02-07T17:20:58+00:00 Armin Kuster akuster@mvista.com 2016-02-06T23:14:50+00:00 38f102a9271896a49aa32aacf2c2be3a14f51493 CVE-2015-8504 Qemu: ui: vnc: avoid floating point exception (From OE-Core rev: c622bdd7133d31d7fbefe87fb38187f0aea4b592) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
CVE-2015-8504 Qemu: ui: vnc: avoid floating point exception

(From OE-Core rev: c622bdd7133d31d7fbefe87fb38187f0aea4b592)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
qemu: fix CVE-2015-3209 2015-09-01T11:36:15+00:00 Kai Kang kai.kang@windriver.com 2015-07-07T09:43:02+00:00 d8d68c4a630dc9d802e159f0ffe768e52bea5401 Backport patch to fix CVE-2015-3209. http://git.qemu.org/?p=qemu.git;a=commit;h=9f7c594 (From OE-Core master rev: ea85f36ad438353f5a8e64292dd27f457f1f665c) Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk> 
Backport patch to fix CVE-2015-3209.

http://git.qemu.org/?p=qemu.git;a=commit;h=9f7c594

(From OE-Core master rev: ea85f36ad438353f5a8e64292dd27f457f1f665c)

Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk>
qemu: backport patches to fix CVE issues 2015-09-01T11:36:15+00:00 Kai Kang kai.kang@windriver.com 2015-06-18T09:02:42+00:00 29746e78ca000f4464c8e0a1da55c77e02c651e4 Backport patches to fix CVE-2015-4103, CVE-2015-4104, CVE-2015-4105 and CVE-2015-4106. These patches are from debian, but they are originally from: http://git.qemu.org/?p=qemu.git;a=shortlog;h=c25bbf1 (From OE-Core master rev: 496b3ffba6755bb76709c88cf81399c9d23f830a) Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Refresh the following patches to apply cleanly to our qemu-2.2.0: 07-xen-pt-split-out-calculation-of-throughable-mask-CVE-2015-4106.patch 10-xen-pt-add-a-few-PCI-config-space-field-descriptions-CVE-2015-4106.patch Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk> 
Backport patches to fix CVE-2015-4103, CVE-2015-4104, CVE-2015-4105 and
CVE-2015-4106. These patches are from debian, but they are originally
from:

http://git.qemu.org/?p=qemu.git;a=shortlog;h=c25bbf1

(From OE-Core master rev: 496b3ffba6755bb76709c88cf81399c9d23f830a)

Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

Refresh the following patches to apply cleanly to our qemu-2.2.0:
07-xen-pt-split-out-calculation-of-throughable-mask-CVE-2015-4106.patch
10-xen-pt-add-a-few-PCI-config-space-field-descriptions-CVE-2015-4106.patch

Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk>
qemu: fix CVE-2015-3456 2015-06-28T08:41:57+00:00 Kai Kang kai.kang@windriver.com 2015-05-26T07:14:43+00:00 eec51579ee7a99e3ac2527ecb6ee57b494a7992f Backport patch to fix qemuc CVE issue CVE-2015-3456. Refs: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3456 http://git.qemu.org/?p=qemu.git;a=commit;h=e907746266721f305d67bc0718795fedee2e824c (From OE-Core rev: 1d9e6ef173bea8181fabc6abf0dbb53990b15fd8) Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk> 
Backport patch to fix qemuc CVE issue CVE-2015-3456.

Refs:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3456
http://git.qemu.org/?p=qemu.git;a=commit;h=e907746266721f305d67bc0718795fedee2e824c

(From OE-Core rev: 1d9e6ef173bea8181fabc6abf0dbb53990b15fd8)

Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk>