rpms/kvm/F-9 kvm-cirrus-cve-2008-4539.patch, NONE, 1.1 kvm.spec, 1.61, 1.62
Glauber Costa
glommer at fedoraproject.org
Tue Nov 11 15:50:17 UTC 2008
Author: glommer
Update of /cvs/pkgs/rpms/kvm/F-9
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv23955
Modified Files:
kvm.spec
Added Files:
kvm-cirrus-cve-2008-4539.patch
Log Message:
- Fix CVE-2008-4539 #448525
kvm-cirrus-cve-2008-4539.patch:
--- NEW FILE kvm-cirrus-cve-2008-4539.patch ---
commit 8af1b920763da9802902603a17da9d5db1307b8d
Author: aurel32 <aurel32>
Date: Sat Nov 1 00:53:39 2008 +0000
CVE-2008-4539: fix a heap overflow in Cirrus emulation
The code in hw/cirrus_vga.c has changed a lot between CVE-2007-1320 has
been announced and the patch has been applied. As a consequence it has
wrongly applied and QEMU is still vulnerable to this bug if using VNC.
(noticed by Jan Niehusmann)
Signed-off-by: Aurelien Jarno <aurelien at aurel32.net>
diff --git a/qemu/hw/cirrus_vga.c b/qemu/hw/cirrus_vga.c
index 55f3ced..af9c9e6 100644
--- a/qemu/hw/cirrus_vga.c
+++ b/qemu/hw/cirrus_vga.c
@@ -785,15 +785,14 @@ static void cirrus_do_copy(CirrusVGAState *s, int dst, int src, int w, int h)
static int cirrus_bitblt_videotovideo_copy(CirrusVGAState * s)
{
+ if (BLTUNSAFE(s))
+ return 0;
+
if (s->ds->dpy_copy) {
cirrus_do_copy(s, s->cirrus_blt_dstaddr - s->start_addr,
s->cirrus_blt_srcaddr - s->start_addr,
s->cirrus_blt_width, s->cirrus_blt_height);
} else {
-
- if (BLTUNSAFE(s))
- return 0;
-
(*s->cirrus_rop) (s, s->vram_ptr +
(s->cirrus_blt_dstaddr & s->cirrus_addr_mask),
s->vram_ptr +
Index: kvm.spec
===================================================================
RCS file: /cvs/pkgs/rpms/kvm/F-9/kvm.spec,v
retrieving revision 1.61
retrieving revision 1.62
diff -u -r1.61 -r1.62
--- kvm.spec 13 Oct 2008 16:45:32 -0000 1.61
+++ kvm.spec 11 Nov 2008 15:49:47 -0000 1.62
@@ -1,7 +1,7 @@
Summary: Kernel-based Virtual Machine
Name: kvm
Version: 65
-Release: 10%{?dist}
+Release: 11%{?dist}
License: GPLv2+ and LGPLv2+
Group: Development/Tools
URL: http://%{name}.sf.net
@@ -19,6 +19,7 @@
Patch9: %{name}-acpi-do-not-wrap.patch
Patch10: %{name}-acpi-do-not-ovflw.patch
Patch11: %{name}-sysenter32.patch
+Patch12: %{name}-cirrus-cve-2008-4539.patch
# patches from upstream qemu
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: SDL-devel
@@ -59,6 +60,7 @@
%patch9 -p1
%patch10 -p1
%patch11 -p1
+%patch12 -p1
%build
# we need to install the data bits in a different path
@@ -113,10 +115,12 @@
%{_sysconfdir}/sysconfig/modules/%{name}.modules
%changelog
+* Tue Nov 11 2008 Glauber Costa <gcosta at redhat.com> - 65-11.fc9
+- Fix CVE-2008-4539 #448525
+
* Mon Oct 13 2008 Glauber Costa <gcosta at redhat.com> - 65-10.fc9
- Fix sysenter save in 64-bit hosts #457649
-%changelog
* Thu Aug 28 2008 Glauber Costa <gcosta at redhat.com> - 65-9.fc9
- there's already a 65-8 tag
More information about the fedora-extras-commits
mailing list