Vijay Anusuri d0429def9e qemu: Backport fix for CVE-2024-4467 ...

A flaw was found in the QEMU disk image utility (qemu-img) 'info' command. A specially crafted image file containing a `json:{}` value describing block devices in QMP could cause the qemu-img process on the host to consume large amounts of memory or CPU time, leading to denial of service or read/write to an existing external file.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-4467

Upstream commits:
bd385a5298
2eb42a728d
7e1110664e
8393078032
7ead946998

(From OE-Core rev: c23ad8c89c3dd5b6004677cd0b534e22a293134d)

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

2024-09-16 06:09:56 -07:00

..

qemu

qemu: Backport fix for CVE-2024-4467

2024-09-16 06:09:56 -07:00

qemu-helper

qemu-helper-native: Correctly pass program name as argv[0]

2022-12-01 19:35:05 +00:00

nativesdk-qemu-helper_1.0.bb

meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers

2022-02-20 16:45:25 +00:00

qemu_6.2.0.bb

qemu: Fix slirp determinism issue

2022-07-25 15:11:45 +01:00

qemu-helper-native_1.0.bb

qemu-helper-native: Re-write bridge helper as C program

2022-12-01 19:35:05 +00:00

qemu-native_6.2.0.bb

qemu: Upgrade 6.1.0 -> 6.2.0

2021-12-20 15:29:01 +00:00

qemu-native.inc

qemu: replace a gtk wrapper with directly setting environment from runqemu

2022-02-07 10:08:59 +00:00

qemu-system-native_6.2.0.bb

qemu: Fix slirp determinism issue

2022-07-25 15:11:45 +01:00

qemu-targets.inc

qemu: Enable ppc64le support for qemu-usermode

2020-01-22 15:56:14 +00:00

qemu.inc

qemu: Backport fix for CVE-2024-4467

2024-09-16 06:09:56 -07:00

qemuwrapper-cross_1.0.bb

sstatesig: Add processing for full build paths in sysroot files

2021-10-04 15:03:53 +01:00