Synchronization with qemu-kvm-5.2.0-4.el8
- Not required specific SLOF version
This commit is contained in:
Miroslav Rezanina
parent
b5941f2b18
commit
e6d35e8f4a
|
|
@ -0,0 +1,51 @@
|
|||
From 1b118c53c70d9fa4ba3dcdf172039d29335bed73 Mon Sep 17 00:00:00 2001
|
||||
From: Jon Maloy <jmaloy@redhat.com>
|
||||
Date: Wed, 20 Jan 2021 00:13:11 -0500
|
||||
Subject: Drop bogus IPv6 messages
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||
Message-id: <20210120001311.1356511-2-jmaloy@redhat.com>
|
||||
Patchwork-id: 100699
|
||||
O-Subject: [RHEL-AV-8.4.0 qemu-kvm PATCH 1/1] Drop bogus IPv6 messages
|
||||
Bugzilla: 1918061
|
||||
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||
RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
|
||||
RH-Acked-by: Thomas Huth <thuth@redhat.com>
|
||||
|
||||
From: Ralf Haferkamp <rhafer@suse.com>
|
||||
|
||||
Drop IPv6 message shorter than what's mentioned in the payload
|
||||
length header (+ the size of the IPv6 header). They're invalid an could
|
||||
lead to data leakage in icmp6_send_echoreply().
|
||||
|
||||
(cherry picked from libslirp commit c7ede54cbd2e2b25385325600958ba0124e31cc0)
|
||||
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
|
||||
---
|
||||
slirp/src/ip6_input.c | 7 +++++++
|
||||
1 file changed, 7 insertions(+)
|
||||
|
||||
diff --git a/slirp/src/ip6_input.c b/slirp/src/ip6_input.c
|
||||
index a83e4f8e3d..f7ef354ee4 100644
|
||||
--- a/slirp/src/ip6_input.c
|
||||
+++ b/slirp/src/ip6_input.c
|
||||
@@ -56,6 +56,13 @@ void ip6_input(struct mbuf *m)
|
||||
goto bad;
|
||||
}
|
||||
|
||||
+ // Check if the message size is big enough to hold what's
|
||||
+ // set in the payload length header. If not this is an invalid
|
||||
+ // packet
|
||||
+ if (m->m_len < ntohs(ip6->ip_pl) + sizeof(struct ip6)) {
|
||||
+ goto bad;
|
||||
+ }
|
||||
+
|
||||
/* check ip_ttl for a correct ICMP reply */
|
||||
if (ip6->ip_hl == 0) {
|
||||
icmp6_send_error(m, ICMP6_TIMXCEED, ICMP6_TIMXCEED_INTRANS);
|
||||
--
|
||||
2.18.4
|
||||
|
||||
|
|
@ -64,7 +64,7 @@ Requires: %{name}-block-ssh = %{epoch}:%{version}-%{release}
|
|||
Summary: QEMU is a machine emulator and virtualizer
|
||||
Name: qemu-kvm
|
||||
Version: 5.2.0
|
||||
Release: 3%{?dist}
|
||||
Release: 4%{?dist}
|
||||
# Epoch because we pushed a qemu-1.0 package. AIUI this can't ever be dropped
|
||||
Epoch: 15
|
||||
License: GPLv2 and GPLv2+ and CC-BY
|
||||
|
|
@ -144,6 +144,7 @@ Patch0048: 0048-memory-Skip-bad-range-assertion-if-notifier-is-DEVIO.patch
|
|||
Patch0049: 0049-RHEL-Switch-pvpanic-test-to-q35.patch
|
||||
Patch0050: 0050-8.4-x86-machine-type.patch
|
||||
Patch0051: 0051-memory-clamp-cached-translation-in-case-it-points-to.patch
|
||||
Patch0054: 0054-Drop-bogus-IPv6-messages.patch
|
||||
|
||||
BuildRequires: wget
|
||||
BuildRequires: rpm-build
|
||||
|
|
@ -281,7 +282,7 @@ Requires: edk2-aarch64
|
|||
%endif
|
||||
|
||||
%ifarch %{power64}
|
||||
Requires: SLOF >= %{SLOF_gittagdate}-1.git%{SLOF_gittagcommit}
|
||||
Requires: SLOF
|
||||
%endif
|
||||
Requires: libseccomp >= 2.4.0
|
||||
# For compressed guest memory dumps
|
||||
|
|
@ -1324,6 +1325,11 @@ sh %{_sysconfdir}/sysconfig/modules/kvm.modules &> /dev/null || :
|
|||
|
||||
|
||||
%changelog
|
||||
* Wed Jan 27 2021 Danilo Cesar Lemes de Paula <ddepaula@redhat.com> - 5.2.0-4.el8
|
||||
- kvm-Drop-bogus-IPv6-messages.patch [bz#1918061]
|
||||
- Resolves: bz#1918061
|
||||
(CVE-2020-10756 virt:rhel/qemu-kvm: QEMU: slirp: networking out-of-bounds read information disclosure vulnerability [rhel-av-8])
|
||||
|
||||
* Mon Jan 18 2021 Danilo Cesar Lemes de Paula <ddepaula@redhat.com> - 5.2.0-3.el8
|
||||
- kvm-block-nvme-Implement-fake-truncate-coroutine.patch [bz#1848834]
|
||||
- kvm-spec-find-system-python-via-meson.patch [bz#1899619]
|
||||
|
|
|
|||
Loading…
Reference in New Issue