diff --git a/bundles.tar.xz b/bundles.tar.xz index 421511b..761ab6e 100644 --- a/bundles.tar.xz +++ b/bundles.tar.xz @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:92179c1084cef7f446d3acd5274a99c1da46b7de3456c1603a7f6cf488a1e662 -size 52608 +oid sha256:5b6d904ec52cc144da72b58e2a01929d6b9d57987c49d265d2c92ba5785c3adb +size 49932 diff --git a/qemu.changes b/qemu.changes index 1e60bd8..161e884 100644 --- a/qemu.changes +++ b/qemu.changes @@ -17,7 +17,7 @@ Mon Jun 7 18:13:50 UTC 2021 - José Ricardo Ziviani CVE-2021-3546 bsc#1185981 vhost-user-gpu-abstract-vg_cleanup_mappi.patch - Fix memory leaks found in the virtio vhost-user GPU device - CVE-2021-3544 + CVE-2021-3544 bsc#1186010 vhost-user-gpu-fix-leak-in-virgl_cmd_res.patch vhost-user-gpu-fix-leak-in-virgl_resourc.patch vhost-user-gpu-fix-memory-disclosure-in-.patch diff --git a/vhost-user-gpu-abstract-vg_cleanup_mappi.patch b/vhost-user-gpu-abstract-vg_cleanup_mappi.patch index 0a6fc73..1350127 100644 --- a/vhost-user-gpu-abstract-vg_cleanup_mappi.patch +++ b/vhost-user-gpu-abstract-vg_cleanup_mappi.patch @@ -8,7 +8,7 @@ Content-Transfer-Encoding: 8bit Git-commit: 3ea32d1355d446057c17458238db2749c52ee8f0 References: CVE-2021-3546 bsc#1185981 CVE-2021-3545 bsc#1185990 - CVE-2021-3544 + CVE-2021-3544 bsc#1186010 Currently in vhost-user-gpu, we free resource directly in the cleanup case of resource. If we change the cleanup logic diff --git a/vhost-user-gpu-fix-leak-in-virgl_cmd_res.patch b/vhost-user-gpu-fix-leak-in-virgl_cmd_res.patch index f872490..d545260 100644 --- a/vhost-user-gpu-fix-leak-in-virgl_cmd_res.patch +++ b/vhost-user-gpu-fix-leak-in-virgl_cmd_res.patch @@ -7,7 +7,7 @@ Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Git-comit: f6091d86ba9ea05f4e111b9b42ee0005c37a6779 -References: CVE-2021-3544 +References: CVE-2021-3544 bsc#1186010 The 'res->iov' will be leaked if the guest trigger following sequences: diff --git a/vhost-user-gpu-fix-leak-in-virgl_resourc.patch b/vhost-user-gpu-fix-leak-in-virgl_resourc.patch index e22ceda..2ec38aa 100644 --- a/vhost-user-gpu-fix-leak-in-virgl_resourc.patch +++ b/vhost-user-gpu-fix-leak-in-virgl_resourc.patch @@ -7,7 +7,7 @@ Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Git-commit: 63736af5a6571d9def93769431e0d7e38c6677bf -References: CVE-2021-3544 +References: CVE-2021-3544 bsc#1186010 If 'virgl_renderer_resource_attach_iov' failed, the 'res_iovs' will be leaked. diff --git a/vhost-user-gpu-fix-memory-leak-in-vg_res.patch b/vhost-user-gpu-fix-memory-leak-in-vg_res.patch index bfcdeb7..a74a08a 100644 --- a/vhost-user-gpu-fix-memory-leak-in-vg_res.patch +++ b/vhost-user-gpu-fix-memory-leak-in-vg_res.patch @@ -7,7 +7,7 @@ Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Git-commit: b9f79858a614d95f5de875d0ca31096eaab72c3b -References: CVE-2021-3544 +References: CVE-2021-3544 bsc#1186010 Check whether the 'res' has already been attach_backing to avoid memory leak. diff --git a/vhost-user-gpu-fix-memory-leak-while-cal.patch b/vhost-user-gpu-fix-memory-leak-while-cal.patch index efd2dc8..f65a560 100644 --- a/vhost-user-gpu-fix-memory-leak-while-cal.patch +++ b/vhost-user-gpu-fix-memory-leak-while-cal.patch @@ -7,7 +7,7 @@ Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Git-commit: b7afebcf9e6ecf3cf9b5a9b9b731ed04bca6aa3e -References: CVE-2021-3544 +References: CVE-2021-3544 bsc#1186010 If the guest trigger following sequences, the attach_backing will be leaked: diff --git a/vhost-user-gpu-fix-resource-leak-in-vg_r.patch b/vhost-user-gpu-fix-resource-leak-in-vg_r.patch index 405aead..a20b682 100644 --- a/vhost-user-gpu-fix-resource-leak-in-vg_r.patch +++ b/vhost-user-gpu-fix-resource-leak-in-vg_r.patch @@ -7,7 +7,7 @@ Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Git-commit: 86dd8fac2acc366930a5dc08d3fb1b1e816f4e1e -References: CVE-2021-3544 +References: CVE-2021-3544 bsc#1186010 Call 'vugbm_buffer_destroy' in error path to avoid resource leak.