pool/xen
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3e3107a7e2
xen/xsa140-qemuu-7.patch
Charles Arnold b5fb5e90fb - bsc#939712 - VUL-0: XSA-140: QEMU leak of uninitialized heap 
memory in rtl8139 device model
  xsa140-qemuu-1.patch
  xsa140-qemuu-2.patch
  xsa140-qemuu-3.patch
  xsa140-qemuu-4.patch
  xsa140-qemuu-5.patch
  xsa140-qemuu-6.patch
  xsa140-qemuu-7.patch
  xsa140-qemut-1.patch
  xsa140-qemut-2.patch
  xsa140-qemut-3.patch
  xsa140-qemut-4.patch
  xsa140-qemut-5.patch
  xsa140-qemut-6.patch
  xsa140-qemut-7.patch
- bsc#939709 - VUL-0: XSA-139: xen: Use after free in QEMU/Xen
  block unplug protocol
  xsa139-qemuu.patch

- bsc#937371 - xen vm's running after reboot
  xendomains-libvirtd-conflict.patch

- bsc#938344 - VUL-0: CVE-2015-5154: qemu,kvm,xen: host code
  execution via IDE subsystem CD-ROM  
  CVE-2015-5154-qemuu-check-array-bounds-before-writing-to-io_buffer.patch
  CVE-2015-5154-qemut-check-array-bounds-before-writing-to-io_buffer.patch
  CVE-2015-5154-qemuu-fix-START-STOP-UNIT-command-completion.patch
  CVE-2015-5154-qemut-fix-START-STOP-UNIT-command-completion.patch
  CVE-2015-5154-qemuu-clear-DRQ-after-handling-all-expected-accesses.patch

OBS-URL: https://build.opensuse.org/package/show/Virtualization/xen?expand=0&rev=371
2015-08-11 22:49:00 +00:00

32 lines
1.3 KiB
Diff
Raw Blame History

References: bsc#939712 XSA-140
From 9a084807bf6ca7c16d997a236d304111894a6539 Mon Sep 17 00:00:00 2001
From: Stefan Hajnoczi <stefanha@redhat.com>
Date: Wed, 15 Jul 2015 18:17:04 +0100
Subject: [PATCH 7/7] rtl8139: check TCP Data Offset field
The TCP Data Offset field contains the length of the header. Make sure
it is valid and does not exceed the IP data length.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
hw/net/rtl8139.c | 5 +++++
1 file changed, 5 insertions(+)
Index: xen-4.5.1-testing/tools/qemu-xen-dir-remote/hw/net/rtl8139.c
===================================================================
--- xen-4.5.1-testing.orig/tools/qemu-xen-dir-remote/hw/net/rtl8139.c
+++ xen-4.5.1-testing/tools/qemu-xen-dir-remote/hw/net/rtl8139.c
@@ -2250,6 +2250,11 @@ static int rtl8139_cplus_transmit_one(RT
int tcp_hlen = TCP_HEADER_DATA_OFFSET(p_tcp_hdr);
+ /* Invalid TCP data offset? */
+ if (tcp_hlen < sizeof(tcp_header) || tcp_hlen > ip_data_len) {
+ goto skip_offload;
+ }
+
/* ETH_MTU = ip header len + tcp header len + payload */
int tcp_data_len = ip_data_len - tcp_hlen;
int tcp_chunk_size = ETH_MTU - hlen - tcp_hlen;
Reference in New Issue View Git Blame Copy Permalink