SHA256
1
0
forked from pool/qemu

Accepting request 401237 from home:bfrogers:branches:Virtualization

One more recent security fix that slipped through the cracks.

OBS-URL: https://build.opensuse.org/request/show/401237
OBS-URL: https://build.opensuse.org/package/show/Virtualization/qemu?expand=0&rev=300
This commit is contained in:
Bruce Rogers 2016-06-10 20:54:39 +00:00 committed by Git OBS Bridge
parent 1a90c34242
commit 2d0a35b76c
7 changed files with 65 additions and 0 deletions

View File

@ -0,0 +1,34 @@
From 9770400f8184e43d9370ec97e15c6fcaccc381d1 Mon Sep 17 00:00:00 2001
From: Prasad J Pandit <pjp@fedoraproject.org>
Date: Wed, 25 May 2016 17:41:44 +0530
Subject: [PATCH] scsi: megasas: initialise local configuration data buffer
When reading MegaRAID SAS controller configuration via MegaRAID
Firmware Interface(MFI) commands, routine megasas_dcmd_cfg_read
uses an uninitialised local data buffer. Initialise this buffer
to avoid stack information leakage.
Reported-by: Li Qiang <liqiang6-s@360.cn>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Message-Id: <1464178304-12831-1-git-send-email-ppandit@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit d37af740730dbbb93960cd318e040372d04d6dcf)
[BR: CVE-2016-5105 982017]
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
hw/scsi/megasas.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c
index 893448b..a9ffc32 100644
--- a/hw/scsi/megasas.c
+++ b/hw/scsi/megasas.c
@@ -1296,7 +1296,7 @@ static int megasas_dcmd_ld_get_info(MegasasState *s, MegasasCmd *cmd)
static int megasas_dcmd_cfg_read(MegasasState *s, MegasasCmd *cmd)
{
- uint8_t data[4096];
+ uint8_t data[4096] = { 0 };
struct mfi_config_data *info;
int num_pd_disks = 0, array_offset, ld_offset;
BusChild *kid;

View File

@ -1,3 +1,10 @@
-------------------------------------------------------------------
Fri Jun 10 20:25:33 UTC 2016 - brogers@suse.com
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.6
* Patches added:
0061-scsi-megasas-initialise-local-confi.patch
-------------------------------------------------------------------
Fri Jun 10 13:35:11 UTC 2016 - brogers@suse.com

View File

@ -85,6 +85,7 @@ Patch0057: 0057-xen-write-information-about-support.patch
Patch0058: 0058-xen-add-pvUSB-backend.patch
Patch0059: 0059-usb-Fix-conditions-that-xen-usb.c-i.patch
Patch0060: 0060-vnc-add-configurable-keyboard-delay.patch
Patch0061: 0061-scsi-megasas-initialise-local-confi.patch
# Please do not add patches manually here, run update_git.sh.
# this is to make lint happy
Source300: qemu-rpmlintrc
@ -198,6 +199,7 @@ run cross-architecture builds.
%patch0058 -p1
%patch0059 -p1
%patch0060 -p1
%patch0061 -p1
%build
./configure --prefix=%_prefix --sysconfdir=%_sysconfdir \

View File

@ -1,3 +1,12 @@
-------------------------------------------------------------------
Fri Jun 10 20:25:21 UTC 2016 - brogers@suse.com
- Fix host information leak to guest in MegaRAID SAS 8708EM2 Host
Bus AdapterMegaRAID SAS 8708EM2 Host Bus Adapter emulation support
(CVE-2016-5105 bsc#982017)
*Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.6
0061-scsi-megasas-initialise-local-confi.patch
-------------------------------------------------------------------
Fri Jun 10 13:35:06 UTC 2016 - brogers@suse.com

View File

@ -126,6 +126,7 @@ Patch0057: 0057-xen-write-information-about-support.patch
Patch0058: 0058-xen-add-pvUSB-backend.patch
Patch0059: 0059-usb-Fix-conditions-that-xen-usb.c-i.patch
Patch0060: 0060-vnc-add-configurable-keyboard-delay.patch
Patch0061: 0061-scsi-megasas-initialise-local-confi.patch
# Please do not add QEMU patches manually here.
# Run update_git.sh to regenerate this queue.
@ -734,6 +735,7 @@ This package provides a service file for starting and stopping KSM.
%patch0058 -p1
%patch0059 -p1
%patch0060 -p1
%patch0061 -p1
%if %{build_x86_fw_from_source}
pushd roms/seabios

View File

@ -1,3 +1,12 @@
-------------------------------------------------------------------
Fri Jun 10 20:25:21 UTC 2016 - brogers@suse.com
- Fix host information leak to guest in MegaRAID SAS 8708EM2 Host
Bus AdapterMegaRAID SAS 8708EM2 Host Bus Adapter emulation support
(CVE-2016-5105 bsc#982017)
*Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.6
0061-scsi-megasas-initialise-local-confi.patch
-------------------------------------------------------------------
Fri Jun 10 13:35:06 UTC 2016 - brogers@suse.com

View File

@ -126,6 +126,7 @@ Patch0057: 0057-xen-write-information-about-support.patch
Patch0058: 0058-xen-add-pvUSB-backend.patch
Patch0059: 0059-usb-Fix-conditions-that-xen-usb.c-i.patch
Patch0060: 0060-vnc-add-configurable-keyboard-delay.patch
Patch0061: 0061-scsi-megasas-initialise-local-confi.patch
# Please do not add QEMU patches manually here.
# Run update_git.sh to regenerate this queue.
@ -734,6 +735,7 @@ This package provides a service file for starting and stopping KSM.
%patch0058 -p1
%patch0059 -p1
%patch0060 -p1
%patch0061 -p1
%if %{build_x86_fw_from_source}
pushd roms/seabios