diff --git a/0061-scsi-megasas-initialise-local-confi.patch b/0061-scsi-megasas-initialise-local-confi.patch new file mode 100644 index 00000000..c8d1e2c3 --- /dev/null +++ b/0061-scsi-megasas-initialise-local-confi.patch @@ -0,0 +1,34 @@ +From 9770400f8184e43d9370ec97e15c6fcaccc381d1 Mon Sep 17 00:00:00 2001 +From: Prasad J Pandit +Date: Wed, 25 May 2016 17:41:44 +0530 +Subject: [PATCH] scsi: megasas: initialise local configuration data buffer + +When reading MegaRAID SAS controller configuration via MegaRAID +Firmware Interface(MFI) commands, routine megasas_dcmd_cfg_read +uses an uninitialised local data buffer. Initialise this buffer +to avoid stack information leakage. + +Reported-by: Li Qiang +Signed-off-by: Prasad J Pandit +Message-Id: <1464178304-12831-1-git-send-email-ppandit@redhat.com> +Signed-off-by: Paolo Bonzini +(cherry picked from commit d37af740730dbbb93960cd318e040372d04d6dcf) +[BR: CVE-2016-5105 982017] +Signed-off-by: Bruce Rogers +--- + hw/scsi/megasas.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c +index 893448b..a9ffc32 100644 +--- a/hw/scsi/megasas.c ++++ b/hw/scsi/megasas.c +@@ -1296,7 +1296,7 @@ static int megasas_dcmd_ld_get_info(MegasasState *s, MegasasCmd *cmd) + + static int megasas_dcmd_cfg_read(MegasasState *s, MegasasCmd *cmd) + { +- uint8_t data[4096]; ++ uint8_t data[4096] = { 0 }; + struct mfi_config_data *info; + int num_pd_disks = 0, array_offset, ld_offset; + BusChild *kid; diff --git a/qemu-linux-user.changes b/qemu-linux-user.changes index 6c7169a5..c4b46bb5 100644 --- a/qemu-linux-user.changes +++ b/qemu-linux-user.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Fri Jun 10 20:25:33 UTC 2016 - brogers@suse.com + +- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.6 +* Patches added: + 0061-scsi-megasas-initialise-local-confi.patch + ------------------------------------------------------------------- Fri Jun 10 13:35:11 UTC 2016 - brogers@suse.com diff --git a/qemu-linux-user.spec b/qemu-linux-user.spec index 91751ffb..a38b7ec6 100644 --- a/qemu-linux-user.spec +++ b/qemu-linux-user.spec @@ -85,6 +85,7 @@ Patch0057: 0057-xen-write-information-about-support.patch Patch0058: 0058-xen-add-pvUSB-backend.patch Patch0059: 0059-usb-Fix-conditions-that-xen-usb.c-i.patch Patch0060: 0060-vnc-add-configurable-keyboard-delay.patch +Patch0061: 0061-scsi-megasas-initialise-local-confi.patch # Please do not add patches manually here, run update_git.sh. # this is to make lint happy Source300: qemu-rpmlintrc @@ -198,6 +199,7 @@ run cross-architecture builds. %patch0058 -p1 %patch0059 -p1 %patch0060 -p1 +%patch0061 -p1 %build ./configure --prefix=%_prefix --sysconfdir=%_sysconfdir \ diff --git a/qemu-testsuite.changes b/qemu-testsuite.changes index 35b9d8ea..afc6513c 100644 --- a/qemu-testsuite.changes +++ b/qemu-testsuite.changes @@ -1,3 +1,12 @@ +------------------------------------------------------------------- +Fri Jun 10 20:25:21 UTC 2016 - brogers@suse.com + +- Fix host information leak to guest in MegaRAID SAS 8708EM2 Host + Bus AdapterMegaRAID SAS 8708EM2 Host Bus Adapter emulation support + (CVE-2016-5105 bsc#982017) +*Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.6 + 0061-scsi-megasas-initialise-local-confi.patch + ------------------------------------------------------------------- Fri Jun 10 13:35:06 UTC 2016 - brogers@suse.com diff --git a/qemu-testsuite.spec b/qemu-testsuite.spec index 2f65d5a7..28079b07 100644 --- a/qemu-testsuite.spec +++ b/qemu-testsuite.spec @@ -126,6 +126,7 @@ Patch0057: 0057-xen-write-information-about-support.patch Patch0058: 0058-xen-add-pvUSB-backend.patch Patch0059: 0059-usb-Fix-conditions-that-xen-usb.c-i.patch Patch0060: 0060-vnc-add-configurable-keyboard-delay.patch +Patch0061: 0061-scsi-megasas-initialise-local-confi.patch # Please do not add QEMU patches manually here. # Run update_git.sh to regenerate this queue. @@ -734,6 +735,7 @@ This package provides a service file for starting and stopping KSM. %patch0058 -p1 %patch0059 -p1 %patch0060 -p1 +%patch0061 -p1 %if %{build_x86_fw_from_source} pushd roms/seabios diff --git a/qemu.changes b/qemu.changes index 35b9d8ea..afc6513c 100644 --- a/qemu.changes +++ b/qemu.changes @@ -1,3 +1,12 @@ +------------------------------------------------------------------- +Fri Jun 10 20:25:21 UTC 2016 - brogers@suse.com + +- Fix host information leak to guest in MegaRAID SAS 8708EM2 Host + Bus AdapterMegaRAID SAS 8708EM2 Host Bus Adapter emulation support + (CVE-2016-5105 bsc#982017) +*Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.6 + 0061-scsi-megasas-initialise-local-confi.patch + ------------------------------------------------------------------- Fri Jun 10 13:35:06 UTC 2016 - brogers@suse.com diff --git a/qemu.spec b/qemu.spec index bdb5bdf8..5241f5b3 100644 --- a/qemu.spec +++ b/qemu.spec @@ -126,6 +126,7 @@ Patch0057: 0057-xen-write-information-about-support.patch Patch0058: 0058-xen-add-pvUSB-backend.patch Patch0059: 0059-usb-Fix-conditions-that-xen-usb.c-i.patch Patch0060: 0060-vnc-add-configurable-keyboard-delay.patch +Patch0061: 0061-scsi-megasas-initialise-local-confi.patch # Please do not add QEMU patches manually here. # Run update_git.sh to regenerate this queue. @@ -734,6 +735,7 @@ This package provides a service file for starting and stopping KSM. %patch0058 -p1 %patch0059 -p1 %patch0060 -p1 +%patch0061 -p1 %if %{build_x86_fw_from_source} pushd roms/seabios