- bsc#962321 - VUL-0: CVE-2016-1922: xen: i386: null pointer

dereference in vapic_write() CVE-2016-1922-qemuu-i386-null-pointer-dereference-in-vapic_write.patch CVE-2016-2391-qemut-usb-null-pointer-dereference-in-ohci-module.patch - bsc#965112 - VUL-0: CVE-2014-3640: xen: slirp: NULL pointer deref in sosendto() CVE-2014-3640-qemut-slirp-NULL-pointer-deref-in-sosendto.patch OBS-URL: https://build.opensuse.org/package/show/Virtualization/xen?expand=0&rev=404
2016-03-01 21:45:58 +00:00
parent 5ef52f56fd
commit 95d1280885
10 changed files with 310 additions and 44 deletions
--- a/xen.spec
+++ b/xen.spec
@@ -15,6 +15,7 @@
 # Please submit bugfixes or comments via http://bugs.opensuse.org/
 #

+
 # needssslcertforbuild

 Name:           xen
@@ -224,41 +225,46 @@ Patch255:       0005-e1000-multi-buffer-packet-support.patch
 Patch256:       0006-e1000-clear-EOP-for-multi-buffer-descriptors.patch
 Patch257:       0007-e1000-verify-we-have-buffers-upfront.patch
 Patch258:       0008-e1000-check-buffer-availability.patch
-Patch259:       CVE-2015-4037-qemuu-smb-config-dir-name.patch
-Patch260:       CVE-2015-4037-qemut-smb-config-dir-name.patch
-Patch262:       CVE-2014-0222-qemut-qcow1-validate-l2-table-size.patch
-Patch263:       CVE-2015-8345-qemuu-eepro100-infinite-loop-fix.patch
-Patch264:       CVE-2015-8345-qemut-eepro100-infinite-loop-fix.patch
-Patch265:       CVE-2015-8504-qemut-vnc-avoid-floating-point-exception.patch
-Patch266:       CVE-2015-8504-qemuu-vnc-avoid-floating-point-exception.patch
-Patch267:       CVE-2015-7549-qemuu-pci-null-pointer-dereference-issue.patch
-Patch268:       CVE-2015-8558-qemuu-usb-infinite-loop-in-ehci_advance_state-results-in-DoS.patch
-Patch269:       CVE-2015-8568-qemuu-net-vmxnet3-avoid-memory-leakage-in-activate_device.patch
-Patch270:       CVE-2015-8745-qemuu-net-vmxnet3-read-IMR-registers-instead-of-assert.patch
-Patch271:       CVE-2015-8744-qemuu-net-vmxnet3-incorrect-l2-header-validation-leads-to-crash.patch
-Patch272:       CVE-2015-8743-qemuu-ne2000-OOB-memory-access-in-ioport-rw-functions.patch
-Patch273:       CVE-2015-8613-qemuu-scsi-initialise-info-object-with-appropriate-size.patch
-Patch274:       CVE-2016-1568-qemuu-ide-ahci-reset-ncq-object-to-unused-on-error.patch
-Patch275:       CVE-2016-1714-qemuu-fw_cfg-add-check-to-validate-current-entry-value.patch
-Patch276:       CVE-2016-1714-qemut-fw_cfg-add-check-to-validate-current-entry-value.patch
-Patch277:       CVE-2013-4538-qemut-ssd0323-fix-buffer-overun-on-invalid-state.patch
-Patch278:       CVE-2015-7512-qemuu-net-pcnet-buffer-overflow-in-non-loopback-mode.patch
-Patch279:       CVE-2015-7512-qemut-net-pcnet-buffer-overflow-in-non-loopback-mode.patch
-Patch280:       CVE-2014-7815-qemut-vnc-sanitize-bits_per_pixel-from-the-client.patch
-Patch281:       CVE-2013-4537-qemut-ssi-sd-fix-buffer-overrun-on-invalid-state-load.patch
-Patch282:       CVE-2015-1779-qemuu-incrementally-decode-websocket-frames.patch
-Patch283:       CVE-2015-1779-qemuu-limit-size-of-HTTP-headers-from-websockets-clients.patch
-Patch284:       CVE-2013-4539-qemut-tsc210x-fix-buffer-overrun-on-invalid-state-load.patch
-Patch285:       CVE-2016-1981-qemuu-e1000-eliminate-infinite-loops-on-out-of-bounds-transfer.patch
-Patch286:       CVE-2016-1981-qemut-e1000-eliminate-infinite-loops-on-out-of-bounds-transfer.patch
-Patch287:       CVE-2016-2198-qemuu-usb-ehci-null-pointer-dereference-in-ehci_caps_write.patch
-Patch288:       CVE-2013-4533-qemut-pxa2xx-buffer-overrun-on-incoming-migration.patch
-Patch289:       CVE-2015-5278-qemut-Infinite-loop-in-ne2000_receive-function.patch
-Patch290:       CVE-2015-6855-qemuu-ide-divide-by-zero-issue.patch
-Patch291:       CVE-2015-8619-qemuu-stack-based-OOB-write-in-hmp_sendkey-routine.patch
-Patch292:       CVE-2016-2392-qemuu-usb-null-pointer-dereference-in-NDIS-message-handling.patch
-Patch293:       CVE-2016-2391-qemuu-usb-null-pointer-dereference-in-ohci-module.patch
-Patch294:       CVE-2016-2538-qemuu-usb-integer-overflow-in-remote-NDIS-message-handling.patch
+Patch259:       CVE-2015-5154-qemut-fix-START-STOP-UNIT-command-completion.patch
+Patch260:       CVE-2015-6815-qemut-e1000-fix-infinite-loop.patch
+Patch261:       CVE-2015-4037-qemuu-smb-config-dir-name.patch
+Patch262:       CVE-2015-4037-qemut-smb-config-dir-name.patch
+Patch263:       CVE-2014-0222-qemut-qcow1-validate-l2-table-size.patch
+Patch264:       CVE-2015-8345-qemuu-eepro100-infinite-loop-fix.patch
+Patch265:       CVE-2015-8345-qemut-eepro100-infinite-loop-fix.patch
+Patch266:       CVE-2015-8504-qemut-vnc-avoid-floating-point-exception.patch
+Patch267:       CVE-2015-8504-qemuu-vnc-avoid-floating-point-exception.patch
+Patch268:       CVE-2015-7549-qemuu-pci-null-pointer-dereference-issue.patch
+Patch269:       CVE-2015-8558-qemuu-usb-infinite-loop-in-ehci_advance_state-results-in-DoS.patch
+Patch270:       CVE-2015-8568-qemuu-net-vmxnet3-avoid-memory-leakage-in-activate_device.patch
+Patch271:       CVE-2015-8745-qemuu-net-vmxnet3-read-IMR-registers-instead-of-assert.patch
+Patch272:       CVE-2015-8744-qemuu-net-vmxnet3-incorrect-l2-header-validation-leads-to-crash.patch
+Patch273:       CVE-2015-8743-qemuu-ne2000-OOB-memory-access-in-ioport-rw-functions.patch
+Patch274:       CVE-2015-8613-qemuu-scsi-initialise-info-object-with-appropriate-size.patch
+Patch275:       CVE-2016-1568-qemuu-ide-ahci-reset-ncq-object-to-unused-on-error.patch
+Patch276:       CVE-2016-1714-qemuu-fw_cfg-add-check-to-validate-current-entry-value.patch
+Patch277:       CVE-2016-1714-qemut-fw_cfg-add-check-to-validate-current-entry-value.patch
+Patch278:       CVE-2013-4538-qemut-ssd0323-fix-buffer-overun-on-invalid-state.patch
+Patch279:       CVE-2015-7512-qemuu-net-pcnet-buffer-overflow-in-non-loopback-mode.patch
+Patch280:       CVE-2015-7512-qemut-net-pcnet-buffer-overflow-in-non-loopback-mode.patch
+Patch281:       CVE-2014-7815-qemut-vnc-sanitize-bits_per_pixel-from-the-client.patch
+Patch282:       CVE-2013-4537-qemut-ssi-sd-fix-buffer-overrun-on-invalid-state-load.patch
+Patch283:       CVE-2015-1779-qemuu-incrementally-decode-websocket-frames.patch
+Patch284:       CVE-2015-1779-qemuu-limit-size-of-HTTP-headers-from-websockets-clients.patch
+Patch285:       CVE-2013-4539-qemut-tsc210x-fix-buffer-overrun-on-invalid-state-load.patch
+Patch286:       CVE-2016-1981-qemuu-e1000-eliminate-infinite-loops-on-out-of-bounds-transfer.patch
+Patch287:       CVE-2016-1981-qemut-e1000-eliminate-infinite-loops-on-out-of-bounds-transfer.patch
+Patch288:       CVE-2016-2198-qemuu-usb-ehci-null-pointer-dereference-in-ehci_caps_write.patch
+Patch289:       CVE-2013-4533-qemut-pxa2xx-buffer-overrun-on-incoming-migration.patch
+Patch290:       CVE-2015-5278-qemut-Infinite-loop-in-ne2000_receive-function.patch
+Patch291:       CVE-2014-3640-qemut-slirp-NULL-pointer-deref-in-sosendto.patch
+Patch292:       CVE-2015-6855-qemuu-ide-divide-by-zero-issue.patch
+Patch293:       CVE-2015-8619-qemuu-stack-based-OOB-write-in-hmp_sendkey-routine.patch
+Patch294:       CVE-2016-2392-qemuu-usb-null-pointer-dereference-in-NDIS-message-handling.patch
+Patch295:       CVE-2016-2391-qemuu-usb-null-pointer-dereference-in-ohci-module.patch
+Patch296:       CVE-2016-2391-qemut-usb-null-pointer-dereference-in-ohci-module.patch
+Patch297:       CVE-2016-2538-qemuu-usb-integer-overflow-in-remote-NDIS-message-handling.patch
+Patch298:       CVE-2016-1922-qemuu-i386-null-pointer-dereference-in-vapic_write.patch
 # Our platform specific patches
 Patch321:       xen-destdir.patch
 Patch322:       vif-bridge-no-iptables.patch
@@ -554,6 +560,7 @@ Authors:
 %patch258 -p1
 %patch259 -p1
 %patch260 -p1
+%patch261 -p1
 %patch262 -p1
 %patch263 -p1
 %patch264 -p1
@@ -587,6 +594,10 @@ Authors:
 %patch292 -p1
 %patch293 -p1
 %patch294 -p1
+%patch295 -p1
+%patch296 -p1
+%patch297 -p1
+%patch298 -p1
 # Our platform specific patches
 %patch321 -p1
 %patch322 -p1