diff options
| author | Peter Korsgaard <peter@korsgaard.com> | 2017-12-20 12:26:01 +0100 |
|---|---|---|
| committer | Peter Korsgaard <peter@korsgaard.com> | 2017-12-20 21:22:33 +0100 |
| commit | eb2b3df62666b0e2dc3042efdfecd7f62513bc9a (patch) | |
| tree | ed6780141c6f82d57016eb53ee8119de6c01accc /package/qemu/qemu.hash | |
| parent | 35f8333eb4b69e7d04960677a03790426e7fb15e (diff) | |
| download | buildroot-eb2b3df62666b0e2dc3042efdfecd7f62513bc9a.tar.gz buildroot-eb2b3df62666b0e2dc3042efdfecd7f62513bc9a.zip | |
qemu: security bump to version 2.10.2
Fixes the following security issues:
CVE-2017-13672: QEMU (aka Quick Emulator), when built with the VGA display
emulator support, allows local guest OS privileged users to cause a denial
of service (out-of-bounds read and QEMU process crash) via vectors involving
display update.
CVE-2017-15118: Stack buffer overflow in NBD server triggered via long
export name
CVE-2017-15119: DoS via large option request
CVE-2017-15268: Qemu through 2.10.0 allows remote attackers to cause a
memory leak by triggering slow data-channel read operations, related to
io/channel-websock.c.
For more details, see the release announcement:
https://lists.nongnu.org/archive/html/qemu-devel/2017-12/msg03618.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Diffstat (limited to 'package/qemu/qemu.hash')
| -rw-r--r-- | package/qemu/qemu.hash | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/package/qemu/qemu.hash b/package/qemu/qemu.hash index db43c9a2d8..1173c1bf3d 100644 --- a/package/qemu/qemu.hash +++ b/package/qemu/qemu.hash @@ -1,4 +1,4 @@ # Locally computed, tarball verified with GPG signature -sha256 1dd51a908fc68c7d935b0b31fb184c5669bc23b5a1b081816e824714f2a11caa qemu-2.10.1.tar.xz +sha256 fcfdaa1ecdaac8aead616fe811bfb8fe4a8f2cd59796aa446c5175b5af0e829f qemu-2.10.2.tar.xz sha256 6f04ae8364d0079a192b14635f4b1da294ce18724c034c39a6a41d1b09df6100 COPYING sha256 48ffe9fc7f1d5462dbd19340bc4dd1d8a9e37c61ed535813e614cbe4a5f0d4df COPYING.LIB |
