[oe-commits] yanjun.zhu : squashfs: fix CVE-2012-4025
git at git.openembedded.org
git at git.openembedded.org
Thu Jan 3 12:34:00 UTC 2013
Module: openembedded-core.git
Branch: denzil
Commit: e6fddd1961061895e9335fa94b636163efdc9caa
URL: http://git.openembedded.org/?p=openembedded-core.git&a=commit;h=e6fddd1961061895e9335fa94b636163efdc9caa
Author: yanjun.zhu <yanjun.zhu at windriver.com>
Date: Tue Dec 11 18:00:32 2012 +0800
squashfs: fix CVE-2012-4025
CQID:WIND00366813
Reference: http://squashfs.git.sourceforge.net/git/gitweb.cgi?
p=squashfs/squashfs;a=patch;h=8515b3d420f502c5c0236b86e2d6d7e3b23c190e
Integer overflow in the queue_init function in unsquashfs.c in
unsquashfs in Squashfs 4.2 and earlier allows remote attackers
to execute arbitrary code via a crafted block_log field in the
superblock of a .sqsh file, leading to a heap-based buffer overflow.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4025
Signed-off-by: yanjun.zhu <yanjun.zhu at windriver.com>
[YOCTO #3564]
Signed-off-by: Saul Wold <sgw at linux.intel.com>
---
.../patches/squashfs-4.2-fix-CVE-2012-4025.patch | 190 +++++++++++++++++
...dd-a-commment-and-fix-some-other-comments.patch | 38 ++++
.../patches/squashfs-fix-open-file-limit.patch | 215 ++++++++++++++++++++
.../squashfs-tools/squashfs-tools_4.2.bb | 5 +-
4 files changed, 447 insertions(+), 1 deletions(-)
Diff: http://git.openembedded.org/?p=openembedded-core.git/?a=commitdiff;h=e6fddd1961061895e9335fa94b636163efdc9caa
More information about the Openembedded-commits
mailing list