poky/squashfs-tools at danny - poky

CaROS/poky

mirror of https://git.yoctoproject.org/git/poky synced 2026-01-04 16:10:04 +00:00

History

yanjun.zhu 54dd30e514 squashfs: fix CVE-2012-4025 CQID:WIND00366813 Reference: http://squashfs.git.sourceforge.net/git/gitweb.cgi? p=squashfs/squashfs;a=patch;h=8515b3d420f502c5c0236b86e2d6d7e3b23c190e Integer overflow in the queue_init function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted block_log field in the superblock of a .sqsh file, leading to a heap-based buffer overflow. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4025 (From OE-Core rev: 4493173c1ab7a0528e0c74935a105e474521ed1c) Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com> [YOCTO #3564] Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2013-02-14 15:19:52 +00:00
..
patches	squashfs: fix CVE-2012-4025	2013-02-14 15:19:52 +00:00
squashfs-tools_4.2.bb	squashfs: fix CVE-2012-4025	2013-02-14 15:19:52 +00:00

yanjun.zhu 54dd30e514 squashfs: fix CVE-2012-4025

CQID:WIND00366813

Reference: http://squashfs.git.sourceforge.net/git/gitweb.cgi?
p=squashfs/squashfs;a=patch;h=8515b3d420f502c5c0236b86e2d6d7e3b23c190e

Integer overflow in the queue_init function in unsquashfs.c in
unsquashfs in Squashfs 4.2 and earlier allows remote attackers
to execute arbitrary code via a crafted block_log field in the
superblock of a .sqsh file, leading to a heap-based buffer overflow.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4025

(From OE-Core rev: 4493173c1ab7a0528e0c74935a105e474521ed1c)

Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>

[YOCTO #3564]
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

2013-02-14 15:19:52 +00:00

patches

squashfs: fix CVE-2012-4025

2013-02-14 15:19:52 +00:00

squashfs-tools_4.2.bb

squashfs: fix CVE-2012-4025

2013-02-14 15:19:52 +00:00