pve-qemu-qoup

c/pve-qemu-qoup

Fork 0

Commit Graph

Author	SHA1	Message	Date
Oguz Bektas	ee8bd5bfbe	add patch for CVE-2019-20382 (vnc disconnect memory leak) oss-security email can be found here[0] upstream commit here[1] this effects our vncproxy. dominik and me tested if the issue is present on our branch and it appears that it is. in essence when we disconnect from a vnc connection, the memory isn't free'd afterwards which causes the qemu process to use more and more memory with each disconnect, which could lead to a dos scenario. we tested the patch and it seems to mitigate the problem. [0]: https://seclists.org/oss-sec/2020/q1/105 [1]: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=6bf21f3d83e95bcc4ba35a7a07cc6655e8b010b0 Tested-by: Dominik Csapak <d.csapak@proxmox.com> Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>	2020-03-05 13:34:29 +01:00

Author

SHA1

Message

Date

Oguz Bektas

ee8bd5bfbe

add patch for CVE-2019-20382 (vnc disconnect memory leak)

oss-security email can be found here[0]

upstream commit here[1]

this effects our vncproxy. dominik and me tested if the issue is present
on our branch and it appears that it is.
in essence when we disconnect from a vnc connection, the memory isn't
free'd afterwards which causes the qemu process to use more and more
memory with each disconnect, which could lead to a dos scenario.

we tested the patch and it seems to mitigate the problem.

[0]: https://seclists.org/oss-sec/2020/q1/105
[1]: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=6bf21f3d83e95bcc4ba35a7a07cc6655e8b010b0

Tested-by: Dominik Csapak <d.csapak@proxmox.com>
Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>

2020-03-05 13:34:29 +01:00

1 Commits