pve-qemu-qoup/debian/patches
Oguz Bektas ee8bd5bfbe add patch for CVE-2019-20382 (vnc disconnect memory leak)
oss-security email can be found here[0]

upstream commit here[1]

this effects our vncproxy. dominik and me tested if the issue is present
on our branch and it appears that it is.
in essence when we disconnect from a vnc connection, the memory isn't
free'd afterwards which causes the qemu process to use more and more
memory with each disconnect, which could lead to a dos scenario.

we tested the patch and it seems to mitigate the problem.

[0]: https://seclists.org/oss-sec/2020/q1/105
[1]: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=6bf21f3d83e95bcc4ba35a7a07cc6655e8b010b0

Tested-by: Dominik Csapak <d.csapak@proxmox.com>
Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
2020-03-05 13:34:29 +01:00
..
extra add patch for CVE-2019-20382 (vnc disconnect memory leak) 2020-03-05 13:34:29 +01:00
pve improve qemu backup by reducing lock contention 2020-02-18 10:47:21 +01:00
series add patch for CVE-2019-20382 (vnc disconnect memory leak) 2020-03-05 13:34:29 +01:00