Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP1:GA
xen.10697
CVE-2017-8309-qemut-audio-host-memory-leakage-v...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2017-8309-qemut-audio-host-memory-leakage-via-capture-buffer.patch of Package xen.10697
References: bsc#1037243 CVE-2017-8309 Subject: audio: release capture buffers From: Gerd Hoffmann kraxel@redhat.com Fri Apr 28 09:56:12 2017 +0200 Date: Thu May 4 08:31:48 2017 +0200: Git: 3268a845f41253fb55852a8429c32b50f36f349a AUD_add_capture() allocates two buffers which are never released. Add the missing calls to AUD_del_capture(). Impact: Allows vnc clients to exhaust host memory by repeatedly starting and stopping audio capture. Fixes: CVE-2017-8309 Cc: P J P <ppandit@redhat.com> Cc: Huawei PSIRT <PSIRT@huawei.com> Reported-by: "Jiangxin (hunter, SCC)" <jiangxin1@huawei.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Prasad J Pandit <pjp@fedoraproject.org> Message-id: 20170428075612.9997-1-kraxel@redhat.com Index: xen-4.4.4-testing/tools/qemu-xen-traditional-dir-remote/audio/audio.c =================================================================== --- xen-4.4.4-testing.orig/tools/qemu-xen-traditional-dir-remote/audio/audio.c +++ xen-4.4.4-testing/tools/qemu-xen-traditional-dir-remote/audio/audio.c @@ -1937,6 +1937,8 @@ void AUD_del_capture (CaptureVoiceOut *c sw = sw1; } LIST_REMOVE (cap, entries); + qemu_free (cap->hw.mix_buf); + qemu_free (cap->buf); qemu_free (cap); } return;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor