[pve-devel] applied: [PATCH pve-qemu] add patch for CVE-2019-20382 (vnc disconnect memory leak)
Thomas Lamprecht
t.lamprecht at proxmox.com
Thu Mar 5 13:48:09 CET 2020
On 3/5/20 1:29 PM, Oguz Bektas wrote:
> oss-security email can be found here[0]
>
> upstream commit here[1]
>
> this effects our vncproxy. dominik and me tested if the issue is present
> on our branch and it appears that it is.
> in essence when we disconnect from a vnc connection, the memory isn't
> free'd afterwards which causes the qemu process to use more and more
> memory with each disconnect, which could lead to a dos scenario.
>
> we tested the patch and it seems to mitigate the problem.
>
> [0]: https://seclists.org/oss-sec/2020/q1/105
> [1]: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=6bf21f3d83e95bcc4ba35a7a07cc6655e8b010b0
>
> Tested-by: Dominik Csapak <d.csapak at proxmox.com>
> Signed-off-by: Oguz Bektas <o.bektas at proxmox.com>
> ---
> ...-fix-memory-leak-when-vnc-disconnect.patch | 1016 +++++++++++++++++
> debian/patches/series | 1 +
> 2 files changed, 1017 insertions(+)
> create mode 100644 debian/patches/extra/0003-vnc-fix-memory-leak-when-vnc-disconnect.patch
>
applied, thanks!
More information about the pve-devel
mailing list