diff options
author | Stefan Hajnoczi <stefanha@redhat.com> | 2013-02-08 08:49:10 +0100 |
---|---|---|
committer | Anthony Liguori <aliguori@us.ibm.com> | 2013-02-08 11:14:20 -0600 |
commit | fb6d1bbd246c7a57ef53d3847ef225cd1349d602 (patch) | |
tree | 81248ebd26fd657f0c90dcd8140253f5829c0e4c /hw | |
parent | 0eb256a2173d35c64696189adcd3599be61922ef (diff) |
block/curl: disable extra protocols to prevent CVE-2013-0249
There is a buffer overflow in libcurl POP3/SMTP/IMAP. The workaround is
simple: disable extra protocols so that they cannot be exploited. Full
details here:
http://curl.haxx.se/docs/adv_20130206.html
QEMU only cares about HTTP, HTTPS, FTP, FTPS, and TFTP. I have tested
that this fix prevents the exploit on my host with
libcurl-7.27.0-5.fc18.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Diffstat (limited to 'hw')
0 files changed, 0 insertions, 0 deletions