Skip to content
Snippets Groups Projects
Commit fb6d1bbd authored by Stefan Hajnoczi's avatar Stefan Hajnoczi Committed by Anthony Liguori
Browse files

block/curl: disable extra protocols to prevent CVE-2013-0249 

There is a buffer overflow in libcurl POP3/SMTP/IMAP.  The workaround is
simple: disable extra protocols so that they cannot be exploited.  Full
details here:

  http://curl.haxx.se/docs/adv_20130206.html



QEMU only cares about HTTP, HTTPS, FTP, FTPS, and TFTP.  I have tested
that this fix prevents the exploit on my host with
libcurl-7.27.0-5.fc18.

Signed-off-by: default avatarStefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: default avatarAnthony Liguori <aliguori@us.ibm.com>
parent 0eb256a2
No related branches found
No related tags found
Hide whitespace changes
Inline Side-by-side
Showing
with 11 additions and 0 deletions
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment