Fix CVE-2017-10664: https://lists.gnu.org/archive/html/qemu-devel/2017-06/msg02693.html https://bugzilla.redhat.com/show_bug.cgi?id=1466190 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10664 https://security-tracker.debian.org/tracker/CVE-2017-10664 Patch copied from upstream source repository: https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commitdiff;h=041e32b8d9d076980b4e35317c0339e57ab888f1 diff --git a/qemu-nbd.c b/qemu-nbd.c index 9464a0461c..4dd3fd4732 100644 --- a/qemu-nbd.c +++ b/qemu-nbd.c @@ -581,6 +581,10 @@ int main(int argc, char **argv) sa_sigterm.sa_handler = termsig_handler; sigaction(SIGTERM, &sa_sigterm, NULL); +#ifdef CONFIG_POSIX + signal(SIGPIPE, SIG_IGN); +#endif + module_call_init(MODULE_INIT_TRACE); qcrypto_init(&error_fatal);