From https://bugzilla.redhat.com/show_bug.cgi?id=1097216: Qemu block driver for the QCOW version 1 image format is vulnerable to an integer overflow flaw. It occurs due to weak input validations or logic errors. Such integer overflow could lead to buffer overflows, memory corruption or crash in Qemu instance. An user able to alter the Qemu disk image files loaded by a guest could use this flaw to crash the Qemu instance resulting in DoS or corrupt QEMU process memory on the host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process. Upstream fix: ------------- -> https://lists.gnu.org/archive/html/qemu-devel/2014-05/msg02155.html From https://bugzilla.redhat.com/show_bug.cgi?id=1097222: Qemu block driver for the QCOW version 1 image format is vulnerable to an integer overflow flaw. It occurs due to weak input validations or logic errors. Such integer overflow could lead to buffer overflows, memory corruption or crash in Qemu instance. An user able to alter the Qemu disk image files loaded by a guest could use this flaw to crash the Qemu instance resulting in DoS or corrupt QEMU process memory on the host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process. Upstream fix: ------------- -> https://lists.gnu.org/archive/html/qemu-devel/2014-05/msg02156.html @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
upstream has merged the fixes now for CVE-2014-0222 & CVE-2014-0223 http://git.qemu.org/?p=qemu.git;a=commitdiff;h=46485de0cb357b57373e1ca895adedf1f3ed46ec http://git.qemu.org/?p=qemu.git;a=commitdiff;h=42eb58179b3b215bb507da3262b682b8a2ec10b5
qemu-2.0.0-r1 has the fixes
(In reply to SpanKY from comment #2) > qemu-2.0.0-r1 has the fixes Please let us know if you are ready for stabilization?
security, please add it to the current glsa draft.
Added to existing GLSA draft
This issue was resolved and addressed in GLSA 201408-17 at http://security.gentoo.org/glsa/glsa-201408-17.xml by GLSA coordinator Kristian Fiskerstrand (K_F).