176674 2007-05-01 12:34 0000 app-emulation/qemu Several vulnerabilities (CVE-2007-{132[0-3]|1366} ) 2007-06-07 21:20:00 0000 1 1 1 Unclassified Gentoo Security Vulnerabilities unspecified All Linux RESOLVED FIXED http://archives.neohapsis.com/archives/fulldisclosure/2007-05/0001.html B3 [noglsa] jaervosz P2 normal --- 1 jaervosz@gentoo.org security@gentoo.org javier@miqueleiz.com lu_zero@gentoo.org jaervosz@gentoo.org 2007-05-01 12:34:46 0000 Debian Security Advisory DSA 1284-1 securitydebian.org http://www.debian.org/security/ Moritz Muehlenhoff May 1st, 2007 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : qemu Vulnerability : several Problem-Type : local Debian-specific: no CVE ID : CVE-2007-1320 CVE-2007-1321 CVE-2007-1322 CVE-2007-1323 CVE-2007-1366 Several vulnerabilities have been discovered in the QEMU processor emulator, which may lead to the execution of arbitrary code or denial of service. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-1320 Tavis Ormandy discovered that a memory management routine of the Cirrus video driver performs insufficient bounds checking, which might allow the execution of arbitrary code through a heap overflow. CVE-2007-1321 Tavis Ormandy discovered that the NE2000 network driver and the socket code perform insufficient input validation, which might allow the execution of arbitrary code through a heap overflow. CVE-2007-1322 Tavis Ormandy discovered that the "icebp" instruction can be abused to terminate the emulation, resulting in denial of service. CVE-2007-1323 Tavis Ormandy discovered that the NE2000 network driver and the socket code perform insufficient input validation, which might allow the execution of arbitrary code through a heap overflow. CVE-2007-1366 Tavis Ormandy discovered that the "aam" instruction can be abused to crash qemu through a division by zero, resulting in denial of service. For the oldstable distribution (sarge) these problems have been fixed in version 0.6.1+20050407-1sarge1. For the stable distribution (etch) these problems have been fixed in version 0.8.2-4etch1. For the unstable distribution (sid) these problems will be fixed soon. We recommend that you upgrade your qemu packages. jaervosz@gentoo.org 2007-05-04 05:49:19 0000 *** Bug 176955 has been marked as a duplicate of this bug. *** jaervosz@gentoo.org 2007-05-08 06:18:01 0000 lu_zero please advise and bump as necessary. lu_zero@gentoo.org 2007-05-08 08:17:27 0000 qemu-0.9 is in portage, I'd advise to use it since it has also major feature and performance improvements. jaervosz@gentoo.org 2007-05-08 09:47:01 0000 Thx Luca. Arches please test and mark stable. Target keywords are: qemu-0.9.0.ebuild:KEYWORDS="amd64 ppc x86" jokey@gentoo.org 2007-05-08 19:26:13 0000 Stable on x86 dertobi123@gentoo.org 2007-05-16 20:43:29 0000 @Luca: Can you handle the stabilization for ppc, please? lu_zero@gentoo.org 2007-05-16 21:35:25 0000 ppc done fauli@gentoo.org 2007-05-20 08:31:33 0000 amd64 stable, last arch jaervosz@gentoo.org 2007-05-20 10:25:45 0000 This one is ready for GLSA decision. I tend to vote NO. shellsage@gentoo.org 2007-05-20 15:34:41 0000 I vote no. py@gentoo.org 2007-05-31 09:27:10 0000 I tend to vote NO. falco@gentoo.org 2007-06-01 15:08:29 0000 i vote Yes (buffer overflows -> B2 or B1, i don't really understand why you have voted no) jaervosz@gentoo.org 2007-06-02 14:23:17 0000 I'm not familiar with qemu. If they use the NE2000 and the Cirrus by default for virtualization I would vote yes. I assumed that you needed the hardware... falco@gentoo.org 2007-06-07 21:20:00 0000 Closing with [noglsa] since most of votes are No. Feel free to reopen if you disagree.