| Summary: | <app-emulation/qemu-2.4.1-r2: ide: divide by zero (CVE-2015-6855) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | minor | CC: | qemu+disabled |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://www.openwall.com/lists/oss-security/2015/09/10/1 | ||
| Whiteboard: | B3 [glsa cve] | ||
| Package list: | Runtime testing required: | --- | |
upstream commit: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=d9033e1d3aa666c5071580617a57bd853c5d794a qemu-2.4.0.1 in the tree should have the fixes for this and should be fine to mark stable http://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4703b062bb7d0c6ebdf91827a3396435e6dea74a stabilized in another bug. cleanup done by vapier Arches and Maintainer(s), Thank you for your work. Added to an existing GLSA Request. This issue was resolved and addressed in GLSA 201602-01 at https://security.gentoo.org/glsa/201602-01 by GLSA coordinator Kristian Fiskerstrand (K_F). |
From ${URL} : Qemu emulator built with the IDE disk and CD/DVD-ROM emulation support is vulnerable to a divide by zero issue. It could occur while executing an IDE command WIN_READ_NATIVE_MAX to determine the maximum size of a drive. A privileged user inside guest could use this flaw to crash the Qemu instance resulting in DoS. Upstream fix: ------------- -> https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg02479.html The fix disables undue IDE commands for CD-ROM drives. @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.