From ${URL} : Description A vulnerability has been reported in Qemu, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. The vulnerability is caused due to an integer overflow error in the "virtio_net_handle_mac()" function (hw/net/virtio-net.c), which can be exploited to cause a heap-based buffer overflow. Successful exploitation may allow execution of arbitrary code. The vulnerability is reported in versions 0.6 through 1.7.1. Solution: Fixed in the source code repository. Further details available to Secunia VIM customers Provided and/or discovered by: Michael S. Tsirkin, Red Hat via the gmane.comp.emulators.qemu newsgroup. Original Advisory: Michael S. Tsirkin: http://thread.gmane.org/gmane.comp.emulators.qemu/266713 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
I've verified that this is fixed in app-emulation/qemu-2.0.0.
Qemu-Guys: is qemu-2.0.0 ready for stabilization?
let's give it ~30 days and stabilize it
ok, let's start stabilizing qemu-2.0.0
CVE-2014-0150 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0150): Integer overflow in the virtio_net_handle_mac function in hw/net/virtio-net.c in QEMU 2.0 and earlier allows local guest users to execute arbitrary code via a MAC addresses table update request, which triggers a heap-based buffer overflow.
amd64 stable
x86 stable
ppc and ppc64 has no stable keyword. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one.
Arches, Thank you for your work Maintainer(s), please drop the vulnerable version. New GLSA Request filed.
cleanup done
This issue was resolved and addressed in GLSA 201408-17 at http://security.gentoo.org/glsa/glsa-201408-17.xml by GLSA coordinator Kristian Fiskerstrand (K_F).