557206 – (CVE-2015-5745) <app-emulation/qemu-2.3.0-r6: buffer overflow in virtio-serial (CVE-2015-5745)

Bug 557206 (CVE-2015-5745) - <app-emulation/qemu-2.3.0-r6: buffer overflow in virtio-serial (CVE-2015-5745)

Summary: <app-emulation/qemu-2.3.0-r6: buffer overflow in virtio-serial (CVE-2015-5745)

Status:	RESOLVED FIXED

Alias:	CVE-2015-5745

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor
Assignee:	Gentoo Security

URL:	https://lists.gnu.org/archive/html/qe...
Whiteboard:	B3 [glsa cve]
Keywords:

Depends on:
Blocks:

Reported:	2015-08-10 10:28 UTC by Agostino Sarubbo
Modified:	2016-02-04 09:33 UTC (History)
CC List:	1 user (show)

See Also:	https://bugzilla.redhat.com/show_bug.cgi?id=1251157
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Agostino Sarubbo gentoo-dev

2015-08-10 10:28:27 UTC

From ${URL} :

It was reported that Qemu emulator built with the virtio-serial vmchannel support is vulnerable to a buffer overflow issue. It could occur while exchanging virtio control messages between guest & the host.

A malicious guest could use this flaw to corrupt few bytes of Qemu memory area, potentially crashing the Qemu process.

Upstream fix: https://lists.gnu.org/archive/html/qemu-devel/2015-07/msg05458.html


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.

Comment 1 SpanKY gentoo-dev

2015-08-10 11:06:23 UTC

http://gitweb.gentoo.org/repo/gentoo.git/commit/?id=03aa7f1902aba68926f08b4e85f95ee9f474910a

Comment 2 Mikle Kolyada (RETIRED) archtester

2015-08-10 11:12:53 UTC

(In reply to SpanKY from comment #1)
> http://gitweb.gentoo.org/repo/gentoo.git/commit/
> ?id=03aa7f1902aba68926f08b4e85f95ee9f474910a

Should we wait before go stable? Or can we stabilize that?

Comment 3 SpanKY gentoo-dev

2015-08-10 15:08:31 UTC

stable is fine

Comment 4 Agostino Sarubbo gentoo-dev

2015-12-18 17:12:58 UTC

stabilized in another bug.

cleanup done by vapier

Comment 5 Yury German Gentoo Infrastructure

2015-12-25 00:23:57 UTC

Arches and Maintainer(s), Thank you for your work.

Added to an existing GLSA Request.

Comment 6 GLSAMaker/CVETool Bot gentoo-dev

2016-02-04 09:33:30 UTC

This issue was resolved and addressed in
 GLSA 201602-01 at https://security.gentoo.org/glsa/201602-01
by GLSA coordinator Kristian Fiskerstrand (K_F).