Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 615874 - <app-emulation/qemu-2.8.1-r2: cirrus: heap buffer overflow via inc connection (CVE-2016-9603)
Summary: <app-emulation/qemu-2.8.1-r2: cirrus: heap buffer overflow via inc connection...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://bugzilla.redhat.com/show_bug....
Whiteboard: B2 [glsa cve]
Keywords:
Depends on: CVE-2017-8086
Blocks:
  Show dependency tree
 
Reported: 2017-04-17 16:59 UTC by Agostino Sarubbo
Modified: 2017-06-06 06:48 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2017-04-17 16:59:10 UTC
From ${URL} :

Quick Emulator(Qemu) built with the Cirrus CLGD 54xx VGA Emulator and the
VNC display driver support is vulnerable to a heap buffer overflow issue.
It could occur when Vnc client attempts to update its display after a vga
operation is performed by a guest.

A privileged user/process inside guest could use this flaw to crash the Qemu
process resulting in DoS  OR  potentially leverage it to execute arbitrary code
on the host with privileges of the Qemu process.

Reference:
----------
  -> http://www.openwall.com/lists/oss-security/2017/03/14/2


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Agostino Sarubbo gentoo-dev 2017-04-17 17:00:27 UTC
this is an old bug, but from the search I made I didn't see it filed apart bug 615268 for xen.
Excuse me if it was already filed/resolved.
Comment 2 Matthias Maier gentoo-dev 2017-04-17 17:28:36 UTC
This is upstream

  commit 63fdb09491325e22e6a9d68b0f4375a5126dd261
  Author: Gerd Hoffmann <kraxel@redhat.com>
  Date:   Tue Mar 14 13:26:59 2017 +0100

      cirrus/vnc: zap bitblit support from console code.

applied to qemu-2.8.1 (and later)

Vulnerable versions in tree <=app-emulation/qemu-2.8.0-r10.
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2017-06-06 06:48:56 UTC
This issue was resolved and addressed in
 GLSA 201706-03 at https://security.gentoo.org/glsa/201706-03
by GLSA coordinator Yury German (BlueKnight).