From ${URL} : Quick Emulator(Qemu) built with the Cirrus CLGD 54xx VGA Emulator and the VNC display driver support is vulnerable to a heap buffer overflow issue. It could occur when Vnc client attempts to update its display after a vga operation is performed by a guest. A privileged user/process inside guest could use this flaw to crash the Qemu process resulting in DoS OR potentially leverage it to execute arbitrary code on the host with privileges of the Qemu process. Reference: ---------- -> http://www.openwall.com/lists/oss-security/2017/03/14/2 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
this is an old bug, but from the search I made I didn't see it filed apart bug 615268 for xen. Excuse me if it was already filed/resolved.
This is upstream commit 63fdb09491325e22e6a9d68b0f4375a5126dd261 Author: Gerd Hoffmann <kraxel@redhat.com> Date: Tue Mar 14 13:26:59 2017 +0100 cirrus/vnc: zap bitblit support from console code. applied to qemu-2.8.1 (and later) Vulnerable versions in tree <=app-emulation/qemu-2.8.0-r10.
This issue was resolved and addressed in GLSA 201706-03 at https://security.gentoo.org/glsa/201706-03 by GLSA coordinator Yury German (BlueKnight).