From ${URL} : Quick Emulator(QEMU) built with the PC System Emulator with multiboot feature support is vulnerable to an OOB r/w memory access issue. It could occur while loading a kernel image during a guest boot if muliboot head addresses mh_load_end_addr was greater than mh_bss_end_addr. A user/process could use this flaw to potentially achieve arbitrary code execution on a host. Upstream patch: --------------- -> https://lists.gnu.org/archive/html/qemu-devel/2018-02/msg06890.html @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=927222f7ee40d2289d759ea2bceee1cc68d81a32 commit 927222f7ee40d2289d759ea2bceee1cc68d81a32 Author: Matthias Maier <tamiko@gentoo.org> AuthorDate: 2018-03-18 19:33:04 +0000 Commit: Matthias Maier <tamiko@gentoo.org> CommitDate: 2018-03-18 20:01:50 +0000 app-emulation/qemu: 2.11.1: apply security patches * disable capstone * apply patch for CVE-2018-7550 Bug: https://bugs.gentoo.org/647570 Bug: https://bugs.gentoo.org/649616 Package-Manager: Portage-2.3.24, Repoman-2.3.6 app-emulation/qemu/qemu-2.11.1-r1.ebuild | 805 +++++++++++++++++++++++++++++++ 1 file changed, 805 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=46d903c2665d2910a22d78656c5f7bafdf702135 commit 46d903c2665d2910a22d78656c5f7bafdf702135 Author: Matthias Maier <tamiko@gentoo.org> AuthorDate: 2018-03-18 19:08:44 +0000 Commit: Matthias Maier <tamiko@gentoo.org> CommitDate: 2018-03-18 20:01:49 +0000 app-emulation/qemu: 2.11.1: New binary blob pinning, CVE patches, maintenance * new binary blobs pinning =sys-firmware/edk2-ovmf-2017_p20180211 =sys-firmware/ipxe-1.0.0_p20180211 =sys-firmware/seabios-1.11.0 =sys-firmware/sgabios-0.1_pre8-r1 =sys-firmware/vgabios-0.7a-r1 keyword ebuild * fix include path for capstone, bug 647570 * add USE=capstone support, bug 647570 * apply patch for CVE-2018-7550 Closes: https://bugs.gentoo.org/647570 Bug: https://bugs.gentoo.org/649616 Package-Manager: Portage-2.3.24, Repoman-2.3.6 app-emulation/qemu/Manifest | 1 + .../qemu/files/qemu-2.11.1-capstone_include_path.patch | 11 +++++++++++ app-emulation/qemu/metadata.xml | 1 + .../qemu/{qemu-2.11.1-r50.ebuild => qemu-2.11.1-r51.ebuild} | 13 ++++++------- 4 files changed, 19 insertions(+), 7 deletions(-)}
Patch added to 2.11.1-r1. Arches, please stabilize.
amd64 stable
x86 stable
New GLSA Request filed.
This issue was resolved and addressed in GLSA 201804-08 at https://security.gentoo.org/glsa/201804-08 by GLSA coordinator Aaron Bauman (b-man).
