Summary: | <app-emulation/qemu-0.11.1 Denial of Service (CVE-2008-2382) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Bruno Buss <bruno.buss> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED OBSOLETE | ||
Severity: | minor | CC: | jesse, lu_zero |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.coresecurity.com/content/vnc-remote-dos | ||
Whiteboard: | B3 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 290643 |
Description
Bruno Buss
2008-12-23 13:31:52 UTC
Luca, I see there are lots of bugs open against qemu and there is a lot to do, so I don't want to put too much pressure on you. However, our latest stable qemu seems to be in a bad situation security-wise. Please see bug #290643. 0.12.1 was released on December 20th. Perhaps just bumping the version will ameliorate the security problem, and update Portage to track upstream's release. Cheers! "QEMU Changelog version 0.12.1: - loader: fix rom loading at address 0 (fixes target-arm) (Aurelien Jarno) - loader: fix rom_copy (fixes multiboot) (Kevin Wolf) version 0.12.0: - Update to SeaBIOS 0.5.0 - e1000: fix device link status in Linux (Anthony Liguori) - monitor: fix QMP for balloon command (Luiz Capitulino) - QMP: Return an empty dict by default (Luiz Capitulino) - QMP: Only handle converted commands (Luiz Capitulino) - pci: support PCI based option rom loading (Gerd Hoffman/Anthony Liguori) - Fix backcompat for hotplug of SCSI controllers (Daniel P. Berrange) - fdc: fix migration from 0.11 (Juan Quintela) - vmware-vga: fix segv on cursor resize. (Dave Airlie) - vmware-vga: various fixes (Dave Airlie/Anthony Liguori) - qdev: improve property error reporting. (Gerd Hoffmann) - fix vga names in default_list (Gerd Hoffmann) - usb-host: check mon before using it. (Gerd Hoffmann) - usb-net: use qdev for -usbdevice (Gerd Hoffmann) - monitor: Catch printing to non-existent monitor (Luiz Capitulino) - Avoid permanently disabled QEMU monitor when UNIX migration fails (Daniel P. Berrange) - Fix loading of ELF multiboot kernels (Kevin Wolf) - qemu-io: Fix memory leak (Kevin Wolf) - Fix thinko in linuxboot.S (Paolo Bonzini) - target-i386: Fix evaluation of DR7 register (Jan Kiszka) - vnc: hextile: do not generate ForegroundSpecified and SubrectsColoured tiles (Anthony Liguori) - S390: Bail out without KVM (Alexander Graf) - S390: Don't tell guest we're updating config space (Alexander Graf) - target-s390: Fail on unknown instructions (Alexander Graf) - osdep: Fix runtime failure on older Linux kernels (Andre Przywara) - Fix a make -j race (Juergen Lock) - target-alpha: Fix generic ctz64. (Richard Henderson) - s390: Fix buggy assignment (Stefan Weil) - target-mips: fix user-mode emulation startup (Nathan Froyd) - target-i386: Update CPUID feature set for TCG (Andre Przywara) - s390: fix build on 32 bit host (Michael S. Tsirkin) version 0.12.0-rc2: - v2: properly save kvm system time msr registers (Glauber Costa) - convert more monitor commands to qmp (Luiz Capitulino) - vnc: fix capslock tracking logic. (Gerd Hoffmann) - QemuOpts: allow larger option values. (Gerd Hoffmann) - scsi: fix drive hotplug. (Gerd Hoffmann) - pci: don't hw_error() when no slot is available. (Gerd Hoffmann) - pci: don't abort() when trying to hotplug with acpi off. (Gerd Hoffmann) - allow default devices to be implemented in config file (Gerd Hoffman) - vc: colorize chardev title line with blue background. (Gerd Hoffmann) - chardev: make chardevs specified in config file work. (Gerd Hoffmann) - qdev: also match bus name for global properties (Gerd Hoffmann) - qdev: add command line option to set global defaults for properties. (Gerd Hoffmann) - kvm: x86: Save/restore exception_index (Jan Kiszka) - qdev: Replace device names containing whitespace (Markus Armbruster) - fix rtc-td-hack on host without high-res timers (Gleb Natapov) - virtio: verify features on load (Michael S. Tsirkin) - vmware_vga: add rom file so that it boots. (Dave Airlie) - Do not abort on qemu_malloc(0) in production builds (Anthony Liguori) - Fix ARM userspace strex implementation. (Paul Brook) - qemu: delete rule target on error (Michael S. Tsirkin) - QMP: add human-readable description to error response (Markus Armbruster) - convert more monitor commands to QError (Markus Armbruster) - monitor: Fix double-prompt after "change vnc passwd BLA" (Markus Armbruster) - monitor: do_cont(): Don't ask for passwords (Luiz Capitulino) - monitor: Introduce 'block_passwd' command (Luiz Capitulino) - pci: interrupt disable bit support (Michael S. Tsirkin) - pci: interrupt status bit implementation (Michael S. Tsirkin) - pci: prepare irq code for interrupt state (Michael S. Tsirkin) - msix: function mask support (Michael S. Tsirkin) - msix: macro rename for function mask support (Michael S. Tsirkin) - cpuid: Fix multicore setup on Intel (Andre Przywara) - kvm: x86: Fix initial kvm_has_msr_star (Jan Kiszka) - Update OpenBIOS images to r640 (Aurelien Jarno)" GLSA vote: yes. GLSA Vote: yes, too. Added to existing request. @security, <app-emulation/qemu-0.11.1 is gone from tree some time ago, maybe this should be closed? |