Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 253641 (CVE-2008-4539)

Summary: app-emulation/kvm<82 and app-emulation/qemu<svn20081101-1 Heap-based buffer overflow in Cirrus VGA (CVE-2008-4539)
Product: Gentoo Security Reporter: Stefan Behte (RETIRED) <craig>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: cardoe, dang, lu_zero
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://git.kernel.dk/?p=qemu.git;a=commitdiff;h=65d35a09979e63541afc5bfc595b9f1b1b4ae069
Whiteboard: ~3 [noglsa]
Package list:
Runtime testing required: ---

Description Stefan Behte (RETIRED) gentoo-dev Security 2009-01-04 01:44:44 UTC 
CVE-2008-4539 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4539):
  Heap-based buffer overflow in the Cirrus VGA implementation in (1)
  KVM before kvm-82 and (2) QEMU on Debian GNU/Linux and Ubuntu might
  allow local users to gain privileges by using the VNC console for a
  connection, aka the LGD-54XX "bitblt" heap overflow.  NOTE: this
  issue exists because of an incorrect fix for CVE-2007-1320.
Comment 1 Daniel Gryniewicz (RETIRED) gentoo-dev 2009-01-05 01:32:34 UTC 
82 is added.  This supposedly also fixes CVE-2007-5729 and CVE-2008-2382.
Comment 2 Stefan Behte (RETIRED) gentoo-dev Security 2009-01-05 02:21:50 UTC 
Thanks!
Changing whiteboard to noglsa as it's not a stable package.