Summary: | <app-emulation/qemu-2.0.0: out of bounds buffer accesses, guest triggerable via IDE SMART (CVE-2014-2894) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | cardoe, qemu+disabled |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1087971 | ||
Whiteboard: | B3 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 507796 | ||
Bug Blocks: |
Description
Agostino Sarubbo
2014-04-16 07:45:54 UTC
Upstream commit: http://git.qemu.org/?p=qemu.git;a=commit;h=940973ae0b45c9b6817bab8e4cf4df99a9ef83d7 ok, but that's in qemu-2.0.0 already There was a comment on the mailing list about earlier stable branches:
> Should also be fixed in the stable branch of earlier releases. The bug
> is present since SMART emulation was added in 2009.
Can the Maintainers confirm if this is vulnerable in previous versions?
This issue was resolved and addressed in GLSA 201408-17 at http://security.gentoo.org/glsa/glsa-201408-17.xml by GLSA coordinator Kristian Fiskerstrand (K_F). |