| Summary: | <app-emulation/qemu-2.1.2-r1: slirp: NULL pointer deref in sosendto() (CVE-2014-3640) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | minor | CC: | cardoe, qemu+disabled, sven.koehler |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://git.qemu.org/?p=qemu.git;a=commitdiff;h=01f7cecf0037997cb0e58ec0d56bf9b5a6f7cb2a | ||
| See Also: | https://bugzilla.redhat.com/show_bug.cgi?id=1144818 | ||
| Whiteboard: | B3 [glsa] | ||
| Package list: | Runtime testing required: | --- | |
Setting Whiteboard back to ebuild, as 2.1.2 not in tree. Commit message: Version bump http://sources.gentoo.org/app-emulation/qemu/qemu-2.1.2.ebuild?rev=1.1 Added to existing GLSA draft This issue was resolved and addressed in GLSA 201412-01 at http://security.gentoo.org/glsa/glsa-201412-01.xml by GLSA coordinator Kristian Fiskerstrand (K_F). |
From ${URL} : When guest sends udp packet with source port and source addr 0, uninitialized socket is picked up when looking for matching and already created udp sockets, and later passed to sosendto() where NULL pointer dereference is hit during so->slirp->vnetwork_mask.s_addr access. Only guests using qemu user networking are affected. Upstream patch submission: http://lists.nongnu.org/archive/html/qemu-devel/2014-09/msg03543.html @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.