Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 527088 (CVE-2014-7815)

Summary: <app-emulation/qemu-2.1.2-r1: vnc: insufficient bits_per_pixel from the client sanitization (CVE-2014-7815)
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: cardoe, qemu+disabled
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://bugzilla.redhat.com/show_bug.cgi?id=1157641
Whiteboard: B3 [glsa]
Package list:
Runtime testing required: ---

Description Agostino Sarubbo gentoo-dev 2014-10-27 14:41:19 UTC
From ${URL} :

bits_per_pixel that are less than 8 could result in accessing
non-initialized buffers later in the code due to the expectation
that bytes_per_pixel value that is used to initialize these buffers is
never zero.

An attacker having access to the guest's VNC console could use this
flaw to crash the guest.

Upstream patch submission:

http://lists.gnu.org/archive/html/qemu-devel/2014-10/msg03210.html


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 2 Agostino Sarubbo gentoo-dev 2014-11-08 17:52:46 UTC
ppc and ppc64 does not have a stable keyword.
Comment 3 Agostino Sarubbo gentoo-dev 2014-11-08 18:09:02 UTC
amd64 stable
Comment 4 Agostino Sarubbo gentoo-dev 2014-11-08 18:10:27 UTC
x86 stable.

Maintainer(s), please cleanup.
Security, please vote.
Comment 5 Agostino Sarubbo gentoo-dev 2014-11-08 18:12:19 UTC
cleanup done.
Comment 6 Kristian Fiskerstrand gentoo-dev Security 2014-11-18 11:57:52 UTC
Added to existing GLSA request
Comment 7 GLSAMaker/CVETool Bot gentoo-dev 2014-11-18 11:59:36 UTC
CVE-2014-7815 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7815):
  The set_pixel_format function in ui/vnc.c in QEMU allows remote attackers to
  cause a denial of service (crash) via a small bytes_per_pixel value.
Comment 8 GLSAMaker/CVETool Bot gentoo-dev 2014-12-08 22:48:58 UTC
This issue was resolved and addressed in
 GLSA 201412-01 at http://security.gentoo.org/glsa/glsa-201412-01.xml
by GLSA coordinator Kristian Fiskerstrand (K_F).