| Summary: | <app-emulation/qemu-2.1.2-r2: vmware_vga: insufficient parameter validation in rectangle functions (CVE-2014-3689) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | minor | CC: | cardoe, qemu+disabled |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://git.qemu.org/?p=qemu.git;a=commit;h=83afa38eb20ca27e30683edc7729880e091387fc | ||
| See Also: | https://bugzilla.redhat.com/show_bug.cgi?id=1153038 | ||
| Whiteboard: | B3 [glsa] | ||
| Package list: | Runtime testing required: | --- | |
there's a few CLs that went in ... not sure how many matter here. then again, qemu-2.2.0 is in the pipeline (already have rc's out), so would be easier to wait for that. i don't think this is a critical bug as i'm not sure the vmware vga driver is commonly used. *qemu-2.1.2-r2 (14 Dec 2014) 14 Dec 2014; Matthias Maier <tamiko@gentoo.org> +qemu-2.1.2-r2.ebuild: backport fixes for bugs #530498, #531666 (CVE-2014-8106), #529030 (CVE-2014-7840), #528922 (528922) *qemu-2.2.0 (14 Dec 2014) 14 Dec 2014; Matthias Maier <tamiko@gentoo.org> +qemu-2.2.0.ebuild, metadata.xml: version bump; cleanup whitespace in metadata.xml Vulnerable version left in tree: 2.1.2-r1 Unaffected: 2.1.2-r2, 2.2.0 Stabilization for 2.1.2-r2 on bug #531666 Security, please vote. Kristian Fiskerstrand gentoo-dev Security 2014-12-21 10:53:53 EST - in Bug 53166 GLSA Vote: Yes along with bug 528922 and bug 529030 Maintainer(s), Thank you for cleanup! GLSA Vote: Yes Added to an existing GLSA request. This issue was resolved and addressed in GLSA 201412-37 at http://security.gentoo.org/glsa/glsa-201412-37.xml by GLSA coordinator Yury German (BlueKnight). This issue was resolved and addressed in GLSA 201412-37 at http://security.gentoo.org/glsa/glsa-201412-37.xml by GLSA coordinator Yury German (BlueKnight). |
From ${URL} : A flaw was found in the way guest provided parameter validation was performed in vmware-vga driver in rectangle handling functionality. A privileged guest user could use this flaw to write into qemu address space on the host, pontentially escalating their privileges to that of qemu host process. Proposed upstream fix: https://www.mail-archive.com/qemu-devel@nongnu.org/msg261580.html @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.