Summary: | <app-emulation/qemu-{2.2.1-r2,2.3.0-r1}: VENOM: Privilege escalation via emulated floppy disk drive (XSA-133) (CVE-2015-3456) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Robin Johnson <robbat2> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | alexander, floppym, gentoo, luke, qemu+disabled, toto |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: | https://bugs.gentoo.org/show_bug.cgi?id=549200 | ||
Whiteboard: | B1 [glsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
Robin Johnson
2015-05-13 18:58:24 UTC
Cardoe: as maintainer, can you please decide which of the ebuilds you want to go stable, and call for arches as needed for that. *** Bug 549402 has been marked as a duplicate of this bug. *** vapier seems to be making most of the commits recently as a maintainer of the qemu herd. I'd go for 2.2.1-r2 vapier: which versions do you want to go stable? My vote is 2.1.3-r1 AND 2.2.1-r2 (In reply to Robin Johnson from comment #5) just 2.2.1-r2. the 2.1.x series is going away bug 544328 already. + 14 May 2015; Agostino Sarubbo <ago@gentoo.org> + -files/qemu-2.1.1-readlink-self.patch, + -files/qemu-2.1.2-vnc-sanitize-bits.patch, -qemu-2.1.2-r2.ebuild, + -qemu-2.1.3-r1.ebuild, -qemu-2.1.3.ebuild, -qemu-2.2.0.ebuild, + -qemu-2.2.1-r1.ebuild, -qemu-2.2.1.ebuild, -qemu-2.3.0.ebuild, + qemu-2.2.1-r2.ebuild: + Stable for amd64/x86 - remove old. Security please file the glsa request. CVE-2015-3456 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3456): The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM. Arches and Maintainer(s), Thank you for your work. Added to an existing GLSA Request. This issue was resolved and addressed in GLSA 201602-01 at https://security.gentoo.org/glsa/201602-01 by GLSA coordinator Kristian Fiskerstrand (K_F). |