| Summary: | <app-emulation/qemu-2.4.0-r1: ui: vnc: heap memory corruption issue (CVE-2015-5225) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | qemu+disabled |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://www.openwall.com/lists/oss-security/2015/08/21/6 | ||
| Whiteboard: | B2 [glsa cve] | ||
| Package list: | Runtime testing required: | --- | |
added fix from upstream: http://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fec667228a95981586716b7d25004c4d706943e2 should be fine to stabilize (in addition to qemu-guest-agent) Arches, please test and mark stable: =app-emulation/qemu-2.4.0-r1 =app-emulation/qemu-guest-agent-2.4.0 =sys-firmware/seabios-1.8.2 Target keywords : "amd64 x86" amd64 stable x86 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one. CVE-2015-5225 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5225): Buffer overflow in the vnc_refresh_server_surface function in the VNC display driver in QEMU before 2.4.0.1 allows guest users to cause a denial of service (heap memory corruption and process crash) or possibly execute arbitrary code on the host via unspecified vectors, related to refreshing the server display surface. New request filed cleanup done by vapier This issue was resolved and addressed in GLSA 201602-01 at https://security.gentoo.org/glsa/201602-01 by GLSA coordinator Kristian Fiskerstrand (K_F). |
From ${URL} : Qemu emulator built with the VNC display driver support is vulnerable to a buffer overflow flaw leading to a heap memory corruption issue. It could occur while refreshing the server display surface via routine vnc_refresh_server_surface(). A privileged guest user could use this flaw to corrupt the heap memory and crash the Qemu process instance OR potentially use it to execute arbitrary code on the host. Upstream fix: - ------------- -> https://lists.gnu.org/archive/html/qemu-devel/2015-08/msg02495.html Issue introduced by: - -------------------- -> http://git.qemu.org/?p=qemu.git;a=commit;h=bea60dd7679364493a0d7f5b @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.