Summary: | <app-emulation/qemu-2.4.0-r1: ui: vnc: heap memory corruption issue (CVE-2015-5225) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | qemu+disabled |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2015/08/21/6 | ||
Whiteboard: | B2 [glsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
![]() added fix from upstream: http://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fec667228a95981586716b7d25004c4d706943e2 should be fine to stabilize (in addition to qemu-guest-agent) Arches, please test and mark stable: =app-emulation/qemu-2.4.0-r1 =app-emulation/qemu-guest-agent-2.4.0 =sys-firmware/seabios-1.8.2 Target keywords : "amd64 x86" amd64 stable x86 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one. CVE-2015-5225 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5225): Buffer overflow in the vnc_refresh_server_surface function in the VNC display driver in QEMU before 2.4.0.1 allows guest users to cause a denial of service (heap memory corruption and process crash) or possibly execute arbitrary code on the host via unspecified vectors, related to refreshing the server display surface. New request filed cleanup done by vapier This issue was resolved and addressed in GLSA 201602-01 at https://security.gentoo.org/glsa/201602-01 by GLSA coordinator Kristian Fiskerstrand (K_F). |