Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 558416 (CVE-2015-5225)

Summary: <app-emulation/qemu-2.4.0-r1: ui: vnc: heap memory corruption issue (CVE-2015-5225)
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Severity: normal CC: qemu+disabled
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B2 [glsa cve]
Package list:
Runtime testing required: ---

Description Agostino Sarubbo gentoo-dev 2015-08-22 12:10:41 UTC
From ${URL} :

Qemu emulator built with the VNC display driver support is vulnerable to a 
buffer overflow flaw leading to a heap memory corruption issue. It could occur 
while refreshing the server display surface via routine 

A privileged guest user could use this flaw to corrupt the heap memory and 
crash the Qemu process instance OR potentially use it to execute arbitrary 
code on the host.

Upstream fix:
- -------------

Issue introduced by:
- --------------------

@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 SpanKY gentoo-dev 2015-09-07 05:50:55 UTC
added fix from upstream:

should be fine to stabilize (in addition to qemu-guest-agent)
Comment 2 Agostino Sarubbo gentoo-dev 2015-09-07 07:45:37 UTC
Arches, please test and mark stable:
Target keywords : "amd64 x86"
Comment 3 Agostino Sarubbo gentoo-dev 2015-09-08 07:19:52 UTC
amd64 stable
Comment 4 Agostino Sarubbo gentoo-dev 2015-09-08 07:21:04 UTC
x86 stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2015-11-16 21:30:20 UTC
CVE-2015-5225 (
  Buffer overflow in the vnc_refresh_server_surface function in the VNC
  display driver in QEMU before allows guest users to cause a denial
  of service (heap memory corruption and process crash) or possibly execute
  arbitrary code on the host via unspecified vectors, related to refreshing
  the server display surface.
Comment 6 Kristian Fiskerstrand (RETIRED) gentoo-dev 2015-11-16 21:31:06 UTC
New request filed
Comment 7 Agostino Sarubbo gentoo-dev 2015-12-18 17:10:50 UTC
cleanup done by vapier
Comment 8 GLSAMaker/CVETool Bot gentoo-dev 2016-02-04 09:33:37 UTC
This issue was resolved and addressed in
 GLSA 201602-01 at
by GLSA coordinator Kristian Fiskerstrand (K_F).