Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 567828 (CVE-2015-8504)

Summary: <app-emulation/qemu-2.4.1-r2: ui: vnc: avoid floating point exception (CVE-2015-8504)
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Severity: minor CC: qemu+disabled
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B3 [glsa cve]
Package list:
Runtime testing required: ---

Description Agostino Sarubbo gentoo-dev 2015-12-09 10:54:18 UTC
From ${URL} :

Qemu emulator built with the VNC display driver support is vulnerable to an 
arithmetic exception flaw. It occurs on the VNC server side while processing 
the 'SetPixleFormat' messages from a client.

A privileged remote client could use this flaw to crash the guest resulting in 

Upstream patch:

@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 SpanKY gentoo-dev 2015-12-15 05:55:28 UTC
fixed with 2.4.1-r2.  fine for stable.
Comment 2 Agostino Sarubbo gentoo-dev 2015-12-16 08:52:03 UTC
amd64/x86 stable
Maintainer please cleanup
Comment 3 Agostino Sarubbo gentoo-dev 2015-12-18 17:07:05 UTC
cleanup done by vapier
Comment 4 Yury German Gentoo Infrastructure gentoo-dev 2015-12-21 18:11:40 UTC
Arches and Maintainer(s), Thank you for your work.

Added to an existing GLSA Request.
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2016-02-04 09:34:29 UTC
This issue was resolved and addressed in
 GLSA 201602-01 at
by GLSA coordinator Kristian Fiskerstrand (K_F).