Summary: | <app-emulation/qemu-2.7.0: virtio: unbounded memory allocation on host via guest leading to DoS (CVE-2016-5403) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | qemu+disabled |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2016/07/27/4 | ||
Whiteboard: | B3 [glsa cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 592430 | ||
Bug Blocks: |
Description
Agostino Sarubbo
2016-07-28 15:29:34 UTC
Fixed in at least version 2.7.0. Stabilization of 2.7.0 in #592430 commit 671df1de7a8611d59307ffcd448af451c15003ed Author: Matthias Maier <tamiko@gentoo.org> Date: Sun Sep 4 23:25:32 2016 -0500 app-emulation/qemu: version bump to 2.7.0, various security fixes 3af9187fc6caaf415ab9c0c6d92c9678f65cb17f -> CVE-2016-4001, bug #579734 3a15cc0e1ee7168db0782133d2607a6bfa422d66 -> CVE-2016-4002, bug #579734 c98c6c105f66f05aa0b7c1d2a4a3f716450907ef -> CVE-2016-4439, bug #583496 6c1fef6b59563cc415f21e03f81539ed4b33ad90 -> CVE-2016-4441, bug #583496 06630554ccbdd25780aa03c3548aaff1eb56dffd -> , bug #583952 844864fbae66935951529408831c2f22367a57b6 -> CVE-2016-5337, bug #584094 b60bdd1f1ee1616b7a9aeeffb4088e1ce2710fb2 -> , bug #584102 1b85898025c4cd95dce673d15e67e60e98e91731 -> , bug #584146 521360267876d3b6518b328051a2e56bca55bef8 -> CVE-2016-4453, bug #584514 4e68a0ee17dad7b8d870df0081d4ab2e079016c2 -> CVE-2016-4454, bug #584514 a6b3167fa0e825aebb5a7cd8b437b6d41584a196 -> CVE-2016-5126, bug #584630 ff589551c8e8e9e95e211b9d8daafb4ed39f1aec -> CVE-2016-5338, bug #584918 d3cdc49138c30be1d3c2f83d18f85d9fdee95f1a -> CVE-2016-5238, bug #584918 1e7aed70144b4673fc26e73062064b6724795e5f -> , bug #589924 afd9096eb1882f23929f5b5c177898ed231bac66 -> CVE-2016-5403, bug #589928 eb700029c7836798046191d62d595363d92c84d4 -> CVE-2016-6835, bug #591244 ead315e43ea0c2ca3491209c6c8db8ce3f2bbe05 -> CVE-2016-6834, bug #591374 6c352ca9b4ee3e1e286ea9e8434bd8e69ac7d0d8 -> CVE-2016-6833, bug #591380 47882fa4975bf0b58dd74474329fdd7154e8f04c -> CVE-2016-6888, bug #591678 805b5d98c649d26fc44d2d7755a97f18e62b438a 56f101ecce0eafd09e2daf1c4eeb1377d6959261 fff39a7ad09da07ef490de05c92c91f22f8002f2 -> , bug #592430 Package-Manager: portage-2.2.28 Added to an existing GLSA Request. This issue was resolved and addressed in GLSA 201609-01 at https://security.gentoo.org/glsa/201609-01 by GLSA coordinator Yury German (BlueKnight). |