Summary: | <app-emulation/qemu-2.8.0-r1: virtio: integer overflow in handling virtio-crypto requests | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | qemu+disabled |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2017/02/07/8 | ||
Whiteboard: | B2 [glsa cve] | ||
Package list: |
app-emulation/qemu-2.8.0-r1
|
Runtime testing required: | --- |
Bug Depends on: | |||
Bug Blocks: | 606264, 606720, 606722, 607000, 607100, 607766, 608034, 608036, 608038, 608520 |
Description
Agostino Sarubbo
2017-02-09 11:00:35 UTC
Stabilization on this bug. Arches, please test and mark stable =app-emulation/qemu-2.8.0-r1 Target-keywords: "amd64 x86" commit 69f166f734e87c4d5b025e9f2bbfcfba3d7cddcb Author: Matthias Maier <tamiko@gentoo.org> Date: Sun Feb 12 22:50:18 2017 -0600 app-emulation/qemu: fix various security issues, bug #608728 and others This commit applies upstream patches to 2.8.0 for the following CVEs CVE-2016-10155 #606720 CVE-2017-2615 #608034 CVE-2017-5525 #606264 CVE-2017-5552 #606722 CVE-2017-5578 #607000 CVE-2017-5579 #607100 CVE-2017-5667 #607766 CVE-2017-5856 #608036 CVE-2017-5857 #608038 CVE-2017-5898 #608520 CVE-2017-5931 #608728 Package-Manager: Portage-2.3.3, Repoman-2.3.1 amd64 stable x86 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one. commit 639357e1a6012e2f609a6e5956f59addb86fcf53 Author: Matthias Maier <tamiko@gentoo.org> Date: Tue Feb 14 10:45:26 2017 -0600 app-emulation/qemu: remove vulnerable, bug #608728 Package-Manager: Portage-2.3.3, Repoman-2.3.1 New GLSA request filed. This issue was resolved and addressed in GLSA 201702-28 at https://security.gentoo.org/glsa/201702-28 by GLSA coordinator Thomas Deutschmann (whissi). |