Summary: | <app-emulation/qemu-5.1.0: Denial of service by file descriptor exhaustion in shared virtio-fs directory (CVE-2020-10717) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | ajak, slyfox, tamiko, virtualization |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://www.openwall.com/lists/oss-security/2020/05/04/1 | ||
Whiteboard: | B3 [glsa+ cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 725634 | ||
Bug Blocks: |
Description
Sam James
2020-05-04 06:36:37 UTC
Landed upstream already: https://git.qemu.org/?p=qemu.git;a=commit;h=8c1d353d107b4fc344e27f2f08ea7fa25de2eea2 @maintainer(s), you may wish to apply other patches relating to virtiofsd too, committed before/after. Fix is in 5.1.0. qemu $ git tag --contains=8c1d353d107b4 v5.1.0 v5.1.0-rc0 v5.1.0-rc1 v5.1.0-rc2 v5.1.0-rc3 This issue was resolved and addressed in GLSA 202011-09 at https://security.gentoo.org/glsa/202011-09 by GLSA coordinator Sam James (sam_c). This issue was resolved and addressed in GLSA 202011-09 at https://security.gentoo.org/glsa/202011-09 by GLSA coordinator Sam James (sam_c). |