Tavis Ormandy discovered two issues that affect bochs <= 2.3 The first issue is caused by a heap overflow error in the emulated NE2000 device that allows a large value in the TXCNT register to exceed the available memory, which could be exploited by an attacker with "root" privileges on a vulnerable guest system to execute arbitrary code on the host system. The second vulnerability is caused by a divide-by-zero in the emulated floppy disk controller, which could be exploited by malicious users to terminate the bochs process, creating a denial of service condition. http://www.frsirt.com/english/advisories/2007/1936
CC'ing maintainer and setting whiteboard status.
Debian seems to have fixed this with DSA 1351-1.
fedora also published a fix which links to the following already closed (in cvs) upstream bug report : http://sourceforge.net/tracker/?func=detail&atid=112580&aid=1729822&group_id=12580 fedora's CVS contains patches for both bugs that apply to 2.3 in : http://cvs.fedoraproject.org/viewcvs/devel/bochs/
Created attachment 129950 [details, diff] fix for CVE-2007-2893 from CVS reconstructed from CVS with information from fedora package. tested in bochs-2.3 for amd64
Created attachment 129952 [details, diff] fix for CVE-2007-2894 from CVS reconstructed from CVS with information from fedora package. tested in bochs-2.3 for amd64
lu_zero please advise.
bochs-2.3 doesn't build for me and I'm tempted to remove it since qemu covers the needs in a simpler and faster way. I'll try to come up either with a snapshot that builds or using the patches on the previous version.
spent more time on bochs-2.3 and eventually sorted my, seems to be, local issue. Ebuild committed as ~arch
Arches please stabilise app-emulation/bochs-2.3
lu_zero did ppc and x86 has been stabled by me
alpha stable
amd64 stable
Please file GLSA request
(In reply to comment #13) > Please file GLSA request > done.
GLSA 200711-21
