From ${URL} : Qemu emulator built with the Luminary Micro Stellaris Ethernet Controller is vulnerable to a buffer overflow issue. It could occur while receiving network packets in stellaris_enet_receive(), if the guest NIC is configured to accept large(MTU) packets. A remote user/process could use this flaw to crash the Qemu process on a host, resulting in DoS. Upstream patch: --------------- -> https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg01334.html @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
included fix in qemu-2.5.1. should be fine for stable.
qemu-2.5.1 is stable.
This is CVE-2016-4001 which is simultaneously handled in bug #579734 as well. Upstream patch: 3a15cc0e1ee7168db0782133d2607a6bfa422d66 -> CVE-2016-4001, bug #579734 *** This bug has been marked as a duplicate of bug 579734 ***