From ${URL} : Quick Emulator(Qemu) built with the I/O channels websockets support is vulnerable to a memory leakage issue. It could occur while sending screen updates to a client, which is slow to read and process them further. A privileged guest user could use this flaw to cause a DoS on the host and/or potentially crash the Qemu process instance on the host. Upstream patch: --------------- -> https://lists.gnu.org/archive/html/qemu-devel/2017-10/msg02278.html Reference: ---------- -> https://bugzilla.redhat.com/show_bug.cgi?id=1496879 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=23224f9e55bfc2ec41c8a8906a44e60791de07b5 commit 23224f9e55bfc2ec41c8a8906a44e60791de07b5 Author: Matthias Maier <tamiko@gentoo.org> AuthorDate: 2017-11-12 20:10:34 +0000 Commit: Matthias Maier <tamiko@gentoo.org> CommitDate: 2017-11-12 20:22:03 +0000 app-emulation/qemu: Version bump to 2.10.1, various security fixes Bug: https://bugs.gentoo.org/630432 Bug: https://bugs.gentoo.org/633822 Bug: https://bugs.gentoo.org/634070 Bug: https://bugs.gentoo.org/634148 Package-Manager: Portage-2.3.8, Repoman-2.3.4 app-emulation/qemu/Manifest | 1 + .../qemu/files/qemu-2.10.0-CVE-2017-13711.patch | 80 --- .../qemu/files/qemu-2.10.1-CVE-2017-15268.patch | 54 ++ .../qemu/files/qemu-2.10.1-CVE-2017-15289.patch | 58 ++ app-emulation/qemu/qemu-2.10.1.ebuild | 796 +++++++++++++++++++++ 5 files changed, 909 insertions(+), 80 deletions(-)}