From ${URL} : A heap buffer overflow issue was found in the load_device_tree() function of QEMU, which is invoked to load device tree blob at boot time. It occurs due to device tree size manipulation before buffer allocation, which could overflow a signed int type. A user/process could use this flaw to potentially execute arbitrary code on a host system with privileges of the QEMU process. Upstream patch: --------------- -> https://git.qemu.org/?p=qemu.git;a=commitdiff;h=da885fe1ee8b4589047484bd7fa05a4905b52b17 'CVE-2018-20815' assigned via -> https://cveform.mitre.org/ @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6fec2a540ce3e7cbd378287ee2837aeba6406eaf commit 6fec2a540ce3e7cbd378287ee2837aeba6406eaf Author: Matthias Maier <tamiko@gentoo.org> AuthorDate: 2019-04-08 02:26:43 +0000 Commit: Matthias Maier <tamiko@gentoo.org> CommitDate: 2019-04-08 02:51:08 +0000 app-emulation/qemu: multiple security fixes for 3.1.0 CVE-2018-20815 CVE-2019-9824 Bug: https://bugs.gentoo.org/681850 Bug: https://bugs.gentoo.org/680834 Package-Manager: Portage-2.3.62, Repoman-2.3.12 Signed-off-by: Matthias Maier <tamiko@gentoo.org> app-emulation/qemu/Manifest | 1 + app-emulation/qemu/qemu-3.1.0-r4.ebuild | 6 ++---- 2 files changed, 3 insertions(+), 4 deletions(-)
Arches, please stabilize app-emulation/qemu-3.1.0-r4
amd64 stable
x86 stable
@maintainer, please clean vulnerable.
This issue was resolved and addressed in GLSA 201904-25 at https://security.gentoo.org/glsa/201904-25 by GLSA coordinator Aaron Bauman (b-man).
re-opened for cleanup