Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 253641 (CVE-2008-4539) - app-emulation/kvm<82 and app-emulation/qemu<svn20081101-1 Heap-based buffer overflow in Cirrus VGA (CVE-2008-4539)
Summary: app-emulation/kvm<82 and app-emulation/qemu<svn20081101-1 Heap-based buffer o...
Alias: CVE-2008-4539
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
Whiteboard: ~3 [noglsa]
Depends on:
Reported: 2009-01-04 01:44 UTC by Stefan Behte (RETIRED)
Modified: 2009-01-05 02:21 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Behte (RETIRED) gentoo-dev Security 2009-01-04 01:44:44 UTC
CVE-2008-4539 (
  Heap-based buffer overflow in the Cirrus VGA implementation in (1)
  KVM before kvm-82 and (2) QEMU on Debian GNU/Linux and Ubuntu might
  allow local users to gain privileges by using the VNC console for a
  connection, aka the LGD-54XX "bitblt" heap overflow.  NOTE: this
  issue exists because of an incorrect fix for CVE-2007-1320.
Comment 1 Daniel Gryniewicz (RETIRED) gentoo-dev 2009-01-05 01:32:34 UTC
82 is added.  This supposedly also fixes CVE-2007-5729 and CVE-2008-2382.
Comment 2 Stefan Behte (RETIRED) gentoo-dev Security 2009-01-05 02:21:50 UTC
Changing whiteboard to noglsa as it's not a stable package.