From ${URL} : An out of bounds memory access flaw was found in Qemu's IDE device model. It leads to Qemu's memory corruption via buffer overwrite(4 bytes). It occurs while executing IDE SMART commands. A user on guest could use this flaw to corrupt Qemu process's memory on the host. Upstream fix: ------------- -> https://lists.nongnu.org/archive/html/qemu-devel/2014-04/msg02016.html @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Upstream commit: http://git.qemu.org/?p=qemu.git;a=commit;h=940973ae0b45c9b6817bab8e4cf4df99a9ef83d7
ok, but that's in qemu-2.0.0 already
There was a comment on the mailing list about earlier stable branches: > Should also be fixed in the stable branch of earlier releases. The bug > is present since SMART emulation was added in 2009. Can the Maintainers confirm if this is vulnerable in previous versions?
This issue was resolved and addressed in GLSA 201408-17 at http://security.gentoo.org/glsa/glsa-201408-17.xml by GLSA coordinator Kristian Fiskerstrand (K_F).
