Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 527088 (CVE-2014-7815) - <app-emulation/qemu-2.1.2-r1: vnc: insufficient bits_per_pixel from the client sanitization (CVE-2014-7815)
Summary: <app-emulation/qemu-2.1.2-r1: vnc: insufficient bits_per_pixel from the clien...
Status: RESOLVED FIXED
Alias: CVE-2014-7815
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://bugzilla.redhat.com/show_bug....
Whiteboard: B3 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2014-10-27 14:41 UTC by Agostino Sarubbo
Modified: 2014-12-08 22:48 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2014-10-27 14:41:19 UTC
From ${URL} :

bits_per_pixel that are less than 8 could result in accessing
non-initialized buffers later in the code due to the expectation
that bytes_per_pixel value that is used to initialize these buffers is
never zero.

An attacker having access to the guest's VNC console could use this
flaw to crash the guest.

Upstream patch submission:

http://lists.gnu.org/archive/html/qemu-devel/2014-10/msg03210.html


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 2 Agostino Sarubbo gentoo-dev 2014-11-08 17:52:46 UTC
ppc and ppc64 does not have a stable keyword.
Comment 3 Agostino Sarubbo gentoo-dev 2014-11-08 18:09:02 UTC
amd64 stable
Comment 4 Agostino Sarubbo gentoo-dev 2014-11-08 18:10:27 UTC
x86 stable.

Maintainer(s), please cleanup.
Security, please vote.
Comment 5 Agostino Sarubbo gentoo-dev 2014-11-08 18:12:19 UTC
cleanup done.
Comment 6 Kristian Fiskerstrand gentoo-dev Security 2014-11-18 11:57:52 UTC
Added to existing GLSA request
Comment 7 GLSAMaker/CVETool Bot gentoo-dev 2014-11-18 11:59:36 UTC
CVE-2014-7815 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7815):
  The set_pixel_format function in ui/vnc.c in QEMU allows remote attackers to
  cause a denial of service (crash) via a small bytes_per_pixel value.
Comment 8 GLSAMaker/CVETool Bot gentoo-dev 2014-12-08 22:48:58 UTC
This issue was resolved and addressed in
 GLSA 201412-01 at http://security.gentoo.org/glsa/glsa-201412-01.xml
by GLSA coordinator Kristian Fiskerstrand (K_F).