Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 558416 (CVE-2015-5225) - <app-emulation/qemu-2.4.0-r1: ui: vnc: heap memory corruption issue (CVE-2015-5225)
Summary: <app-emulation/qemu-2.4.0-r1: ui: vnc: heap memory corruption issue (CVE-2015...
Status: RESOLVED FIXED
Alias: CVE-2015-5225
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: http://www.openwall.com/lists/oss-sec...
Whiteboard: B2 [glsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2015-08-22 12:10 UTC by Agostino Sarubbo
Modified: 2016-02-04 09:33 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2015-08-22 12:10:41 UTC
From ${URL} :

Qemu emulator built with the VNC display driver support is vulnerable to a 
buffer overflow flaw leading to a heap memory corruption issue. It could occur 
while refreshing the server display surface via routine 
vnc_refresh_server_surface().

A privileged guest user could use this flaw to corrupt the heap memory and 
crash the Qemu process instance OR potentially use it to execute arbitrary 
code on the host.

Upstream fix:
- -------------
   -> https://lists.gnu.org/archive/html/qemu-devel/2015-08/msg02495.html

Issue introduced by:
- --------------------
   -> http://git.qemu.org/?p=qemu.git;a=commit;h=bea60dd7679364493a0d7f5b



@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 SpanKY gentoo-dev 2015-09-07 05:50:55 UTC
added fix from upstream:
http://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fec667228a95981586716b7d25004c4d706943e2

should be fine to stabilize (in addition to qemu-guest-agent)
Comment 2 Agostino Sarubbo gentoo-dev 2015-09-07 07:45:37 UTC
Arches, please test and mark stable:
=app-emulation/qemu-2.4.0-r1
=app-emulation/qemu-guest-agent-2.4.0
=sys-firmware/seabios-1.8.2
Target keywords : "amd64 x86"
Comment 3 Agostino Sarubbo gentoo-dev 2015-09-08 07:19:52 UTC
amd64 stable
Comment 4 Agostino Sarubbo gentoo-dev 2015-09-08 07:21:04 UTC
x86 stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2015-11-16 21:30:20 UTC
CVE-2015-5225 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5225):
  Buffer overflow in the vnc_refresh_server_surface function in the VNC
  display driver in QEMU before 2.4.0.1 allows guest users to cause a denial
  of service (heap memory corruption and process crash) or possibly execute
  arbitrary code on the host via unspecified vectors, related to refreshing
  the server display surface.
Comment 6 Kristian Fiskerstrand (RETIRED) gentoo-dev 2015-11-16 21:31:06 UTC
New request filed
Comment 7 Agostino Sarubbo gentoo-dev 2015-12-18 17:10:50 UTC
cleanup done by vapier
Comment 8 GLSAMaker/CVETool Bot gentoo-dev 2016-02-04 09:33:37 UTC
This issue was resolved and addressed in
 GLSA 201602-01 at https://security.gentoo.org/glsa/201602-01
by GLSA coordinator Kristian Fiskerstrand (K_F).