Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 595192 (CVE-2016-7161) - <app-emulation/qemu-2.7.0: hw: net: Heap overflow in xlnx.xps-ethernetlite (CVE-2016-7161)
Summary: <app-emulation/qemu-2.7.0: hw: net: Heap overflow in xlnx.xps-ethernetlite (C...
Status: RESOLVED FIXED
Alias: CVE-2016-7161
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://bugzilla.redhat.com/show_bug....
Whiteboard: B2 [glsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2016-09-26 12:13 UTC by Agostino Sarubbo
Modified: 2016-11-18 23:12 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2016-09-26 12:13:22 UTC
From ${URL} :

The .receive callback of xlnx.xps-ethernetlite doesn't check the length of data before calling memcpy. As a result, the NetClientState object in heap 
will be overflowed. All versions of qemu with xlnx.xps-ethernetlite are affected.

Upstream patch:

http://git.qemu.org/?p=qemu.git;a=commit;h=a0d1cbdacff5df4ded16b753b38fdd9da6092968

CVE assignment:

http://seclists.org/oss-sec/2016/q3/603


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Matthias Maier gentoo-dev 2016-09-27 02:03:01 UTC
This patch already made it into the 2.7.0 release of qemu. Currently stable version in tree is 2.7.0-r3 with no vulnerable version left in the tree.
Comment 2 GLSAMaker/CVETool Bot gentoo-dev 2016-11-18 23:12:31 UTC
This issue was resolved and addressed in
 GLSA 201611-11 at https://security.gentoo.org/glsa/201611-11
by GLSA coordinator Aaron Bauman (b-man).