From ${URL} : An information leakage issue was found in the SLiRP networking implementation of the QEMU emulator. It occurs in tcp_emu() routine while emulating Identification protocol, when crafted messages are sent to make it return uninitialized variables. A user/process could use this flaw to read uninitialised stack memory contents from the QEMU process resulting in information leakage. Upstream patch: --------------- -> https://lists.gnu.org/archive/html/qemu-devel/2019-03/msg01871.html @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6fec2a540ce3e7cbd378287ee2837aeba6406eaf commit 6fec2a540ce3e7cbd378287ee2837aeba6406eaf Author: Matthias Maier <tamiko@gentoo.org> AuthorDate: 2019-04-08 02:26:43 +0000 Commit: Matthias Maier <tamiko@gentoo.org> CommitDate: 2019-04-08 02:51:08 +0000 app-emulation/qemu: multiple security fixes for 3.1.0 CVE-2018-20815 CVE-2019-9824 Bug: https://bugs.gentoo.org/681850 Bug: https://bugs.gentoo.org/680834 Package-Manager: Portage-2.3.62, Repoman-2.3.12 Signed-off-by: Matthias Maier <tamiko@gentoo.org> app-emulation/qemu/Manifest | 1 + app-emulation/qemu/qemu-3.1.0-r4.ebuild | 6 ++---- 2 files changed, 3 insertions(+), 4 deletions(-)
This issue was resolved and addressed in GLSA 201904-25 at https://security.gentoo.org/glsa/201904-25 by GLSA coordinator Aaron Bauman (b-man).
