Quick Emulator(Qemu) built with the VNC display driver support is vulnerable to an out-of-bounds memory access issue. It could occur while refreshing the vnc display surface area in 'vnc_refresh_server_surface'. A user/process inside guest could use this flaw to crash the Qemu process resulting in DoS. Older versions of Qemu are affected, latest upstream releases are not. Upstream patch: --------------- -> http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=bea60dd7679364493a0d7f5b54316c767cf894ef -> http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=9f64916da20eea67121d544698676295bbb105a7 Reference: ---------- -> http://www.openwall.com/lists/oss-security/2017/02/23/1
This issue has been addressed in the following products: RHEV 3.X Hypervisor and Agents for RHEL-6 Via RHSA-2017:1205 https://access.redhat.com/errata/RHSA-2017:1205
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2017:1206 https://access.redhat.com/errata/RHSA-2017:1206
This issue has been addressed in the following products: Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6 Via RHSA-2017:1441 https://access.redhat.com/errata/RHSA-2017:1441
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2017:1856 https://access.redhat.com/errata/RHSA-2017:1856