Quick Emulator(Qemu) built with the Cirrus CLGD 54xx VGA Emulator and the VNC display driver support is vulnerable to a heap buffer overflow issue. It could occur when Vnc client attempts to update its display after a vga operation is performed by a guest. A privileged user/process inside guest could use this flaw to crash the Qemu process resulting in DoS OR potentially leverage it to execute arbitrary code on the host with privileges of the Qemu process. Reference: ---------- -> http://www.openwall.com/lists/oss-security/2017/03/14/2
Created attachment 1260925 [details] Proposed upstream patch
Created xen tracking bugs for this issue: Affects: fedora-all [bug 1432041]
Created qemu tracking bugs for this issue: Affects: fedora-all [bug 1432040]
Patch posting: https://www.mail-archive.com/qemu-devel@nongnu.org/msg437188.html
upstream pull request sent is on the way.
merged now, next 2.8.x stable should have it too.
This issue has been addressed in the following products: Red Hat OpenStack Platform 9.0 (Mitaka) Via RHSA-2017:0984 https://access.redhat.com/errata/RHSA-2017:0984
This issue has been addressed in the following products: Red Hat OpenStack Platform 8.0 (Liberty) Via RHSA-2017:0983 https://access.redhat.com/errata/RHSA-2017:0983
This issue has been addressed in the following products: Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7 Via RHSA-2017:0982 https://access.redhat.com/errata/RHSA-2017:0982
This issue has been addressed in the following products: Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7 Via RHSA-2017:0981 https://access.redhat.com/errata/RHSA-2017:0981
This issue has been addressed in the following products: Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7 Via RHSA-2017:0980 https://access.redhat.com/errata/RHSA-2017:0980
This issue has been addressed in the following products: RHEV 3.X Hypervisor and Agents for RHEL-7 RHEV 4.X RHEV-H and Agents for RHEL-7 Via RHSA-2017:0985 https://access.redhat.com/errata/RHSA-2017:0985
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2017:0987 https://access.redhat.com/errata/RHSA-2017:0987
This issue has been addressed in the following products: Red Hat OpenStack Platform 10.0 (Newton) Via RHSA-2017:0988 https://access.redhat.com/errata/RHSA-2017:0988
This issue has been addressed in the following products: RHEV 3.X Hypervisor and Agents for RHEL-6 Via RHSA-2017:1205 https://access.redhat.com/errata/RHSA-2017:1205
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2017:1206 https://access.redhat.com/errata/RHSA-2017:1206
This issue has been addressed in the following products: Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6 Via RHSA-2017:1441 https://access.redhat.com/errata/RHSA-2017:1441
qemu-2.7.1-7.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.