Quick emulator(Qemu) built with the BOOTP/DHCP Server support is vulnerable to an OOB read issue. It could occur while parsing the DHCP options and vendor extensions options sent by a client. A user/process could use this flaw to potentially crash the Qemu process on the host resulting in DoS. Upstream patch: --------------- -> https://lists.gnu.org/archive/html/qemu-devel/2017-07/msg05001.html Reference: ---------- -> http://www.openwall.com/lists/oss-security/2017/07/19/2
Acknowledgments: Name: Reno Robert
Created qemu tracking bugs for this issue: Affects: fedora-all [bug 1472612]
qemu-2.9.1-2.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report.