Quick Emulator(QEMU) built with the VGA emulator support is vulnerable to an out-of-bounds access issue in vga_draw_text. It could occur while updating vga display area. A privileged user inside guest could use this flaw to crash the Qemu process resulting in DoS. Upstream patch: --------------- -> https://lists.gnu.org/archive/html/qemu-devel/2018-01/msg02131.html Reference: ---------- -> http://www.openwall.com/lists/oss-security/2018/01/15/2
Acknowledgments: Name: Jiang Xin, Lin ZheCheng
Created qemu tracking bugs for this issue: Affects: fedora-all [bug 1534672] Created xen tracking bugs for this issue: Affects: fedora-all [bug 1534671]
upstream commit 191f59dc17396bb5a8da50f8c59b6e0a430711a4
Red Hat OpenStack 6 will be End of Life on the 17th of February. Marking flaws as wontfix.
Red Hat OpenStack 7 will not be supported on RHEL 7.5, where the fix is being release. Marking OpenStack 7 as wontfix.
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2018:0816 https://access.redhat.com/errata/RHSA-2018:0816
This issue has been addressed in the following products: Red Hat Virtualization 4 for RHEL-7 Via RHSA-2018:1104 https://access.redhat.com/errata/RHSA-2018:1104
This issue has been addressed in the following products: Red Hat OpenStack Platform 8 Red Hat OpenStack Platform 9 Red Hat OpenStack Platform 10 Red Hat OpenStack Platform 11 Red Hat OpenStack Platform 12 https://access.redhat.com/errata/RHSA-2018:1113
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2018:2162 https://access.redhat.com/errata/RHSA-2018:2162