Created attachment 320281 [details] Proposed actualized upstream qemu patch to resolve the Cirrus LGD-54XX "bitblt" heap overflow (CVE-2007-1320) Jan Niehusmann discovered that the upstream fix for the CVE-2007-1320 is incomplete and still allows local users to cause a heap-based buffer overlow, when connecting via the VNC console. Steps to reproduce: No reproducer. Upstream qemu patch for the initial CVE-2007-1320 issue: https://svn.pardus.org.tr/pardus/2007/applications/emulators/qemu/files/CVE-2007-1320.patch Proposed upstream correction of this patch - see attachment.
QEMU upstream commit: http://git.kernel.dk/?p=qemu.git;a=commitdiff;h=65d35a09979e63541afc5bfc595b9f1b1b4ae069 More on current status of this issue and original CVE-2007-1320 wrt Fedora qemu/kvm packages is in: https://bugzilla.redhat.com/show_bug.cgi?id=237342#c20
kvm-65-15.fc9 has been submitted as an update for Fedora 9. http://admin.fedoraproject.org/updates/kvm-65-15.fc9
kvm-65-15.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.